The aim of this assessment task is to write a business report that investigates and analyses the issues relating to the impact of data
breaches to organisations from a business perspective by reading and analysing relevant scholarly articles, using contemporary examples
and providing a personal reflection.
1. Read the article: The Biggest Data Breach Of The 21st Century
2. Select one breach. Search for additional articles that will inform the following questions:
a. How did the attack occur
b. What were the vulnerabilities in the system (or systems) that were breached?
c. Who was responsible and why did they target the organisation
d. Was it avoidable?
e. How can Cyber Insurance mitigate the risk?
3. Now do a comparison between the case you chose and another case in the original article (ie Biggest Data Breaches). Search for scholarly
articles to bolster your comments. Evaluate the example (as a case study) you selected:
a. Discuss the background in the two cases you chose.
b. What were the biggest similarities in the two cases?
c. What were the biggest dissimilarities in the two cases?
d. What could the companies learn from each other?
4. Imagine (NB. You may actually be a customer already) you are a customer who was impacted by one of the data breaches you chose for
your individual report, discuss how you feel about your data being breached. You will create a small reflection (less than 300 words) on your
feelings about data breaches from your own personal perspective. (NB The 300 words is in addition to the 2000 words)
1. The assessment is broken into two parts. First part:
1.1 Write a report that addresses the areas outlined above. The first part should answer questions 1-3. This part should not exceed 2,000 words
(the reference list, title page, table of contents and appendices are not included in the word count). There will be a turnitin link provided on ilearn.
1.2 The second part should answer question 4 (personal reflection). You will create a small reflection (less than 300 words) on your feelings about
data breaches from your own personal perspective. (NB The 300 words is in addition to the 2000 words)
2. The first part of the report (questions 1-3) should include a title page which includes the assignment title, your full name and student ID and a
total word count). The report should be in 12-point Font, single spaced in word processing software such as Microsoft Word. The report
should have appropriate headings and subheadings (including an introduction and conclusion).
3. This report must use scholarly articles to support any claims you make. You must use the Harvard referencing style
4. Take advantage of resources available to you. Learning skills workshops (Link updated as the uni moved the information
5. Review the marking rubric so that you understand how you will receive feedback.
Adobe is a multinational company founded in 1982. It is a computer software company managed by Charles and john. In this report, we will discuss about the Adobe data breach 2013.
1.1 HOW DID IT OCCUR
According to the report in October 2013 adobe announced that nearly 3 million customers data had been breached. Data includes the credit card information and login access of the customers. After the research, it is found that some other information was stolen like id, password and debit card information as well. It was very difficult to calculate the total damage. Many other online properties of adobe were also breached. This breach came into the light when the hackers raided a backup server that contains all the customer information as well as source codes of the adobe software. according to the research, we have found that adobe was shifting the desktop license to the cloud service. They were moving to provide the software as a service to the customers (Bell, 2021). At that time adobe become vulnerable. After the research, it is found that more than 150 million customers were affected by that breach. The backup database was compromised in which all the data were stored.
We have found lots of vulnerabilities in the adobe breach, some of them are: It is found that in the last few years adobe has faced many issues like this related to cybersecurity. Their cybersecurity was not good enough at that time. If you will check the record adobe has already faced many cyberattacks in the last few years. Some of the were issues in the reader, remote access to hackers, adobe reader bug etc. according to the OAIC adobe has used single block cipher in the database. As the result many identical passwords having the same cyphertext in the database. According to research, we have also found that hackers have gained the access to the system by studying the source code of the software of adobe like an acrobat, fireworks, ColdFusion etc. hackers have identified the vulnerabilities in the software and gain access to the customer's accounts. Adobe used the old ECB encryption method, it was very easy for the hackers to crack them.
1.3 WHO WAS RESPONSIBLE?
Adobe cybersecurity was not enough strong at that time. Adobe knew very well that its cybersecurity practices are poor. They have not deployed the new encryption methods for securing the user information and passwords. Brad Arkin the chief security officer has apologized and in august 2015 adobe has paid approx $1.2 million to settle the claim of the 38 million users. After that in November 2016, the payment was received by the customers.
Adobe is a multinational company and provides lots of software and services. Hackers can use the customer data and source code of the adobe software. They can make good money by selling them in the market or they can use it for future attacks. Due to the low security and cyber practices, it was easy to hack the adobe backup server. According to the research, it is found that attackers purposely accessed all the adobe financial data and its knowledgeable property. Already many attacks have been made on the adobe company so maybe attackers have decided to target the adobe organization again. Maybe they have made some attacks before and have some sensitive information about their cybersecurity.
1.4 WAS IT AVOIDABLE?:
Yes, it can be avoidable. In the modern world most of the information stored in the system. If the systems are not properly protected the information can be compromised. Every day hackers breach the security barriers and steal personal and financial information (DesJardins, 2021). As we know many cyber-attacks has been done on adobe and its products. By following some measure they can avoid the breach some of them
These are some preventions methods. To avoid any type of data breach in the system, the cybersecurity of the company must be stronger. Here are some points organization can adopt to prevent cybersecurity breaches. It is very important to provide limited access to sensitive data. Employees are the weakest link the data breaches. Employees can open any unauthorised or suspicious email or link that may download the malware and virus. It is very important to train your employee about the latest threats and how to handle data breaches. The next step is to update all the software and create strong passwords for the account. Need to develop a breach response plan for critical situation.
1.5 CYBER INSURANCE:
According to the reports, adobe itself admitted to the greater breach in cybersecurity. Technology lawyers already told adobe about the legal actions that need to be taken in the future. According to the latest report, more than 38 million users has been compromised. Adobe faced so many bills in term of notification letters or legal bills. A data breach involves many issues, at this time the cybersecurity insurance can help the organisation to mitigate the risk and the losses. Here are some points on how cybersecurity insurance coverage can help organizations (Marciano, 2021).
In short cybersecurity insurance coverage can reduce your penalties, fine and other responsibilities. According to the estimate, the mail notification cost of the above would be $17480000 for 38000000 customers. So the coverage is very important for the organization in the time of any data breach.
2. HEARTLAND PAYMENT SYSTEM VS ADOBE DATA BREACH
Heartland payment system is the 6th largest payment processor in the U.S. according to the report the Heartland payment system was processing 100 million transactions per month. In January 2009 the breach was found by the visa and master card. Then they inform the Heartland payment system about the suspicious activity. The attackers use vulnerabilities with the help of SQL injection. SQL injection is the most common form of attack. Whereas in the case of adobe, approx 153 million accounts of the customers were breached. The encryption and the cybersecurity of adobe were weak. The hackers access the old database of the backup which contains all the information related to the customer details and the source code of the adobe software. In this case, hackers studied the source code of the Adobe software and identify the vulnerability in the system and access all the information. Heartland payment system roughly paid $140 million fines and other penalties whereas adobe has paid @1.2 million approx to the customer and legal penalties. No one went to jail in the case of the adobe data breach whereas, in the case of the Heartland payment system, Albert Gonzalez was found guilty and arrested.
With the technology, advancement business can grow more but on the other hand malware, virus, bots can affect your business. In both the case study, the user credit card and account information was compromised. In both the case study, we have found that millions of user were affected and hacker access sensitive information from both companies (Steve, 2021). Both companies have to face legal circumstances and weaken trust from their customers. Both the company has to pay huge money to pay the fine and the penalties and go through lots of legal procedures. According to the research we have found that adobe has paid $1.2 million and heartland has paid approx. $140 million in terms of fine and penalties. Both the company has sent the notification to the customer and apologise for the attack and the losses. The main similarities were the poor cybersecurity and lack of a monitoring tool system for detecting any suspicious activity.
We have studied both the case study we have found the way of attack is different in both the case. The hackers access the old database in the case of adobe due to the poor cybersecurity of the organization. By analysing the vulnerability in the adobe software they access all the information related to the customer and the above software source code. Whereas in the case study of the Heartland payment system the Russian hacker Albert found guilty. He used the old technique named SQL injection and inject the malware into the system with the use of SQL statements (Breaking the Target: An Analysis of Target Data Breach and Lessons Learned | Global Resilience Institute, 2021). After that he can monitor and record all the information of the users and many customer data has compromised. In the case of adobe, the company was responsible for the attack because of weak cybersecurity whereas in the case of the Heartland payment system Russian hacker was responsible for the attack. Adobe attack was happened mainly due to poor password and encryption method used in the organization whereas Heartland payment system was hacked due to the vulnerability in the system and attacked by the malware.
2.4 COMPANY COULD LEARN
Data breaches are growing very fast and every business owners should know how to prevent data breaches. There are many common causes of attack and data breaches. From both data, breach company could learn how to secure their data more effectively. After research from both the data breach company could learn lots of new things that can be implemented to avoid future attack. Some of them are :
If the customer data compromise due to a data breach then it can be worse for the company. The business could face many legal lawsuits. There are some ways with the help of that business owner can avoid the legal and recovery fees but it better to prevent the business from the data breaches (Talesh, 2021). Data breach insurance is very important for businesses. Data breach insurance cover can manage most of the legal expenses and provide better guidance at the time of data breach. Insurance can pay legal charges, fraud monitoring services, crisis management services and much more. In fact, they can save businesses recover from data breaches.
A data breach is the worst thing that can happen to the customer. It happened to me last year. I got the notification from the business that my account has been compromised. I was very worried about my information. I want to know what information was compromised. What should I do now? What would be the circumstances? Many questions were in my mind. I was totally confused and still worried about how long my information was in the wrong hand. What hackers will do with my information.? When a large company become the victim of the data breach they provide the many offers and facility to the customers. All the customers want expert help from the security department of the organization. The data breach insurance coverage provides many offers and assistance to the customers.
I want to share some important points that you should follow to keep yourself protected. Some of them are
In the last, I want to say that being the victim of any type of data breach is not good for any customer. According to the research, it is found that 76% of customers felt very serious stress after the data breach. I also found only fewer peoples took any steps to protect themselves from the data breach. You all should know how to keep your data safe and how to deal when any data breach that occur (Cheney, 2021).