Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Fundamental Challenges
With respect to cybersecurity, there are two fundamental challenges – technological and human. On the technology side, many firms underinvest in cybersecurity, for whatever reason. It can be difficult to keep up with evolving threats, such as new ransomware, and companies that lack modern cybersecurity technology are especially vulnerable. In particular, companies are often keen to adopt new technologies – today cloud computing and the use of personal mobile devices for work purposes – without adequately investing in securing those new technologies. Many companies with in-house teams are ill-equipped and many smaller companies are either unwilling or unable to invest in external security solutions (Security Magazine, 2016).
The other challenge is human in nature. Human beings are typically the weakest link in cybersecurity at the average organization. The weakness often manifests in the form of poor password hygiene (Majumdar, 2017), but it can also manifest in other ways as well. Winnefield et al (2015) point out some other human issues – failing to patch vulnerabilities in legacy systems, executives not making the right decision when hacking is detected, violations of standard procedures and misconfiguring settings are all examples of human errors that can lead to cybersecurity breaches, even when the security stack is sufficient.
Target
The case highlights several errors that Target made when handling this breach. It had set up a sophisticated security network that detected the breach almost immediately. The red flag that Target overlooked was literally a red flag – FireEye flagged the malware when it arrived in Target's system and began collecting data. That first red flag was thrown up on November 30th, and there was another red flag on December 2nd when the malware was installed a second time. The case claims that there were as many as five such red flags that were thrown up. Any one of these red flags should have triggered either an automatic or a manual response from the Target security team.
The first issue is that Target had turned off the automated system that could have deleted the malware upon detection. This was pure hubris on the part of the company's security team. The case frames it thus: "Typically, as a security team, you want to have that last decision point...
And that's when the importance of human decision-making comes more into play.
So the second issue is that human decision-making. The exact nature of the human error is not clear from the case, but there are a couple of options. The first is that the security team simply chose to ignore the alarms. It does not appear that there is any meaningful basis for doing so, but this could have happened. The other is that the security team did not have the authority to act directly on the alarms, but rather had to escalate the alarms up the chain of command, and it is at higher levels that the inaction occurred. That seems like poor organization structure, but could have been the case. The company's CIO at the time, Beth Jacobs, resigned shortly after the incident, suggesting that this might have been the case (Biggs, 2014).
It is my sense that there were organizational structure issues that contributed to the non-reaction to the breach. It is assumed that there was a communication trail proving that people on the security team escalated the issue. It probably escalated to the executive level. At that level, someone either did not understand the threat, or failed to take it seriously. Or possible was concerned with the company's reputation if news of the threat got out, and hoped that it would go away. Whatever the reason, the inaction was inexcusable, and most of the damage could have been prevented.
Reaction
But this also calls into question the security team itself. If the security team in Minneapolis was aware of the hack, and their only response was to escalate, how could that be? Is this is situation where the organizational culture is so conservative that the company could only escalate to a higher level, and when the higher level did nothing that the security team would accept that response. The security team should have been empowered to address the hack themselves – especially if they were going to turn off the FireEye feature that allowed them to delete the malware immediately. Even if they did not have formal authority, they had to know that the right thing to do would be to delete the files manually – the risk of punishment by their superiors would…
References
Biggs, J. (2014) Target knew about credit card hack for 12 days before reacting. TechCrunch. Retrieved November 19, 2017 from https://techcrunch.com/2014/03/13/target-knew-about-credit-card-hack-for-12-days-before-reacting/
Kraemer, S., Carayon, P. & Clem, J. (2009). Human and organizational factors in computer and information security: Pathways to vulnerabilities. Computers & Security. Vol. 2009, 1-9.
Majumdar, R. (2017) Poor password hygiene makes you a soft target for hackers. Smart Investor. Retrieved November 19, 2017 from http://smartinvestor.business-standard.com/pf/Pfnews-479754-Pfnewsdet-Poor_password_hygiene_makes_you_a_soft_target_for_hackers.htm#.WhI4AXlrzIU
Security Magazine (2016) Companies still lag in cybersecurity readiness. Security Magazine. Retrieved November 19, 2017 from https://www.securitymagazine.com/articles/87146-companies-still-lag-in-cybersecurity-readiness
Winnefield, J., Kirchhoff, C. & Upton, D. (2015) Cybersecurity's human factor: Lessons from the Pentagon. Harvard Business Review. Retrieved November 19, 2017 from https://hbr.org/2015/09/cybersecuritys-human-factor-lessons-from-the-pentagon
The operating system faced these issues due to the lackluster approach from Apple to patch their software in time. As a result, it led to risking the data of personal users. It shows that irregularities in the patching of computers affected users adversely without any fault of their own (Daily Tech, 2012). In addition to that, the operating system of Apple is now considered as one of the most favored
Cyber Security/Cloud Computing Consider a recent cyber security breach (specific event) and address the following questions: Describe the circumstances involved Monster Com: Confidential information of 1.3 million job seekers was stolen and used in a phishing fraud Monster.Com, a United States online recruitment site reported in 2008 that hackers broke into the site using password-protected resume library. They used credentials that Monster Worldwide Inc. claims were stolen from some of its clients. Reuters reported
Cybersecurity as an Organizational Strategy: An Ethical and Legal Perspective Cybersecurity as Organizational Strategy Across the board -- in business, society, and government -- the promise of cyber capabilities are matched by potential peril. The cyber environment is never static, but it is perhaps most agile in response to the continual stream of emerging cyber threats and realized cyber attacks ("PCAST," 2007). Cybersecurity must be agile. The challenges that must be met
Cybersecurity Vulnerability What are Vulnerabilities? Hardware attacks because of Vulnerabilities Hardware Data modification / injection The Scientist Argument Secure Coprocessing How organizations can best address its potential impacts Cybersecurity Vulnerability: Hardware Weakness This essay introduces the role that computer hardware weakness opens the door up for attack in cyber-physical systems. Hardware security -- whether for attack or defense -- is not the same as software, network, and data security on account of the nature of hardware. Regularly, hardware
The level and sophistication of this attack on the Department of Defense's systems suggests that professionals conducted this attack with significant resources at their disposal and an interest in the national security secrets of the United States. The data mining operation was so successful that, while detected, still managed to make-off with a significant amount of information. Since the attack, the United States responded in a number of critical ways.
Cyber Security Ethical issues associated with ransomware It is only natural that people who are known to you will send you messages through your email address. It is lost on me how those engaging in ransomware business access information about their potential victims like the email address as to send you messages that have been infected that when opened infect the whole computer. These people engage in irregular activities. For the residents