Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Hi, I hope you are doing good! I need some help regarding for this quest. Locate

ID: 3910754 • Letter: H

Question

Hi,

I hope you are doing good!

I need some help regarding for this quest.

Locate a current article about how an organization was breached/hacked and customer data was stolen. The article can be published within the last 4 years.

Complete the attached article form and post to the discussion area to share with your peers.

Title your discussion board submission as we do not want any duplicate articles to make sure to check the boards to ensure someone else is not doing the same article.

Once you have claimed your article and posted the title/author/form to the discussion area, write a 2-3 page summarizing what you learned from the article and what are some of the key items the organization needs to or needed to change to ensure that this breach would not happen again (or at least minimize the impact).

       5. Submit your paper for grading and don't forget to use APA for your formatting.

ISOL 631 Operations Security Syllabus Summer 2018

Explanation / Answer

Question: Locate a current article about how an organization was breached/hacked and customer data was stolen. The article can be published within the last 4 years. Complete the attached article form and post to the discussion area to share with your peers. Title your discussion board submission as we do not want any duplicate articles to make sure to check the boards to ensure someone else is not doing the same article.

Once you have claimed your article and posted the title/author/form to the discussion area, write a 2-3 page summarizing what you learned from the article and what are some of the key items the organization needs to or needed to change to ensure that this breach would not happen again (or at least minimize the impact).

Title of the article: Zomato hacked: Security breach results in 17 million user data stolen

Zomato has suffered a security breach with over 17 million user records stolen from the food-tech company's database. The stolen information has email addresses and hashed passwords of customers.

According to Hackeread.com, a user by the name of "nclay" claimed to have hacked Zomato and was willing to sell data pertaining to 17 million registered users on a popular Dark Web marketplace.

This included emails and password hashes of registered Zomato users with the price set for the whole package at $1,001.43 (BTC 0.5587) - BTC here stands for Bitcoins. Hackeread adds the vendor also published data and evidence to prove it was genuine.

Hashing turns an original password into an incoherent set of characters, bringing down the possibility of it being easily converted back to plain text. Furthermore, passwords of Zomato's 120 million users are reportedly salted as well, whereby characters are added at random before the password hashed, rendering it unintelligible even if the hash is translated.

Although in theory the password may still be safe, Zomato is encouraging its users to change that password if used for any other services.

Amid the news of the leak, no payment information or credit card data has been stolen, the company said in a note released to the press. 'In our security investigation, we have found no evidence of unauthorized access to financial information,' it states. 'Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault,' it further added.

Despite assurances that increased levels of precautions were made to safeguard users' data, the company, as a preventive measure, has reset the passwords for all affected users and logged them out of its app and website. 'Since we have reset the passwords, affected users' Zomato account as well as credit card information is secure, so there is nothing to worry about there.'

In the blogpost, Zomato has attributed human error as the cause of the security breach where an employee’s development account got compromised. 'Our team is actively scanning all possible breach vectors and closing any gaps in our environment,' the blog stated.

Over the next couple of weeks, the company will reportedly work towards plugging further security gaps - if any - in its systems. This will include adding a layer of authorization for internal teams having access to such data to avoid the possibility of any human breach.

Analysis of the scenario:

Today, all organizations are digital by default. Not every organization delivers its products and services primarily through digital channels, but all operate with the cultures, technology and processes of the connected era of the Internet of Things (IoT).

The World Economic Forum now rates a large-scale breach of cybersecurity as one of the five most serious risks facing the world today. The scale of the threat is expanding drastically: by 2021, the global cost of cybersecurity breaches will reach US$6 trillion by some estimates, double the total for 20151.

Every organization’s technology infrastructure is both modified and complex, spanning networks consisting of tools and technologies that may be on-premises or in the cloud.

Connected devices add to the complexity. The convergence of IoT networks with what were once separate and self-contained – and therefore more manageable – systems represents fundamental change.

Mounting threat levels require a more robust response and this year’s Global Information Security Survey (GISS) reveals that many organizations continue to increase their spending on cybersecurity. 70% say they require up to 25% more funding, and the rest require even more than this. However, only 12% expect to receive an increase of over 25%.

For many organizations, the worst may have to happen for these calls to be met. Asked what kind of event would result in cybersecurity budgets being increased, 76% of survey respondents said the discovery of a breach that caused damage would be likely to see greater resources allocated.

By contrast, 64% said an attack that did not appear to have caused any harm would be unlikely to prompt an increase in the organization’s cybersecurity budget. This is higher than the figure reported last year, which is concerning given the reality that harm is generally being done by an attack even it is not immediately obvious.

Ultimately, organizations that fail to devote the resources necessary for adequate cybersecurity will find it very difficult to manage the risks they face. Our survey suggests organizations increasingly recognize this: 48% of respondents say either that they have made changes to their strategies and plans to take account of the risks posed by cyber threats, or that they are about to review strategy in this context.

Organizations should think in terms of closing the door to the most common types of attack. According to Greg Young, Research Vice President at Gartner: “Through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year.” Identifying and closing off these vulnerabilities in your organization before they are exploited is therefore crucial. Indeed, with good cybersecurity hygiene in place — even if this is easier said than done — it should be possible to prevent a very sizeable proportion of common attacks. For the next few years, patching known vulnerabilities and removing web server vulnerabilities could be the most impactful actions for boosting your cybersecurity.

At this threat level, point solutions remain a key element of cybersecurity resilience, with tools including antivirus software, intruder detection and protection systems (IDS and IPS), consistent patch management and encryption technologies that protect the integrity of the data even if an attacker does gain access to it. Employee awareness is also a crucial frontline defense, building cybersecurity consciousness and password discipline throughout the organization. As the respondents to this survey point out, careless employee behaviors represent a significant point of weakness for most organizations; addressing this weakness is vital.

Defending against the common attack methods. The maturity of an organization’s cybersecurity approach will determine its effectiveness. In this year’s survey, of all the cybersecurity management processes discussed, three areas correlated especially closely with the confidence of organizations in detecting a cyber-attack: privacy, security monitoring and third-party management.

However, many organizations have serious concerns about the current maturity of their cybersecurity systems. In order to defend against common threats organizations, need to make sure that the basics are in place. The basics consist of five strategic components:

1. Talent-centric: Cybersecurity is not the sole responsibility of the IT department; it is the responsibility of every employee and even of all the people in the eco system of the organization.

2. Strategic and innovative

3. Risk focused

4. Intelligent and agile

5. Resilient and scalable

Ingredients required to achieve cybersecurity resilience:

The pace of change in today’s increasingly digitized world has led to the convergence of different risk disciplines that complement each other to address our clients’ needs and those of their customers, regulators and business partners.

Putting cybersecurity at the heart of an organization´s strategy will help maintain and even enhance the trust of consumers, regulators and the media. For a start, the C-suite can no longer assume that cybersecurity is solely the responsibility of the information security (IS) or information technology (IT) departments.

Instead, organizations must make cybersecurity a core part of business strategy and culture. In

doing so, they can enable the entire organization to understand the risks they face, embrace

the innovation needed to counter those risks, and have the resilience to regroup and restore

operations smoothly and efficiently in the wake of a cyber breach.

Organizations need an integrated cybersecurity vision — one that brings together the various functions and dependencies with other parts of the organization, external key stakeholders and

third-party suppliers.

Bibliography

Publication/vwLUAssets/ey-cybersecurity-regained-preparing-to-face-cyber-attacks. (2018, 06 30). Retrieved from www.ey.com: https://www.ey.com/Publication/vwLUAssets/ey-cybersecurity-regained-preparing-to-face-cyber-attacks/$FILE/ey-cybersecurity-regained-preparing-to-face-cyber-attacks.pdf

zomato-hacked-security-breach-results-in-17-million-user-data-stolen. (2018, 06 30). Retrieved from economictimes.indiatimes.com: https://economictimes.indiatimes.com/small-biz/security-tech/security/zomato-hacked-security-breach-results-in-17-million-user-data-stolen/articleshow/58729251.cms

Related Questions

Hi, I have a trouble with my coding assignment, which should be written by Proce
Question #440577
Hi, I have a txt file with the info below (it shows row data with School-List Da
Question #3714213
Hi, I have a work diary where I input my activities then due dates, status, comp
Question #3562800
Hi, I have a worksheet change event that hides a pre-defined set of rows for eac
Question #3564399
Hi, I have already solved this Multiple Choice questions, Can anyone confirm me
Question #1150520
Hi, I have an algebra question that I\'m having trouble with. I wrote it below.
Question #3033992
Hi, I have an error with my program. It has an infinite loop when I try to put s
Question #3722795
Hi, I have an error with my program. It has an infinite loop when I try to put s
Question #3722812
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Hi, I have written a program that have some errors. Can anyone look in to this a
Next
Hi, I just had a lab on \"Using cell potentials to predict chemical reaction\" I

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.