Data Breaches And Social Engineering Essay

Length: 5 pages Sources: 1+ Subject: Business Type: Essay Paper: #92163628 Related Topics: Engineering, Security Breach, B2c, Cloud Computing
Excerpt from Essay :

¶ … victims of an organization's data breach?

The largest data brokers, government agencies, retailers, Internet businesses, financial institutions and educational institutions of the nation have disclosed a number of computer intrusions and data breaches. A data breach can take place in case of theft or loss of, or some kind of illegal access to the data that contains sensitive information which is personal and can compromise the integrity or confidentiality of the data. The name of an individual, his/her telephone number, or address are normally considered to be personal information along with the personal identification password or number, Social Security number, debit or credit card number, account number etc. In majority of the states the breach notification laws require that the information breached should be reported along with the breach of the report even if the information is personal and of sensitive nature (Stevens, 2008).

Trust is that one word that all this comes down to. The hard-earned trust of a corporation and its reputation can get damaged by the way that it handles a data breach. According to a survey which was conducted in 2008 in the U.S. 79% of the consumer's loss of trust in a business or site occurs due to the way that they deal with the privacy or security breach.

Since there is mostly complexity in the situations where the data gets compromised, making quick communication decisions in order to deal with and reduce the damage caused by the breach is often very hard. The complicated nature of each separate data breach also complicates these situations further. However it is still essential that a breach gets handled in an appropriate manner as, a breach that is handled in a poor manner can have its impact on the business in the long as well as short run. Therefore, it is essentially to have an ongoing and thorough data plan as, it is only then that a breach can be handled properly.

Question 2: What is social engineering? Give an example.

The process through which an individual is deceived into giving inappropriate access of confidential information is known as social engineering. Trust of the intended victim is initially gained by the social engineer and later on this trust is used by him/her to access the personal information of the victim. A human being is the weakest link in all the software and hardware that can play its part in compromising a security system (Arthurs, 2001). This kind of attack can't be prevented by the intrusion detection systems or the firewalls. Therefore, when it comes to getting information from a secure computer network, this is probably the most successful method. The weakness of the human nature to try to help others is what is taken advantage of by the social engineer.

Majority of the firms know about the internal threat that is posed by the social engineers however, they don't pay as much attention to it as they do to the implantation of the security system by implementing intrusion prevention...


It is very important that the employees are taught about the importance and how to handle the internal threat that the company might face as, majority of the threats that are faced by companies are of an internal nature.

There needs to be some background work done before the people hacker can start his attack. This phenomenon is called "footprinting" (Allen, 2001, p. 2). Mostly footprinting is the lengthiest attack phase as; it includes collecting background information regarding the intended victim. On the completion of this phase one or more methods are used by the social engineer in order to start the attack. There are two categories that these methods can be broken into computer-based impersonation and human-based impersonation (Allen, 2001, p.2).

Question 3: Explain how identity theft can occur.

It is on a physical level that the attack which is based on human impersonation takes place. Some kind of interaction either indirect or direct is needed with the user for this kind of attack. Some of the most common methods will be discussed in the paragraphs below.

One of the very common methods is the Direct Approach. In his methods the desired information is asked for by the target such as: What is your password? This can be done by the attacker on the phone or personally. However, this method mostly can only work if the victim knows the attacker (Gulati, 2003).

The second method is called Person of Authority or Important User Method. In this method an authority position role is assumed by the attacker as he tries to get the required information for the victim (Allen, 2001). For example, the front desk gets a call from a man who is saying that he is the vice-president of the company and has a meeting in 5 minutes but his password isn't working and he needs access to the files as, the meeting is of very important nature and he can't wait any longer and wants the password to be reset right now!

Reverse Social Engineering is a method in which the target tries to get access to the information or help from the attacker who has been assumed to be an individual of authority by the target when actually it's not the case. Following are the cases that are a part of this method according to Allen: (1) Sabotage: this is the method in which the social engineer causes a system to malfunction after getting access to it and the target approaches the social engineer in the hopes of getting his problem fixed. (2) Marketing: this is where a business card or information is deliberately left by the attacker so that when the victim faces a problem he would call him to help. (3) Support, this is when support is provided by the attacker to the user for the problem that he is facing while he tries to get the required information from his network or workstation (Allen 2001, p.3).

Question 4: List benefits of e-business. What are the major types of e-business transactions?

The most significant various kinds of e-commerce transactions according to Adam, Z.R are (B2C) Business-to-Consumer transactions, (B2B) Business-to Business transactions, (C2C) Consumer-to-Consumer transactions, (B2G) Business-to-Government transactions and M-commerce transactions that is also known as mobile commerce.

The simple e-commerce which is there between 2 businesses is known as business-to-business. This kind of e-commerce is said to be the safest and fastest especially compared to B2C. Here, online transactions take place between two businesses. Approximately, 80% of the businesses online have B2B type. The e-commerce that takes place between the consumers and companies is known as business-to-consumer. This is where the transaction can occur offline or online between the consumers and the business or where they are just trying to get some information regarding services and product that are being offered by the company. Costco and Amazon are some of the examples of B2B.

The e-commerce between the public sector and companies is called business-to-government. The e-commerce which is present between the private individuals and the fellow consumers is known as consumer-to-consumer. This is the form of e-commerce that is said to have a lot of potential for growth.

The e-commerce which is related to reverse auction is known as consumer-to-business. This is mainly the opposite of selling and here it's the needs of the consumers that are responded to by the company. E-commerce of this kind is hardly ever encountered. In the Mobile commerce the e-commerce transactions takes place via wireless networks from the businesses to the consumers.

Question 5: What is the advantage of using cloud computing as the platform for e-government?

The revolution of Internet that has taken place all over the world has changed the ways that we work,…

Sources Used in Documents:


Stevens, G.M. (2008) CRS Report for Congress: Federal Information Security and Data Breach Notification Laws. Congressional Research Service

Adam, Z.R. (2003). E-commerce and e-business. Manila, Philippines: United Nations Development Programme.

Gulati, Radha (2002). The Threat of Social Engineering and Your Defense Against It. Retrieved April 9, 2014, from

Arthurs, Wendy (2001). A Proactive Defence to Social Engineering. Retrieved April 9, 2014, from

Cite this Document:

"Data Breaches And Social Engineering" (2014, April 12) Retrieved August 15, 2022, from

"Data Breaches And Social Engineering" 12 April 2014. Web.15 August. 2022. <>

"Data Breaches And Social Engineering", 12 April 2014, Accessed.15 August. 2022,

Related Documents
Social Engineering Information Security
Words: 3036 Length: 9 Pages Topic: Education - Computers Paper #: 47978737

Social Engineering and Information Security We are in an age of information explosion and one of the most critical problems facing us is the security and proper management of information. Advanced hardware and software solutions are being constantly developed and refined to patch up any technical loopholes that might allow a hacker attack and prevent consequent breach of information security. While this technical warfare continues, hackers are now pursuing other vectors

General Aspects on Social Engineering
Words: 5828 Length: 18 Pages Topic: Engineering Paper #: 6466480

Social Engineering as it Applies to Information Systems Security The research takes into account several aspects that better create an overview of the term and the impact it has on security systems. In this sense, the first part of the analysis reviews the concept of social engineering and the aspects it entails. Secondly, it provides a series of cases that were influenced by social engineering and the effects each had on

Social Commerce in Saudi Arabia
Words: 4858 Length: 14 Pages Topic: Business Paper #: 92162537

Social Commerce in Saudi Arabia: How the Social Media Affect the E-Commerce in Saudi Arabia SOCIAL COMMERCE IN SAUDI ARABIA Conceptual Framework Model Social Media Psychological Aspect and Theories Administration Digital Divide in Saudi Arabia Ethos, Religious conviction, and Government in E-commerce Adoption The Rise of the PR Industry in Saudi Arabia Conceptual Model and Research Hypothesis (Drawing) Research Contribution Social Commerce in Saudi Arabia Modern Saudi Arabia today actually represents an exceptional and convergent mixture of social conservatism and technological ability,

Evaluating the Rise of Social Media
Words: 3217 Length: 7 Pages Topic: Education - Computers Paper #: 67215612

Social media involves online content that people use via highly accessible technologies. Basically, social media marks a change in the way people read, discover and share information, news and content. Therefore, social media fuses technology and sociology leading to a change in monologues into dialogues and also marks information democratization, making everyone an author instead of being a mere content reader. Social media has become very popular since it enables

Big Data Annotated Bibliography
Words: 1473 Length: 4 Pages Topic: Engineering Paper #: 3242338

Zaslavsky is the leader of the Semantic Data Management Science Area (SMSA). He has published more than 300 publications on science and technology. Perera has vast experience in computing and technology as he is a member of the Commonwealth Scientific and Industrial Research Organization alongside publishing numerous journals. Georgakopoulos is the Director of Information Engineering Laboratory. He has published over 100 journals on issues related to science and technology

Role of Technology in Corporate and Social
Words: 2557 Length: 7 Pages Topic: Business Paper #: 96165638

Role of Technology in Corporate and Social Responsibility Insider trading. The insider trading case that has become most prominent is that against Raj Rajaratnam who ran the hedgefund Galleon Group, and was charged along with his co-defendant, Danielle Chiesi, a former consultant with New Castle Funds, LLC ("Insider Trading," 2010). Rajaratnam was convicted of 14 counts of insider trading, which makes this case the largest scheme concocted by a hedge fund