Introduction
While technological advancement has facilitated access and utilization of many online resources for efficient transactions and improved human interactions, hacking activities have exponentially increased. Identity theft has been defined as the unauthorized or unlawful use of another person’s private data for one’s gain (Irshad & Soomro, 2018). Hacking, which entails manipulating computer systems and networks for illegal data access, has been the most common mode of identity theft. Based on the level of security and system efficiency, hackers have often managed to steal tons of valuable data from companies and large organizations, implying that none is immune to these attacks. Among the most common types of identity theft include financial, medical, child, and synthetic identity plunder. Financial data fraud has been the most prevalent, as hackers use it to conduct unauthorized business transactions, resulting in significant losses and blackmail. Target Corporation’s data theft shows that a lack of efficient security options and follow-up leads to considerable theft of personal information, costing individuals and organizations.
Review of the Subject
The subject of the case revolves around data security as a crucial step in preventing identity theft. With the increase in online transactions through e-commerce, data security has gained more interest among individuals and within the context of corporations (Kumar et al., 2018). One of the key points to understand in this case is that while companies require specific personal details for authentication, minimal information has been revealed regarding the processes through which such organizations secure clients’ data. In many cases, loopholes found within a network are used to siphon crucial details used to inflict considerable financial losses.
Data theft is executed by fraudsters for the sole purpose of acquiring crucial information about people and businesses that can allow them to transact illegally or pose as other personalities for personal gain. Although identity theft can take many forms, the most common mode revolves around financial details, including credit cards and social security numbers. In the internet age, an increase in the number of individuals accessing internet services contributes to significant growth in identity theft cases (Goel, 2019). Notably, if organizations delay responding to potential threats, considerable losses occur, as shown in the case of Target Corporation discussed below.
Discussion
Since a company’s network is the most targeted asset for data fraud, hackers at Target used malware to infiltrate the system. Xu et al. (2018) record that virus attacks are responsible for over nine trillion personal record breaches. Since malware can be safely hidden in a system for a long and be targeted to a specific point of interest, hackers at Target installed a virus into the company’s network, targeting clients’ credit card numbers. The fraudsters had created several points spread throughout the U.S. for data storage and then transferred the stolen information to their servers in Russia. These techniques kept them undiscovered, stealing over 40 million clients’ credit card numbers. This makes this incident among the biggest hacks in history.
Solutions
Authentication and authorization solutions are two forms of technology that huge shops may use to deter fraudsters from purchasing products. By requesting the verification codes found on the rear of credit cards and the login and transaction pins, users may confirm that they are not creating duplicate and false accounts in favor of others (Kumar et al., 2018). When completing physical transactions, requiring picture verification, signature, security queries, and biometrics can prevent fraudulent payments on an individual’s account. Suspicious in-store behavior has been associated with online theft, so keeping an eye on store camera systems and being observative of persons strolling and watching in the business could be an additional layer of protection. Data analytics that monitors how much each individual spends can also help spot any suspect activities (Kumar et al., 2018). For instance, if someone has not bought any goods or services on their account in a long time and only recently started buying hundreds of goods occasionally, it should raise suspicions.
Justifications
Information security is vital for companies as it applies to clients’ data, impacting the entire corporation. If customer information is stolen, it may be used to siphon considerable revenue from organizations. Studies have shown that hackers may acquire sensitive data and use it to blackmail individuals and entire corporations fraudulently (Arfaoui et al., 2019). Companies are responsible for ensuring that clients’ sensitive data, including credit card information, social security details, and emails, are kept away from fraudsters’ reach. Some of the available methods for additional security include establishing an internal IT section to monitor the levels of security on such details and updating the authorization and access modes as required (Arfaoui et al., 2019). In addition, companies can seek the services of external auditors to monitor their IT department, thereby improving their internal controls. While business entities enforce critical strategies for data security, individuals should apply a range of available methods for personal details protection.
Recommendations
Password management is among the best data protection methods, which can be applied at a personal level. Individuals should be careful to set strong passwords for their files, keeping safe storage that can only be accessible to authorized users. Two-factor authentication has also been cited as an additional measure safeguarding against hacking (Velásquez et al., 2018). Although online information has been more targeted than papers, it is important to shred any documents having personal data to prevent them from landing in the wrong hands.
As social media use increases, particularly among young people, limiting the amount of information released to the public is crucial. According to Aleroud and Zhou (2017), phishing attacks have become increasingly common, requiring people to avoid clicking on unverified links or logging into unsecure sites. In addition, identity theft can be prevented by routinely monitoring one’s personal accounts to identify and handle any discrepancies. These serve as red flags for which information security measures can be developed and implemented to avert a myriad of challenges arising from data theft.
Conclusion
The internet age has led to advancements in innovation and more efficient business interactions, along with increased awareness of data mining and application techniques. While people enjoy the benefits of faster transactions through online payment modes and company operations, hackers have formulated new strategies for legally obtaining crucial personal details. In the case of Target Corporation discussed herein, fraudsters created numerous access points to mask their activities, intending to send the gathered details to a server in Russia. Although Target had information on the planned attacks, its reluctance led to the loss of millions of customers’ credit card details. Such information is sensitive and can be costly to both individual customers and the company. From this case, it is evident that the company’s mainframe had some loopholes, which gave hackers an opportunity to penetrate it so quickly. In addition, the company had not implemented effective monitoring techniques that would routinely check for red flags and a backup plan in case of data theft.
Information security requires collaboration between clients and companies, with each party applying advanced protective measures to safeguard against the range of tricks employed by fraudsters. Notably, as technological innovation grows, new illegal data access techniques such as phishing have become increasingly common. At the individual level, one should avoid phishing by being keen on sites to verify their security levels before submitting personal information. In addition, email links should be verified before one click on them. Password management is a common mode that allows users to monitor their authentication passwords, ensuring that they are not easily accessible. Physical documents should be destroyed rather than disposed of them carelessly because they might land in the wrong hands.
References
Aleroud, A., & Zhou, L. (2017). Phishing environments, techniques, and countermeasures: A survey. Computers & Security, 68, 160-196.
Arfaoui, A., Cherkaoui, S., Kribeche, A., Senouci, S. M., & Hamdi, M. (2019, May). Context-aware adaptive authentication and authorization in internet of things. In ICC 2019-2019 IEEE International Conference on Communications (ICC) (pp. 1-6). IEEE.
Goel, R. K. (2019). Identity theft in the internet age: Evidence from the US states. Managerial and Decision Economics, 40(2), 169-175. Kumar, P. R., Raj, P. H., & Jelciana, P. (2018). Exploring data security issues and solutions in cloud computing. Procedia Computer Science, 125, 691-697.
Irshad, S., & Soomro, T. R. (2018). Identity theft and social media. International Journal of Computer Science and Network Security, 18(1), 43-55. Web.
Velásquez, I., Caro, A., & Rodríguez, A. (2018). Authentication schemes and methods: A systematic literature review. Information and Software Technology, 94, 30-37. Web.
Xu, M., Schweitzer, K. M., Bateman, R. M., & Xu, S. (2018). Modeling and predicting cyber hacking breaches. IEEE Transactions on Information Forensics and Security, 13(11), 2856-2871.