Verified Document

Securing Organizational Data From Cyber Attack Essay

Diagnosing Cyber Vulnerabilities of Systems that Support an Organization's Supply Chain

Introduction

Cybersecurity has become a critical concern for organizations of all sizes and industries. With the increasing dependence on technology, cyber threats are becoming more sophisticated and frequent, posing a significant risk to organizations and their customers. In recent years, numerous high-profile cyber breaches have occurred, affecting major corporations and compromising sensitive information. One such example is the Equifax breach that occurred in 2017, which exposed the personal information of nearly 150 million consumers (Wang & Johnson, 2018). This paper will discuss the Equifax cyber breach, the importance of cyber defenses, and applicable government requirements.

Background on Equifax

Equifax is one of the largest credit reporting agencies in the world, collecting and storing sensitive information, including social security numbers, birth dates, addresses, and credit card numbers. On September 7, 2017, Equifax announced that it had suffered a massive data breach, affecting nearly 150 million people. The breach was the result of a vulnerability in Equifax's website software, which the company failed to patch in a timely manner.

The vulnerability in Equifax's software that allowed for the data breach was a known weakness in the Apache Struts web application framework. Apache Struts is an open-source framework that is widely used to build web applications. In this case, the vulnerability was a result of a flaw in the way that Apache Struts processed user-supplied data. Attackers were able to exploit this vulnerability by sending specially crafted requests to Equifax's web application, which allowed them to execute arbitrary code on the server. This vulnerability had been discovered and patched several months before the breach occurred, but Equifax had failed to apply the patch as soon as possible. As a result, the attackers were able to gain unauthorized access to Equifax's systems and steal sensitive personal and financial information.

As a result, cybercriminals were able to access Equifax's systems and steal sensitive information. The sensitive information that was compromised included names, addresses, birth dates, Social Security numbers, and driver's license numbers. In addition, approximately 209,000 individuals had their credit card numbers stolen, and approximately 182,000 had personal dispute documents accessed (Dongre et al., 2019; Wang & Johnson, 2018).

The Equifax data breach had significant consequences for both the individuals whose information was compromised and for the company itself. For the individuals affected, the breach resulted in the theft of sensitive personal information that could be used for identity theft or other fraudulent activities (Dongre et al., 2019). For Equifax, the breach led to numerous lawsuits, investigations, and a significant loss of trust among its customers. In response to the breach, Equifax took several (late) steps to address the issue and prevent similar breaches from happening in the future. These steps included improving its data security systems, and increasing transparency and communication with the public. However, the company faced criticism for its initial response to the breach, which was seen as slow and...

…to protect sensitive information. In the United States, for example, the Federal Trade Commission (FTC) enforces privacy and data security laws, while the Securities and Exchange Commission (SEC) has issued guidance on cybersecurity disclosure. Other countries have similar regulations and standards, including the General Data Protection Regulation (GDPR) in the European Union and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.

One requirement in the US that applies directly to the Equifax breach is the Gramm-Leach-Bliley Act (GLBA). This federal law requires financial institutions to protect the confidentiality and security of their customers' personal and financial information. The GLBA applies to Equifax as a credit reporting agency, and the company can be seen as having violated its provisions by failing to adequately protect consumers' personal information (Gaglione, 2019).

Overall, organizations should be familiar with the laws and regulations that apply to their industry and should take steps to ensure that they are in compliance with all applicable requirements. This includes having appropriate data security measures in place and having a plan in place for responding to a breach.

Conclusion

In conclusion, the Equifax breach serves as a reminder of the importance of cyber defenses for organizations. With the increasing frequency and sophistication of cyber threats, it is essential for organizations to implement robust cybersecurity measures to protect their systems and data. This includes following government regulations and standards, as well as regularly reviewing and updating their cybersecurity policies and procedures. By taking these steps, organizations can…

Sources used in this document:

References


Dongre, S., Mishra, S., Romanowski, C., & Buddhadev, M. (2019). Quantifying the costs of data breaches. In Critical Infrastructure Protection XIII: 13th IFIP WG 11.10 International Conference, ICCIP 2019, Arlington, VA, USA, March 11–12, 2019, Revised Selected Papers 13 (pp. 3-16). Springer International Publishing.


Gaglione Jr, G. S. (2019). The equifax data breach: an opportunity to improve consumer protection and cybersecurity efforts in America. Buff. L. Rev., 67, 1133.


Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: a case study of the Equifax data breach. Issues in Information Systems, 19(3).

Cite this Document:
Copy Bibliography Citation

Related Documents

Cyber Attack on White House
Words: 1146 Length: 4 Document Type: Chapter

White House Information Security Breach Russian hackers blamed for cyber attack that exposed President's private schedule - as White House insists computer system is secure-by Daily Mail The article is a of the six months investigations that were commenced on the cause and source of the cyber attack and information security breach that took place in October 2014 within the State Department and exposed some of the restricted information within the White

Effects of Cyberattacks on International Peace
Words: 1233 Length: 4 Document Type: Research Paper

Cyberattacks to Achieve International Threats Cyberattacks have become a global phenomenon leading to international conflicts among individuals, organizations and in conjunction to military operations. Target of cyberattacks include banking services, critical organizational infrastructures, government networks, and media outlets. Implication of such attacks may be an attempt to achieve both financial and political objectives. Typically, some attackers have defaced websites of different organizations, damage corporate infrastructures, and shut down network systems.

Computers and Security Cyberattacks on
Words: 705 Length: 2 Document Type: Essay

All of those sites were U.S. government sites. The July 6 update increased the number to 21 U.S. sites. On July 7, the South Korean sites were added and on July 8, the total number of sites reached 26 ("No Sign of N. Korea Backing," 2009) The U.S. Websites were back up and running within a day of the attack. The South Korean sites took more time to recover ("Cyberattacks

Cyber Security Most Important Cyber
Words: 2328 Length: 8 Document Type: Research Paper

The operating system faced these issues due to the lackluster approach from Apple to patch their software in time. As a result, it led to risking the data of personal users. It shows that irregularities in the patching of computers affected users adversely without any fault of their own (Daily Tech, 2012). In addition to that, the operating system of Apple is now considered as one of the most favored

Cyber Security Cloud Computing
Words: 1389 Length: 4 Document Type: Term Paper

Cyber Security/Cloud Computing Consider a recent cyber security breach (specific event) and address the following questions: Describe the circumstances involved Monster Com: Confidential information of 1.3 million job seekers was stolen and used in a phishing fraud Monster.Com, a United States online recruitment site reported in 2008 that hackers broke into the site using password-protected resume library. They used credentials that Monster Worldwide Inc. claims were stolen from some of its clients. Reuters reported

Cybersecurity As an Organizational Strategy an Ethical and Legal...
Words: 3101 Length: 10 Document Type: Research Paper

Cybersecurity as an Organizational Strategy: An Ethical and Legal Perspective Cybersecurity as Organizational Strategy Across the board -- in business, society, and government -- the promise of cyber capabilities are matched by potential peril. The cyber environment is never static, but it is perhaps most agile in response to the continual stream of emerging cyber threats and realized cyber attacks ("PCAST," 2007). Cybersecurity must be agile. The challenges that must be met

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now