Case Study 1: Cyber Security in Business Organizations

 

 

 

 

 

 

 

 

 

 

 

 

 

Case Study 1: Cyber Security in Business Organizations

Amare Alemu

Professor Wade M. Poole, Ph.D.

CIS 500 Information Systems for Decision-Making

May 17, 2017

 

 

 

 

 

 

 

 

 

 

 

Case Study 1: Cyber Security in Business Organizations

Introduction

         The organizational information security and protection face many challenges. Firstly, this paper will determine the fundamental challenges that organizations face in general regarding protecting corporate assets and information.   Secondly, the article will Specify the red flag(s) that Target overlooked or ignored before the direct attack and give its opinion as to why Target missed or ignored the red flag(s).  Thirdly, the paper will determine the main actions that Target took after the breach occurred and evaluated the efficiency of such operations. Lastly, the article will give 1, the conclusion on the main reasons why the attack on Target occurred; 2, its opinion as to whether the attack was mainly because of the poor infrastructure or the inability of the personnel to act accordingly; and 3, the justification for the responses.

         According to Gus Malezis, (2016), the author, mentioned five fundamental challenges that organizations face in general regarding the security and protection of organizational assets and information. The first challenge was the recognized impact of a security breach, i.e., the crime that is called Cybercrime continues to escalate in frequency, impact, and sophistication and threatens organizations regardless of size and sector. A data breach or intrusion can cause an organization to lose customers, revenue, and reputational value, experience loss of operational continuity and question the integrity of its data. The second challenge was called the skill gap which will happen whenever the security practitioners don’t fully understand the nature of their business, safety, and operational personnel will fail to see how each asset is relevant to the support of an organization’s mission. The third challenge was the explosive growth in endpoints that will double at a faster rate. The effort needed to protect so many devices can drive up security operations costs on organizations. The fourth challenge was the digital-physical convergence which will happen because of many endpoints the threat for one endpoint will end up becoming the threat for the others as well, i.e., either in an Internet of Things (IoT) or an Industrial Internet of Things (IIoT). The fifth challenge was security and technology is changing rapidly. If security must not evolve to meet today’s sophisticated threats and solutions need not adapt to accommodate the current and future needs of an organization, the cost will be innumerous.

         According to Michael Riley, Benjamin Elgin, Dune Lawrence, and Carol Matlack, (2014), ‎ specified that FireEye spotted the hackers and their traps and Bangalore got an alert and flagged the security team in Minneapolis. Target overlooked or ignored the red flag before the direct attack this was because Target thought that it had been certified to meet the standard for the payment card industry (PCI) in September 2013. However, it wouldn’t escape from suffering the data breach. Even though the infrastructure was up- to- the- standard (certified in September 2013) some opinion as mentioned earlier the personnel (skill gap) and recklessness of people at Target had negatively contributed to the attack to happen.

         The authors Michael Riley, Benjamin Elgin, Dune Lawrence, and Carol Matlack, (2014), further discussed that because of the offensive Target conducted an end-to-end review of their people, processes and technology to understand their opportunities to improve data security and committed to learning from the experience, and this attack accelerated Target information security structure to transit into chip-enabled cards. However, according to Tom Quimby, (2015), discussion, the chip -enabled information security technology that was supposed to be a solution for the recent security problem around the world, by mentioning the FBI, will not do much to stop billions of dollars of credit card fraud over the next few years. Though for the moment Target might have stopped the hackers. That doesn’t necessarily mean Target has a guaranty for the efficient way of information security and organizational assets protection.

         In conclusion, information security and protection of corporate assets within the company has become a top priority for many corporate leaders. Regarding Target this paper identified that the main reason for the attack to happen was Target Managers believed and thought that Target had been certified as to meeting the standard for the payment card industry (PCI) in September 2013. Next, the paper identified that the attack was mainly occurred not due to the poor infrastructure but due to the inability of management to act accordingly. FireEye spotted the hackers, and their traps and Bangalore got an alert and flagged the security team in Minneapolis the people did not respond at all. The paper indicated this inability of management as skill gap and recklessness.

 

 

 

 

 

 

 

 

 

References

Malezis, G. (2016). IT Security and Data Protection. Retrieved May 13, 2017

         from    https://www.tripwire.com/state-of-security/security-data-protection/

         understanding-  five-key-challenges-to-security-compliance-and-it-ops/

Riley, M. Elgin, B. Lawrence, D. and Matlack, C. (2014). Missed Alarms and 40 Million

         Stolen Credit Card Numbers: How Target Blew It. Retrieved May 13, 2017

         from https://www.bloomberg.com/news/articles/2014-03-13/target-missed-

         warnings-in-epic-hack-of-credit-card-data#p1

Quimby, T. (2015). FBI warns new chip cards insecure among growing fraud.

           Retrieved May 13, 2017 from http://www.washingtontimes.com/news/2015/nov/15/credit-card-chip- technology-not-more-secure-than-m/