Human Aspects in Cybersecurity on a Government Agency and a Private Organization

Human Aspects in Cybersecurity on a Private Organization and a Government Agency

In the contemporary digital environment where online communication and internet have become a necessity, the advancements in sophisticated modern technology have assisted both private and public organization to take the advantages of communication networking by expanding their network systems to facilitate information exchanges. Globally, more than 2 billion internet and 5 billion mobile phone users make connection daily. Moreover, people exchange over 294 billions emails, and over 5 billion messages daily. The convenience, and growing popularity of digital networks have made businesses to rely on internet networking to carry out daily tasks. Despite the benefits of internet technology both government agencies and private enterprises face increases risks by cyber attacks from different part of the world. Daily, cyber criminals continue to develop advanced and sophisticated hacking tools to steal data and other sensitive information from organizations. Typically, hackers use different tactics such as computer hacking, financial scams, email stalking and virus attacks to commit crimes. The first major cyber attacks happened in 2000 where 45 million computers globally were affected by virus. In 2010, the rates of global spam suddenly increased from 1.4% to 89.1%. In the last few years, a cyber crime global landscape has changed rapidly, criminals are using sophisticated technology as well as greater knowledge of advanced cyber security to penetrate the network systems of private and network systems of different organizations. The cyber espionage, cyber crimes and other cyber malicious activities have made several organizations to secure to a great financial loss of up to several billion of dollars. By 2010, the politically motivated cyber espionages have penetrated the business community leading to economic loss of hundred of billion dollars across different industries ranging from private business to non-governmental organizations.

The objective of this paper is to investigate the impact of cyber crime using the human factors perspectives on a small government agencies, a business organizations and non-government organization.

Impact of cybercrime using a Human Factors perspective on a Business Organization

This section provides the impact of cyber crime on three different organizations. The Target Corp (a private organization), government agency (Department of Defense) and a non-government organization (Community Health Systems)

The Target Corp

The Target Corporation is the second largest retail store in the United States apart from the Walmart, and has stores in more than 1,801 across the United States. The company retail format include discount store, hypermarket, TargetExpress, and CityTarget. The company mission statement is as flows:

"Our mission is to make Target the preferred shopping destination for our guests by delivering outstanding value, continuous innovation and an exceptional guest experience by consistently fulfilling our Expect More. Pay Less. brand promise"

"To support our mission, we are guided by our commitments to great value, the community, diversity and the environment." (Target, 2014 p 1).

Method Target Corp has been targeted

In 2014, the Target Corp announced that it had been a victim of cyber attack where hackers had stolen more than 70 million contact information, and over 40 million debit and credit cards of the Target customers. The Target announced that the stolen information include email, mailing addresses, and phone numbers of over 70 millions shoppers. Typically, the attack caused enormous damages to Target financial reputation making the stock prices to decline, which led to a resignation of the company Senior IT officer. The Target was attacked because the company refused to integrated security tools in their infrastructure despite a series of security warning from the federal government. Typically, Target Corp was vulnerable to attack because the company did not use the sophisticated security system to protect their payment system. Although, the government sent memo to the company executives that that the attackers were targeting the payment system, and despite this warning, the company ignored the warning. The attack cost Target more than $148 million and the costs of financial institutions are $200 million.

Olavsrud, (2014) argues that the cyber criminals had been able to penetrate the Target PoS (point-of sale) by installing Malware to steal credentials of the Target vendors. Afeterwards, the attackers used the credentials stolen to gain access into Target-web services dedicated to the company vendors. Moreover, the company did not perform the remote monitoring of the refrigeration and cooling systems. After the attacker had gained access to the company hosted internal application, the next step was that the attacker identified and exploited vulnerability of the company information systems that allowed them to gain access the Domain Admin privileges. The attacker used the "Pass-the-Hash" attack technique to gain access to the company NT hash token system, which allowed them to impersonate the ADA (Active Directory Administrator). The strategy allowed the attackers to masquerade themselves as Domain Admin using the remote access to create Domain Admin Account. The next step used to steal sensitive information from the company information systems was by using the "IP Scanner" to detect the system that stored the credit card information. Thus, the hackers attacked the company database using the SQL query tools to access the credit content in the database.

The issue affected the reputation of the Target Corp.(CSIS, 2014). For example, the stock price of the company plunge down. Moreover, the attack significantly damaged to the company intellectual property. The Target was also forced to pay each customer up to $10,000 for the damages. The company was also forced to settle $10 Million from a class action law suit. The Target Corp has also incurred a significant costs to improve their IT security to prevent a future attack. (Riley, & Pagliery,2015).

Suspected threat actors

A hunt for the attackers was traced to a 22-yaer old Ukrainian hacker. However, the attacker was a member of a hacking group where George Clooney was the leader.

The CHS (Community Health Systems)

The Community Health System is a non-for-profit health organization that provides a comprehensive health services to people across the United States. Their mission statements is to deliver quality health services to people through performances, communication and delivering self -example to patients. The CHS also has several affiliates that are committed to delivering high quality healthcare services to communities.

Method Community Health System has been targeted