Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Diagnosing Cyber Vulnerabilities of Systems that Support an Organization's Supply Chain
Introduction
Cybersecurity has become a critical concern for organizations of all sizes and industries. With the increasing dependence on technology, cyber threats are becoming more sophisticated and frequent, posing a significant risk to organizations and their customers. In recent years, numerous high-profile cyber breaches have occurred, affecting major corporations and compromising sensitive information. One such example is the Equifax breach that occurred in 2017, which exposed the personal information of nearly 150 million consumers (Wang & Johnson, 2018). This paper will discuss the Equifax cyber breach, the importance of cyber defenses, and applicable government requirements.
Background on Equifax
Equifax is one of the largest credit reporting agencies in the world, collecting and storing sensitive information, including social security numbers, birth dates, addresses, and credit card numbers. On September 7, 2017, Equifax announced that it had suffered a massive data breach, affecting nearly 150 million people. The breach was the result of a vulnerability in Equifax's website software, which the company failed to patch in a timely manner.
The vulnerability in Equifax's software that allowed for the data breach was a known weakness in the Apache Struts web application framework. Apache Struts is an open-source framework that is widely used to build web applications. In this case, the vulnerability was a result of a flaw in the way that Apache Struts processed user-supplied data. Attackers were able to exploit this vulnerability by sending specially crafted requests to Equifax's web application, which allowed them to execute arbitrary code on the server. This vulnerability had been discovered and patched several months before the breach occurred, but Equifax had failed to apply the patch as soon as possible. As a result, the attackers were able to gain unauthorized access to Equifax's systems and steal sensitive personal and financial information.
As a result, cybercriminals were able to access Equifax's systems and steal sensitive information. The sensitive information that was compromised included names, addresses, birth dates, Social Security numbers, and driver's license numbers. In addition, approximately 209,000 individuals had their credit card numbers stolen, and approximately 182,000 had personal dispute documents accessed (Dongre et al., 2019; Wang & Johnson, 2018).
The Equifax data breach had significant consequences for both the individuals whose information was compromised and for the company itself. For the individuals affected, the breach resulted in the theft of sensitive personal information that could be used for identity theft or other fraudulent activities (Dongre et al., 2019). For Equifax, the breach led to numerous lawsuits, investigations, and a significant loss of trust among its customers. In response to the breach, Equifax took several (late) steps to address the issue and prevent similar breaches from happening in the future. These steps included improving its data security systems, and increasing transparency and communication with the public. However, the company faced criticism for its initial response to the breach, which was seen as slow and...…to protect sensitive information. In the United States, for example, the Federal Trade Commission (FTC) enforces privacy and data security laws, while the Securities and Exchange Commission (SEC) has issued guidance on cybersecurity disclosure. Other countries have similar regulations and standards, including the General Data Protection Regulation (GDPR) in the European Union and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.
One requirement in the US that applies directly to the Equifax breach is the Gramm-Leach-Bliley Act (GLBA). This federal law requires financial institutions to protect the confidentiality and security of their customers' personal and financial information. The GLBA applies to Equifax as a credit reporting agency, and the company can be seen as having violated its provisions by failing to adequately protect consumers' personal information (Gaglione, 2019).
Overall, organizations should be familiar with the laws and regulations that apply to their industry and should take steps to ensure that they are in compliance with all applicable requirements. This includes having appropriate data security measures in place and having a plan in place for responding to a breach.
In conclusion, the Equifax breach serves as a reminder of the importance of cyber defenses for organizations. With the increasing frequency and sophistication of cyber threats, it is essential for organizations to implement robust cybersecurity measures to protect their systems and data. This includes following government regulations and standards, as well as regularly reviewing and updating their cybersecurity policies and procedures. By taking these steps, organizations can…
References
Dongre, S., Mishra, S., Romanowski, C., & Buddhadev, M. (2019). Quantifying the costs of data breaches. In Critical Infrastructure Protection XIII: 13th IFIP WG 11.10 International Conference, ICCIP 2019, Arlington, VA, USA, March 11–12, 2019, Revised Selected Papers 13 (pp. 3-16). Springer International Publishing.
Gaglione Jr, G. S. (2019). The equifax data breach: an opportunity to improve consumer protection and cybersecurity efforts in America. Buff. L. Rev., 67, 1133.
Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: a case study of the Equifax data breach. Issues in Information Systems, 19(3).
White House Information Security Breach Russian hackers blamed for cyber attack that exposed President's private schedule - as White House insists computer system is secure-by Daily Mail The article is a of the six months investigations that were commenced on the cause and source of the cyber attack and information security breach that took place in October 2014 within the State Department and exposed some of the restricted information within the White
Cyberattacks to Achieve International Threats Cyberattacks have become a global phenomenon leading to international conflicts among individuals, organizations and in conjunction to military operations. Target of cyberattacks include banking services, critical organizational infrastructures, government networks, and media outlets. Implication of such attacks may be an attempt to achieve both financial and political objectives. Typically, some attackers have defaced websites of different organizations, damage corporate infrastructures, and shut down network systems.
All of those sites were U.S. government sites. The July 6 update increased the number to 21 U.S. sites. On July 7, the South Korean sites were added and on July 8, the total number of sites reached 26 ("No Sign of N. Korea Backing," 2009) The U.S. Websites were back up and running within a day of the attack. The South Korean sites took more time to recover ("Cyberattacks
The operating system faced these issues due to the lackluster approach from Apple to patch their software in time. As a result, it led to risking the data of personal users. It shows that irregularities in the patching of computers affected users adversely without any fault of their own (Daily Tech, 2012). In addition to that, the operating system of Apple is now considered as one of the most favored
Cyber Security/Cloud Computing Consider a recent cyber security breach (specific event) and address the following questions: Describe the circumstances involved Monster Com: Confidential information of 1.3 million job seekers was stolen and used in a phishing fraud Monster.Com, a United States online recruitment site reported in 2008 that hackers broke into the site using password-protected resume library. They used credentials that Monster Worldwide Inc. claims were stolen from some of its clients. Reuters reported
Cybersecurity as an Organizational Strategy: An Ethical and Legal Perspective Cybersecurity as Organizational Strategy Across the board -- in business, society, and government -- the promise of cyber capabilities are matched by potential peril. The cyber environment is never static, but it is perhaps most agile in response to the continual stream of emerging cyber threats and realized cyber attacks ("PCAST," 2007). Cybersecurity must be agile. The challenges that must be met