Nature of the incident
A hacker managed to enter into the company’s computer systems. That is, hacking the electronic cash dispensation mechanisms and interfering with millions of clients’ information.
Perpetrators
The perpetrators of the cyberattack include Sonya Martin who was the alleged leader of the hackers. Nine others said to have been in the hackling cell included Sergei Tsurikov, Oleg Covelin, Evelin Tsoi, Viktor Pleshchuk, Igor Grudijev, Ronald Tsoi, Mihhail Jevgenov, and one identified only as “Hacker 3” (Kitten 1)
Method of exploitation
The method was complicated and well-ordered. The hackers decrypted client information gained from the company’s network. Debit cards were later generated with the customers’ details. The hackers used the cards to withdraw money from ATMs in different global locations.
Purpose of the attack
The attackers of WorldPay intended to steal personal information stored in the company’s database. Identifiable information would be used to defraud the company’s customers. The information would be used to steal money from corporate, financial institutions, medical institutions, and government entities.
Kind of information security breach achieved
All of the attacks were financial-driven. The skimmers would use the information gained at the gas pump station, point of sale devices, and ATMs. Customer information was gained by unlawful individuals and eventually defrauded. Company customers lost millions of cash.
The damage was done and the estimated cost
The attacks had a severe financial impact on the global company. A huge amount of money was lost. The company had to refund the clients. Further, the company lost the confidence of the public.
Countermeasures or damage repair
The company hired security system experts to upgrade the system. The company notified individuals who may have been affected and gave them the course of actions to take. The company changed all the PINs of all the cards. To repair the business damage, customers would not be responsible for charges that occurred.
Mechanisms and Strategies to address the Vulnerabilities
The internet is increasingly being used by individuals, financial institutions, and corporations. At the same time, hackers are taking advantage of the user increase. There are multiple protection and countermeasures to deal with internet-based attacks. First, assessing the intensity of the risk to the organizational asset is essential. The move facilitates the determination of proper countermeasures for diminishing the risk, choosing how to protect computing assets and essential assets such as emails. Second, measures such as the installation of firewalls and intrusion detection systems can be done. They help to monitor the network for malicious behaviors. Third, it is essential to backup all information. This should be done periodically and systematically. Additionally, it is important to have a clear security policy to reduce risk. This may include prohibiting employees from opening personal e-mail attachments from the company computer workstations. The network manager at this stage will be making risk management analysis that protects the organizational computer hardware and software. However, the data asset should be backed up immediately after the creation of the security perimeter.
According to the breach, organizations must consider using IPv6. The technology presents organizations with enhancements to avert IP spoofing including authenticated headers in every packet. The network manager should install patches and updates whenever obtainable to avert defense attack damage. Additionally, using IPv6 allows the installation of Intrusion Detection Software (IDS). IDS may include MacAfee Intercept or Source Fire Snort. In addition to this tool, the system manager should ensure that all employees are advised to disable unnecessary web services. The move helps diminish the number of attack targets. Essentially, the system manager should remove files from fundamental directories. Based on the breaches, it is important to do this given that virtual directories can be used as a location for the placement of malicious codes.
The employees should be advised to utilize Secure Sockets Layer (SSL). The move will help to encrypt any communication. Furthermore, it facilitates the disabling of HTTP traces to mitigate the investigation of HTTP by attackers searching for prospective targets. When attackers get the authority to investigate the HTTP request paths, such information may be used to take sensitive data. Finally, system managers must consider the installation of Microsoft Security Baseline Analyzer. The tool radically scans computers for protection vulnerabilities. Besides, it provides a wide range of information that entails missing updates, configuration errors, and account system.
How the RBS attack related in general to CIA triad
The Criminal Investigation Agency (CIA) triad data information security model discovers the classification and integrity as the foundation as well as the reliability of information protection. The CIA hence is a central player in handling information. The triad has an essential role to play in securing information. In this context, the classification of information means that data must be guarded against unpermitted users. The classification includes defense against the transmission of sensitive data via the internet. The CIA can ensure that such data is not transferred to the intended user via interception. On integrity, the CIA has a role to ensure that protected information is not intercepted when on transit. CIA has cryptography capabilities that inherently prevent swindling during internet payment. The mechanism increases the protection of the bank clients to certify that the client is the only original individual with authentication for the internet transaction.
Suggested new security implementations, rules, and regulations
According to Cate, it was suggested that institutions embrace the “freeze” laws (p.7). These are laws that allow individuals to confine admittance to their credit reports. The strategy will diminish the ability of possessors of the breached personal data to exploit it for committing fraud.
ChoicePoint Data Breach
Nature of the incident
Consumers had their personal and financial information accessed. These involved more than 163,000 clients in the company’s database. According to the Federal Trade Commission (FTC), ChoicePoint possessed no rational processes for screening subscribers. Primarily, ChoicePoint collects personal data of consumers including dates of birth, Social Security numbers, names, work information, birth dates, and credit profiles. Then it sells the information to more than fifty thousand businesses. The company upon collecting information gave the consumers sensitive personal data to subscribers. The company did not scrutinize subscribers whose request for the data raised clear red flags. (Farrell 1). The information acted as a lead to the company database.
Perpetrators
The company was the first perpetrator. For instance, it availed the consumer personal information to subscribers without authenticating the credibility of the subscribers. These imposters posed as business executives to purchase information from the company. A little hint in the obtained information would be used to hack the company servers from remote locations.
Method of exploitation
According to FTC, the company approved individuals who posed as subscribers and lied about their credentials. The imposters used saleable mail as business addresses. ChoicePoint did not make due diligence to establish the authenticity of the business addresses. Additionally, the company’s applicants for subscription allegedly used faxes located in public establishments to send numerous requests for supposedly separate organizations (Farrell 1). They then used limited clues such as names to hack into the company’s database and get consumer information.
Purpose of the attack
The subscribers used names to enter into the ChoicePoint database. They would then obtain information regarding consumers to establish their financial endowment. They would impersonate such individuals to enter into rewarding transactions through identity theft.
Kind of information security breach achieved
Despite the reception of subpoenas from the law enforcement agencies raising alarm about the potential sham activity in 2001, ChoicePoint did not intensify the request approval processes or screen subscribers. The company hence breached the Fair Credit Reporting Act (FCRA) by supplying consumer information and credit histories to applicants who lacked permissible purpose to obtain the records. The failure to preserve rational processes for the verification of the applicants’ identities and how they intended to use the information was an information security breach on the part of the company.
The damage was done and the estimated cost
The personal and financial information of more than 163,000 consumers were compromised. The data management and its protection procedures by the company violated the clients’ right to privacy and national laws. Upon lawsuit by consumers, the judge ordered the company to settle $10 billion in civil penalties and $5 billion in consumer redress. The financial damage suffered by consumers has not been properly documented. However, it is projected to be in millions through unlawful withdrawals.
Damage repair
The company was ordered to settle civil penalties and consumer redress charges. However, this did not clear the company’s image from the public face. The company had to send letters to individual consumers whose data they had sold to illegal subscribers. The company further published in the dailies a formal apology to all those affected.
Suggested new Security Implementations, rules, and regulations
The Federal Trade Commission urged the court to ensure that ChoicePoint was ordered to apply the new processes. The suggested policies required the company to supply consumer records to lawful businesses for lawful objectives only. The company would also set up and retain a comprehensive data protection program. Upon settlement of the identity theft breach, the company was required to acquire assessment by an autonomous third-party information protection expert annually until 2026 (Farrell 1).
Cost of Cybercrime in the United States
Data breaches are alarmingly widespread incidents as many organizations continue to increase businesses electronically. Information handled by the organization is increasingly becoming a key concern for executives. In any case, all a hacker requires is an Internet connection, an agreeable collaborator within the organization, and an indolent system manager or a slapdash employee with a computer to get the right of entry to data gigabytes.
Regardless of what one calls such occurrences, information security breaches, data breaches, or cybercrime, the result is similar. An unauthorized person illegally accesses the names and personal information of all those in the database. The risk that the individuals will become prey to identity theft is substantially increased. Other security breaches may include the stealing of intellectual property, confiscation of online bank accounts, denial of service, virus distribution, site defacement, and sabotage of critical national infrastructure. Information security breaches have a far-reaching impact on breached organizations, related companies, employees, and clients. The United States has not been spared from the menace.
Contemporary, cyber-attacks are common occurrences. Cybercrimes are costly for organizations and individuals affected. The most costly cybercrimes are those arising from service denial, web-based attacks, and malicious insiders. A study conducted by the Ponemon Institute indicated that the standard annual cost of cybercrime is $8.9 million. Out of the 56 companies where the institute conducted the survey, the cost was $1.4 and $46 million for the least and the most cyber cost respectively. Compared to other countries, companies in the United States are more likely to be attacked and experience the most costly types of attacks. The US companies experience the stealing of information assets more than any other country.
Researchers have observed that all industries in the US experience cyberattack though in varying degrees. The costs of such attacks also vary depending on the industry. The energy, defense, and financial industries are attacked more often and experience higher costs compared to the hospitality and retail companies.
Migration to cyber-attacks demands technologies that enable effective protection such as invasion deterrence systems, SIEM, and application protection testing is apparent. Others include business management, cyber risk-management systems, and security compliance solutions. Cyber attacks on any organization are costly if they are not swiftly handled. There is a positive link between the duration taken to control an attack and the overall corporate cost. The study conducted by Ponemon Institute (2012) indicated that the typical time to solve a cyber attack was twenty-four days. The typical expenditure to the attacked was computed to be $591,780 for the twenty-four days. For hateful insider attacks, it may take between 50 and 60 days to resolve.
Conversely, for companies in the US particularly those that have immense personal information, data theft persists to represent the uppermost outside cost, which is consequently followed by the expenditure related to the distraction of business due to such attacks. On an annual basis, data-stealing represents 40 percent of the total outside expenditure. The expenditure related to business distraction and enterprises or the lost essential productivity represents 30 percent of outside expenditure.
When the attack entails malicious inside attacks, the cost is even advanced since it would involve the loss of devices such as computers, memory sticks, external hard disk drives, and flash disks. In this context, outside expenditure is that created by outside factors including litigation, fines, and the selling of intellectual properties. Detecting attacks, recovering information, and resolving to seal all the loopholes are the most expensive inside expenditure. On an annual basis, these activities represent more than 47 percent of the total inside activity expenditure. Inherently, cash payout and labor account for the bulk of the expenditure.
Cybercrime Interception
Since cybercrime is expensive for companies, companies must take measures that will help mitigate the costs associated with attacks. This involves investing sufficiently in these structures. Deploying safety intelligence systems (SIEM) presents a significant difference. The expenditure on cybercrime is regulated downwards with these systems. Companies that adopt constant use of these technologies are proficient in discovering and controlling cyber attacks. Research indicates that such companies were able to save an average of $1.6 million when contrasted with organizations that did not deploy security intelligence technologies (Ponemon 4).
Research also indicates that it is important for an organization to embrace a strong security approach to mitigate the costs associated with cybercrime. Such an approach would involve metrics such as the popular Security Effectiveness Score (SES). The SES is a metric used in defining the ability of a company to attain rational security objectives. When the SES is high, the efficacy of the organization in attaining its information security is also high. The typical cost for the mitigation of cybercrimes for companies with a high SES is significantly lower compared with companies with a lower SES score.
Works Cited
Cate, Fred. “Information Security Breaches.” The Centre for Information Policy Leadership, 2.3(2008): 1-29. Print.
Farrell, Claudia 2013. ChoicePoint Settles Data Security Breach Charges: To Pay $10 Million in Civil Penalties, $5 Million for Consumer Redress. Web.
Kitten, Tracy 2012. “RBS WorldPay Sentence Too Light?” Bank Info Security. Web.
Ponemon Institute 2012. The 2012 Cost of Cyber Crime Study: United States. Web.