Data Breaches and Social Engineering Essay
- Length: 5 pages
- Subject: Business
- Type: Essay
- Paper: #92163628
Excerpt from Essay :
victims of an organization's data breach?
The largest data brokers, government agencies, retailers, Internet businesses, financial institutions and educational institutions of the nation have disclosed a number of computer intrusions and data breaches. A data breach can take place in case of theft or loss of, or some kind of illegal access to the data that contains sensitive information which is personal and can compromise the integrity or confidentiality of the data. The name of an individual, his/her telephone number, or address are normally considered to be personal information along with the personal identification password or number, Social Security number, debit or credit card number, account number etc. In majority of the states the breach notification laws require that the information breached should be reported along with the breach of the report even if the information is personal and of sensitive nature (Stevens, 2008).
Trust is that one word that all this comes down to. The hard-earned trust of a corporation and its reputation can get damaged by the way that it handles a data breach. According to a survey which was conducted in 2008 in the U.S. 79% of the consumer's loss of trust in a business or site occurs due to the way that they deal with the privacy or security breach.
Since there is mostly complexity in the situations where the data gets compromised, making quick communication decisions in order to deal with and reduce the damage caused by the breach is often very hard. The complicated nature of each separate data breach also complicates these situations further. However it is still essential that a breach gets handled in an appropriate manner as, a breach that is handled in a poor manner can have its impact on the business in the long as well as short run. Therefore, it is essentially to have an ongoing and thorough data plan as, it is only then that a breach can be handled properly.
Question 2: What is social engineering? Give an example.
The process through which an individual is deceived into giving inappropriate access of confidential information is known as social engineering. Trust of the intended victim is initially gained by the social engineer and later on this trust is used by him/her to access the personal information of the victim. A human being is the weakest link in all the software and hardware that can play its part in compromising a security system (Arthurs, 2001). This kind of attack can't be prevented by the intrusion detection systems or the firewalls. Therefore, when it comes to getting information from a secure computer network, this is probably the most successful method. The weakness of the human nature to try to help others is what is taken advantage of by the social engineer.
Majority of the firms know about the internal threat that is posed by the social engineers however, they don't pay as much attention to it as they do to the implantation of the security system by implementing intrusion prevention and detection with the help of software and hardware. It is very important that the employees are taught about the importance and how to handle the internal threat that the company might face as, majority of the threats that are faced by companies are of an internal nature.
There needs to be some background work done before the people hacker can start his attack. This phenomenon is called "footprinting" (Allen, 2001, p. 2). Mostly footprinting is the lengthiest attack phase as; it includes collecting background information regarding the intended victim. On the completion of this phase one or more methods are used by the social engineer in order to start the attack. There are two categories that these methods can be broken into computer-based impersonation and human-based impersonation (Allen, 2001, p.2).
Question 3: Explain how identity theft can occur.
It is on a physical level that the attack which is based on human impersonation takes place. Some kind of interaction either indirect or direct is needed with the user for this kind of attack. Some of the most common methods will be discussed in the paragraphs below.
One of the very common methods is the Direct Approach. In his methods the desired information is asked for by the target such as: What is your password? This can be done by the attacker on the phone or personally. However, this method mostly can only work if the victim knows the attacker (Gulati, 2003).
The second method is called Person of Authority or Important User Method. In this method an authority position role is assumed by the attacker as he tries to get the required information for the victim (Allen, 2001). For example, the front desk gets a call from a man who is saying that he is the vice-president of the company and has a meeting in 5 minutes but his password isn't working and he needs access to the files as, the meeting is of very important nature and he can't wait any longer and wants the password to be reset right now!
Reverse Social Engineering is a method in which the target tries to get access to the information or help from the attacker who has been assumed to be an individual of authority by the target when actually it's not the case. Following are the cases that are a part of this method according to Allen: (1) Sabotage: this is the method in which the social engineer causes a system to malfunction after getting access to it and the target approaches the social engineer in the hopes of getting his problem fixed. (2) Marketing: this is where a business card or information is deliberately left by the attacker so that when the victim faces a problem he would call him to help. (3) Support, this is when support is provided by the attacker to the user for the problem that he is facing while he tries to get the required information from his network or workstation (Allen 2001, p.3).
Question 4: List benefits of e-business. What are the major types of e-business transactions?
The most significant various kinds of e-commerce transactions according to Adam, Z.R are (B2C) Business-to-Consumer transactions, (B2B) Business-to Business transactions, (C2C) Consumer-to-Consumer transactions, (B2G) Business-to-Government transactions and M-commerce transactions that is also known as mobile commerce.
The simple e-commerce which is there between 2 businesses is known as business-to-business. This kind of e-commerce is said to be the safest and fastest especially compared to B2C. Here, online transactions take place between two businesses. Approximately, 80% of the businesses online have B2B type. The e-commerce that takes place between the consumers and companies is known as business-to-consumer. This is where the transaction can occur offline or online between the consumers and the business or where they are just trying to get some information regarding services and product that are being offered by the company. Costco and Amazon are some of the examples of B2B.
The e-commerce between the public sector and companies is called business-to-government. The e-commerce which is present between the private individuals and the fellow consumers is known as consumer-to-consumer. This is the form of e-commerce that is said to have a lot of potential for growth.
The e-commerce which is related to reverse auction is known as consumer-to-business. This is mainly the opposite of selling and here it's the needs of the consumers that are responded to by the company. E-commerce of this kind is hardly ever encountered. In the Mobile commerce the e-commerce transactions takes place via wireless networks from the businesses to the consumers.
Question 5: What is the advantage of using cloud computing as the platform for e-government?
The revolution of Internet that has taken place all over the world has changed the ways that we work,…