Cyber Security Essay Examples & Outline
Are you in High School, College, Masters, Bachelors or Ph.D and need someone to help write your paper? All you need is to ask for research paper help written by a specialist in your academic field. When you buy an essay online from us, we offer you an original, nil plagiarized and unique paper written by a dedicated writer who is PhD or Masters qualified. MyEssayServices.com is an experienced service with over 9 years experience having delivered over 83,000 essays over the years.
Cyber security refers to security measures to information contained in varied media channels and devices, both in public and private networks and to the internet as a whole; in that it encompasses all mechanisms used to protect computer-based information and services from unauthorized access and manipulation. By the virtue of the internet having extensive access to mankind, it is hence clear that monopoly of entities on the basis of information is very minimal. The content inherent and the respective usage of internet are extremely high necessitating controls and supervision.
The cyberspace is composed of a range of challenges and imminent dangers i.e. cybercrimes such as fraud, theft etc. hence calling upon users of the internet to have precautionary mind set. The challenges impact on both individuals and the state as well in that the information is relevant to enhance both current and future operations With increasing robustness in information technology , electronic gadgets such as phones and computers are of vital role in running the economy. These same gadgets are used to perpetuate cybercrime and as well to facilitate in combating this economy disaster.
Cyber security encompasses handling threats by people with malicious intent such as spyware and malware. These threats are capable of interfering the smooth functioning of systems and operations (Norwood & Catwell, 2009). Viruses for example are malwares that enable hacker’s access entities’ private information stored in the infected media devices, which they later on use for self-interests (Norwood & Catwell, 2009). Threats also include Trojan horse which appears to be a normal program but conducts illegal commands once executed, A worm (Write Once Read Many) which is a replicating program and DOS(Denial of Service) attack that slows or terminates a program completely .
With this prevailing cyber security issues, it is thus necessary for entities to in house best cyber security systems to curtail their extreme adversities. These measures are two fold and involve both use of software and hardware to improve resilience to cybercrime i.e. By sophisticating the information infrastructure to be more resistant to threats, and to reduce the cyber threats by measures as enforcing laws against cybercrime. A firewall is an exemplary hardware that alerts a user of Trojans and cookies trying to operate in a system as well as protection against spyware variants. The use of software involves installing anti-viruses in the computer devices in an entity. Irrespective of the type, the antivirus scans the computers for any virus or rather threat and if found, they are capable of neutralizing their effects onto the system
Norwood, K., & Catwell, S. (2009). Cybersecurity, cyberanalysis, and warning (1st ed.). New York: Nova Science Publishers.
Target Data Breach
For any retailer, the security of customers is a top priority. In as much as the physical security is imperative, the security of their personal information outranks all kinds of security that they could possibly need (American Bar Association, 2008). The fact that customers trust a retailer, or any other company for that matter, with their personal information in the form of credit card numbers, social security numbers and even home addresses warrants that the retailer in question safeguard such information. Many financial institutions have often taken the necessary precautions to prevent credit card information theft, but many retailers have been left behind insofar as joining the bandwagon is concerned. Target was no exception, and their lackluster approach towards dealing with cyber security cost them a great deal.
The theft of approximately 40 million credit cards from their databases by hackers was a huge blow to the credibility of Target as a retailer. The fact that it failed to prevent the theft of so much information is in itself a great betrayal to their customers. Concerted efforts by a group of hackers bore fruit due to momentary lapses in judgment by the Target security team. In an effort to obtain millions of credit card numbers, hackers placed malware in the Target security and payment system.
This malware was designed to capture and record the customer’s credit card number during the payment process. Once the cashier swiped the card through the system, the malware would record the card number and store it on a server, ironically belonging to Target that was commandeered by the team of hackers (Riley, Elgin, Lawrence & Matlack, 2014). The hackers would then proceed to use well designed exfiltration malware that would then move the stolen card numbers to their computers in Russia. In order to cover their tracks, the hackers first moved the data to staging points within the USA then to their computers in Russia (Riley, Elgin, Lawrence & Matlack, 2014).
The ability of the hackers to place malware in the security and payments system of all Target stores without being noticed is a point of major concern. Target, in its defense, argues that it contracted security experts FireEye to develop a security system that would prevent the occurrence of such activities. This is true, and, in fact, it has been proven that FireEye did actually sound many alarms concerning the operation of malware within the Target system (Riley, Elgin, Lawrence & Matlack, 2014). Having a security office in Bangalore comes in handy for target, insofar as maintaining security is concerned.
Although the team in Bangalore raised the alarm as soon as the malware operations were detected by the FireEye system, no action was taken at the Target headquarters in Minneapolis. The fact that the hackers were able to infiltrate the security and payment system, collect credit card numbers from millions of Target customers and transfer the data without Target being aware of the whole operation raises serious doubts regarding the security measures employed by Target. In order to have a successful operation, the hackers installed their malware in the point-of-sale system, as well as the Target system that stores customer data.
At the point-of-sale, the malware utilized RAM scrapers to collect customer data. Once the credit card was swiped through the system, it was first read then encrypted. The RAM scrapers got to work just after the card was read, and before the data was encrypted. At this point, the RAM scrapers collected the data then stored it awaiting extraction. Having a top-notch security system did little to boost Target’s ability to counter cybercrime, seeing that the final decision regarding the appropriate course of action was left in the hands of the security team. Although the malware used to orchestrate the breach and exfiltration of the data were neither sophisticated nor interesting, the execution of the hackers and the concentration lapses of the security team contributed to the successful theft of over 40 million credit card numbers (Riley, Elgin, Lawrence & Matlack, 2014).
The advent of the internet had its array of advantages and disadvantages in equal measure. The fact that someone located thousands of miles away can access vital information such as credit card numbers belonging to loyal customers is no joke. It is a fact that stolen credit card numbers are worth a lot of money, considering the millions of individuals looking to purchase these numbers for their own use. Hackers, on the other hand, are responsible for obtaining these numbers from unsuspecting individuals. Although the hackers are responsible for obtaining the numbers, their motives raise many questions (Holt & Schell, 2013).
It is very unlikely that a team of hackers will strive to obtain credit card numbers in the excess of 40 million for their personal use. In as much as the hackers themselves are a serious threat to the security of such personal information, it is also likely that just like mercenaries, they are doing someone else’s bidding. Capitalism is associated with tough competition as every competitor looks to grab the lion’s share of the market. In reality, sabotage through such activities is very much possible due to competition. It is also noteworthy that many hackers like to ‘ply their trade’ for the fun of it. After all, how does a hacker expect to get better at what they do if not through practice? Many hackers have chosen huge corporate bodies as their targets and practiced their skills through hacking their systems (Holt & Schell, 2013). In the case of Target, the motives of Russian hackers cannot be established as of yet, but one this is very clear-they could not have succeeded without some form of help from the inside.
The vulnerabilities of the security and payment system must have been assessed before the hackers could manage to execute their plan. Although they may have done their research extremely well, understanding where to strike and how is a pointer to the success of their plan. Having an individual with proper mastery of the system in use at Target would have helped the hackers in designing the malware that infiltrated the system and obtained millions of credit card numbers from their many stores. The vulnerability of this system must have been known for such hackers (who were not exactly sophisticated) to have fully executed their plan.
The impact of this incident stretched far beyond the theft of millions of credit card numbers. First off, the stock price of Target fell as soon as this news hit the headlines, and it is noteworthy that Target lost a lot of money (Riley, Elgin, Lawrence & Matlack, 2014). Secondly, the loss of customer loyalty has had the most profound effect on Target since the occurrence of this incident. The fact that some customers were no longer willing to shop at Target due to security concerns translated in massive losses for Target. In their quarterly reports to investors, their profits fell by a whopping 49% compared to the same quarter in the previous year (Riley, Elgin, Lawrence & Matlack, 2014).
This is a manifestation of the general feelings that the public have towards Target. As if this was not enough, Target has had approximately 90 lawsuits filed against them by customers and different banks, seeing that the hacking of their system cost them a lot of money (Riley, Elgin, Lawrence & Matlack, 2014). This forced Target to incur losses since they had to reimburse the stolen money that customers lost to the team of hackers. This has left Target in a dangerous position, seeing that it has to work even harder to re-assure its present customers and the entire world that it has resolved all pending issues insofar as their security is concerned.
Hiring security experts such as FireEye was a great step for Target, seeing that it had the security of its clients’ information in mind. FireEye developed an elaborate system that worked to prevent the operations of malware and viruses designed to sabotage the entire system in one way, or another. Having set up its security office in Bangalore, Target was centered on fully monitoring the activities on its system, and identifying and neutralizing any potential threats before they could become serious. The system developed by FireEye was fully functional, and even raised an alarm on the presence of malware that was present in the security and payment system (Riley, Elgin, Lawrence & Matlack, 2014). Subsequent alarms were raised once the operations of the hackers began, and the system developed by FireEye raised red flags over these, as well. However, the failure of the team back in Minneapolis to respond to these alerts can be held responsible for the serious data breach that occurred.
The system raised an alarm early enough for the security team back at Minneapolis to act on the matter and neutralize the malware as soon as possible. However, oversight of the alarms resulted in a serious breach. Although the system developed by FireEye is designed to contain and eliminate any malware or viruses detected, it failed to do so since this feature was apparently deactivated. Security experts argue that many organizations prefer to turn off this feature since it restores control in the hands of the security team, and not the software. While this is true, and possibly very important, it puts the fates of millions of customers in the hands of the security officials (Virtue, 2009). Human error is characteristic of everyone, and in this case, failure to address the alarms as soon as they were raised essentially handed the hackers what they wanted.
For retailers of any scale, whether large or small, security is essential to success. In order to guarantee security of confidential information such as credit card numbers, it is mandatory that security systems and software are allowed to do what they were designed to do-solve malware, virus and other security problems (American Bar Association, 2008). For instance, in the case of Target, the use of unsophisticated malware highlights the unprofessionalism of the hackers. Given the chance, the system developed by FireEye had the ability to contain, neutralize and eliminate the malware that was responsible for obtaining credit card numbers at the point of sale terminal.
Had this feature been turned on, Target would have saved the millions of dollars it has lost due to this data breach. Secondly, human error is inevitable, but not acceptable when the personal information of millions of people is at stake. In this light, Target should have ensured that the security team in Minneapolis addressed the matter as soon as it was raised by the Bangalore office. This would have helped prevent the progress of the malware in obtaining credit card numbers and storing them in a server belonging to Target. If this were the case, Target would still be in control of its security and payment system, and this data breach would not have occurred.
In the matter of cyber security, response can make the whole difference between a botched data breach and a successful one. This is because the advent of the internet has made it easy to operate computers from far away, and execute operations with great ease. For this reason, every organization looking to safeguard itself against cyber security attacks must ensure that it has elaborate and well developed response strategies that prevent any further data breach, if any, as well as cyber attacks. For Target, there was a clear response activity available that would have prevented the massive data breach. From their security office in Bangalore, the security experts monitor the activities of the security system and flag any potential threats.
This team is also responsible for identifying any irregularities within the system, and how best to deal with them. Under heavy pressure to mitigate the situation and avoid further damage, Target informed all financial institutions with which it has links of the data breach. These financial institutions consisted mainly of the wide array of banks that the customers were using. This allowed the banks to take regulatory measures on the stolen credit cards to prevent any monetary losses before the hackers could attempt to conduct fraudulent activities.
Once the FireEye system identified malware in the security and payments system, protocol was clear-the Bangalore office reported the matter to the headquarters in Minneapolis (Riley, Elgin, Lawrence & Matlack, 2014). Here, protocol was again clear-deal with the threat and eliminate it as soon as possible. Failure to observe protocol at this stage resulted in massive losses for the entire company. Developing a response activity that leaves the fates of millions of customers at the hands of a handful of individuals located in one place exhibits lack of consideration (Virtue, 2009). This is because it provides no other channel through which the threat can be addressed. Terminating the response at the security team at the headquarters was a huge fail for Target.
In order to guarantee efficiency and accountability in the response activities should such a threat be identified, multiple chains must be employed. Rather than have a response system that channels such vital information to one point, it would be much better and more efficient to channel this information to multiple points. In the case of Target, rather than transmit the information to the security team in Minneapolis alone, it would have been better had the information been transmitted to other offices and executives, as well. In this way, the different parties would have been accountable to each other, and the problem would have been solved on time. Allowing the different channels to serve as each other’s watchdogs keeps all the channels and departments on their toes, thereby resulting in a more efficient incident response approach (Morgan & Boardman, 2012).
It would also be better if the different offices were allowed to consult on the security matters. Having the Bangalore office consult with the Minneapolis office would have resulted in developing a solution to the problem as soon as possible. Allowing the office in Bangalore to respond to real-time threats just like the office in Minneapolis would have facilitated the solution of this problem as soon as it was identified. The team in Bangalore would have eliminated the malware, thereby preventing the data breach that occurred. This would prove to be a more efficient system of dealing with response activities, seeing that it does not facilitate the occurrence of gaps in the incident response process.
By eliminating these gaps, the process can be deemed fool-proof (American Bar Association, 2008). Such response activities would save organizations, in this case Target, millions of dollars in losses incurred due to data breaches. In addition to this, the new approach towards training serves to ensure that employees are now capable of handling situations that highlight potential data breaches. By training the security staff on ways to detect even the slightest of mishaps in the data security, Target has ensured that its upgraded security system is fully protected at all times. Secondly, training the staff at the locations where the hacks occurred was essential for Target. By training the point-of-sale attendants on requesting proper identification from customers, Target is likely to minimize the chances of a future breach that could occur through feeding malware into the system. Secondly, training the staff at these locations on monitoring and detecting any suspicious behavior affecting the Target system allows Target to monitor and detect any possible faults within the system as soon as possible to prevent data breaches.
Vetting their vendors and suppliers also seemed to be a wise decision. The fact that the breach could have potentially occurred from a vendor whose system was hacked cannot be ignored. As a result, Target sought to ensure that its entire vendor and supply chain is fool-proof and incapable of being compromised. First, Target ensured that all the security systems in place in all its vendors were intact and uncompromised. This is because a compromise in the system of a vendor could lead to the compromise of the entire Target system, seeing that the two share inextricable links that are designed to ensure fair business transactions. Secondly, assessing its supply chain helped re-assure customers that all was well. Running background checks and ensuring there are no possible links between the hackers and any of its vendors and suppliers helped to bolster the security system at Target. This ensured that Target uses only trustworthy sources that eliminated any possibility of compromises to the security system in place.
It is essential that every organization learns a great deal from failures such as this one. No security system is perfect or impenetrable, but it is possible to create a system that can minimize any possible chance of being hacked, and vital information being stolen. In order to achieve this, it is necessary to have efficient and high value security controls in place (Virtue, 2009). The security of any organization that deals with vital information such as credit card numbers of clients must prioritize its security, and that of its system. In this view, establishing security controls is mandatory for such organizations. Having controls that govern the security affairs of the organization can help to save millions of dollars in losses.
In the case of Target, they did not suffer a data breach because they had a poorly developed security system, but because they allowed human negligence and error to overlook a potential threat to the security of their system. Deactivating the automatic elimination feature in their security system exposed Target to possible infiltration by hackers (Riley, Elgin, Lawrence & Matlack, 2014). In order to prevent a recurrence of such a breach, it would prove useful to have an override system in place. Although the system identifies threats, the immediate course of action is left to the security experts. However, should these experts fail to act within the stipulated timeframe, then the override occurs and the system eliminates the threat as it should. In this way, there would be no gaps in the system that would warrant data breaches (Mitchell, 2009).
Response should also be bolstered by proper technology and training. In some instances, the security team may be unsure of the best course of action to take when they are faced by a threat to the system. It is in such cases that proper training comes in handy. Properly training the staff to understand how to deal with possible security threats to the system provides them with a valuable skill set that can prevent data breaches. Exposing the employees to different scenarios in training sessions can actually help them once they are faced by a real threat. Such scenarios allow them to understand the dynamics involved in the decision making process to ensure that the course of action adopted is correct and does not pose any threat to the security system of the organization (Morgan & Boardman, 2012).
Secondly, technology plays an essential part in today’s world. Many hackers are investing their time in using sophisticated technology that is accessed by very few individuals. As a result, many organizations may face a security system threat due to low levels of technology. Should the malware or virus attacking the system be more sophisticated, then the entire system faces the risk of crashing, seeing that it will be incapable of handling the threat.
Due to this, organizations that prioritize security must invest in the best technology available to eliminate the chances of falling prey to sophisticated threats (Morgan & Boardman, 2012). In this way, the entire organization will be protected from any possible threats. This guarantees the security of confidential customer information that would cause irreparable harm should it fall on the wrong hands. Addressing the legal fine print that limits employees from acting to prevent successful attacks of security system is also vital to the process of preventing future incidents (Mitchell, 2009). This is because it allows skilled employees to offer their services in preventing potential attacks.
Cyber security is an essential part of the modern world. This is emphasized by the relevance of the internet in today’s world, and the central role it plays in terms of economy and particularly business (Morgan & Boardman, 2012). For any firm to be sure of their ability to retain their clients, it is mandatory that they invest in security. However, investing in security alone is not enough. It is necessary that these organizations also cover the backend of this approach. Ensuring that the organization has the right employees for the job, and effective security control measures are surefire ways of preventing the development of any loops and gaps in the security framework of an organization.
Facilitating the development of clear protocols and control measures that dictate the course of action in the event of a security attack, or potential security attack can make the entire difference between success and failure for a hacker. In the case of Target, this was clearly manifested. The inability of the staff in Minneapolis to act on the red flags raised by the security team in Bangalore essentially resulted in the successful data breach.
The absence of security control measures that provided an alternative that the Bangalore office would have taken resulted in the theft of over 40 million credit card numbers (Riley, Elgin, Lawrence & Matlack, 2014). This was a catastrophe, and it highlighted the weaknesses in the security system structure that Target uses. Needless to say, Target has been forced to undertake a 100 million dollar overhaul of its security system to ensure that it is capable of identifying and eliminating future threats to the security system (Riley, Elgin, Lawrence & Matlack, 2014). It is only logical that other firms do not wait to learn through their own experiences, but from the experiences of companies such as Target.
American Bar Association. (2008). Data security handbook. Chicago, Ill: ABA Section of Antitrust Law.
Holt, T., & Schell, B. (2013). Hackers and hacking: A reference handbook. (1st ed.).
Mitchell, S. (2009). How to survive a data breach (1st ed.). Ely, U.K.: IT Governance Pub.
Morgan, R., & Boardman, R. (2012). Data protection strategy: Implementing data protection compliance. London: Sweet & Maxwell/Thomson Reuters.
Riley, M., Elgin, B., Lawrence, D., & Matlack, C. (2014). Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. Businessweek.com. Retrieved 12 June 2014, from http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-... hack-of-credit-card-data
Virtue, T. M. (2009). Payment card industry data security standard handbook. Hoboken, N.J: John Wiley & Sons.