Monday, December 9, 2019

Data Mining and Information Privacy †Free Samples to Students

Question: Discussn about the Data Mining and Information Privacy. Answer: Introduction On July 2017 a California Real Estate Business Service (REBS) was at the center of data breach where it lost very sensitive information from its customers. REBS has online payment system helps the organization in selling its real estate products such as software, forms, blank home sales contracts and classes. The payment system was infected with malware which was believed to be active in the system up May 15 2017 when it was recognized by one of the customer and reported the instance (Robbins, 2017). Malware target was to extract some information when user of the system made their payment. Customers personal information was being copied by the malware to a third party who could then use information for personal gain. Some of the information that was lost by the company include; credit card numbers and credit card expiry date, user names, home addresses and transaction verification code. The hacker gained access to California Association of Realtors (CAR) by affiliating themselves to Association of Realtors (AOR) website. In the data breach, it was estimated that over 1,000 members users information had been fraudulently accessed. Despite having installed the malware and virus protection software, hackers were still able to get access to the system and copy some sensitive information. Similarly, an extensive analysis of the problem shows how the system was poorly protected. If the company had invested heavily on security of its system, it would be difficult for the hackers to bypass security features that were in place. Due to lack of strong security features, customers credit card numbers and their security codes were stolen. Stolen information was used by hackers to bill fraudulent charges to customers once they used their cards on the REBS website for payments. Therefore, the main issues in this case are security of the system and losses that REBS might have suffered as a result of security breach (Olenick et al, 2017). As a result of the security lapse, it is now evident how organization has made its customers suffer financial losses which should have been prevented. If REBS case is not well handled, such scenario might end up repeating itself hence compromising integrity of the organization. The problem which faced REBS can mainly be attributed to technologic al hitches that were either poor or not properly implemented to secure organizational information. Since its very clear system security has been a major problem, organization did not put security alerts on the system to make sure in case of any problem, either the customer or the company gets a notification. Nature of occurrence The REBS data breach occurred through a hacker installing a malware on the payment system which helped in collecting personal information which was later used to defraud customers. By installing some malware on the payment system, hackers were able to collect information and send it to a third party. Through Association of Realtors (AOR) website, hacker managed to infiltrate and get access to REBS system. Once required information was collected, it become possible for hackers to start charging customers unrealistic arrears from their credit cards once they made payment through REBS payment system. The main reason of the attack was to get information which could later help in siphoning some cash from innocent customers without their knowledge (Spacek, 2017). The other main reason for the attacker might be to compromise integrity of the company where another company would benefit by attracting customers from the latter. By damaging image of a competitor, the beneficiary gains a lot bec ause some of the customers form the competitor might end up acquiring services from the other company. Therefore, the usefulness of the data has gained substantial importance and such data might be used to gain competitive market advantage as well as monetary value to hackers who billed unnecessary charges to customers. To solve data breaches faced by REBS Company, it would have been important to employ security measures which would guarantee organizational security to its operational data and customers. Some of the possible solutions includes; putting down all operations on the system and an investigation being carried out to determine the extent of damage that might have been caused by hackers (Fowler, 2016). This helps in ensuring there are no other malicious operations that could continue within the system. Evaluation is essential to determine how the access was made and the motive behind the attacker so that necessary security features can be taken to protect the organizational data. Next, according to Gupta, Walp, Sharman (2012), all users of the system need to be notified so that they are able to monitors their credit cards activities. This would help customers to avoid extra charges that might be imposed by hackers without their knowledge. To enhance security customers, their credit cards s hould be able to generate an alert message on any activities done (Dawson, Eltayeb Omar, 2016). Organization has to take responsibility of advising its customers so that they can be able to monitor any suspicious transactions. Additionally, Shabtai, Elovici Rokach (2012) argues that, before system transaction can be taken put again for use, very strong security features need to be put in place. Shinder, Diogenes Shinder (2013) stipulates that, encryption of data is important because it makes data useless unless hacker has encryption key. This would make sure once data is keyed into the system, no one can make use of it without required authorization. Finally, REBS made a good decision of changing their payment method. It shifted all payments from the compromised online system to PayPal method where security is guaranteed by Federal government. Ransomware cyber-attack on the web Ransomware cyber-attack was a web-based attack that targeted devices such as computers, tablets and smartphones. An infected machine could lock itself and request for Ransomware unlock key. This is a big threat because none of these machine owners could get unlock key. The malware was being spread from one computer and tablets through websites. When a user clicked on an infected website while browsing, the malware could enter the machine and locks it without users knowledge. According to Wong Solon (2017), every website that had been hacked using Ransomware was itself a victim and could infect other websites and machines that connect to any of the infected websites. It was so hectic such that, with every 40 seconds, a company was being infected with Ransomware. The malware was believed to have originated from cyber weapons attack theft and was highly linked to United States government. Due to its massive nature of attacker, it has been believed to be an awakening call to cyber-secur ity experts and organizations. The effects of Ransomware was quite diverse as it included both individuals and institutions. The malware was not made for specific group or any target, it was a general malware which could affect as many groups as possible. Organizations using computers to connect online was highly affected because Ransomware was being spread online through websites or any sharable link. By comparing the nature of the attacker, it can be deduced that organizations and that mostly depends on legacy systems were more vulnerable to the attacker. A good example of an organization that was hit by Ransomware was England National Health Service (NHS) where hospital staff were locked out of their computers (Ransomware cyber-attack strikes world's biggest firms, 2017).This was very devastating as it forced some of the hospitals to divert its patients to other unaffected hospitals. Emphasis cannot be subjected to large organizations only because Ransomware had capability of locking even small gadgets such as smartphones and tablets leaving their owners unable to access them. The malware infects the subject machine, encrypts users data and demands for some payments in order to unlock the data. Methodologies of the attacker The REBS attacker was made so easy but complex to avoid because targeted it was spreading through websites which are commonly used by internet users. It was very unfortunate for organizations that uses online systems because they had to connect online for transactions to be done. Once online, employees of the organization must visit other sites such as social network using same machines. In such a scenario, it would be very difficult to avoid Ransomware attacker. According to Turner, Kotoky Wienberg (2017), by just clicking any link that leads to an infected website, the subject machine would still get infected. Next, the Ransomware attacker was happening through emails, an email could be sent to a target individual, once the user clicks on the email, it could open resulting to locking of the computer. Taking an account of how the attacker was being spread, it was very easy to become a victim and that was the main reason it was being estimated that, after every 40seconds, an organiz ation was getting infected with the malware. Once the attacker occurred, the device could be unlocked by making some payment to the hackers in order to unlock the infected computer or tablet. Possible solution to prevent the attacker Being very simple but sophisticated attacker, it was difficult to prevent it but once information about the malware hit the sky, it was possible for an infected organizations to avoid. After detecting it was being spread through visiting websites and emails, organization should have taken measures of educating their employees on how to avert the attacker (Gupta, Agrawal Yamaguchi, 2016). Through education, organizational employees who are daily users of organizational computers would avoid online activities as much as possible. After making them aware of the malware availability, organizational IT expert groups should have gone ahead to unlock all computers in order to prevent them from connecting online (Thomas, 2014). Additionally, organization should remind employees of any suspicious emails, if they have suspicion of any email in their working emails, they should immediately alert IT professionals to have a check on them and take necessary actions. This could be done by configur ing organizational firewall such that it does not allow any online activity from within the organization (Mellado, 2013). Similarly, since employees have their own devices such as smartphones and tablets and they are in their control, organization should prohibit connection of their personal devices with organizational computers. This would solve a problem where they visit some websites such as social network sites then try to connect their devices with organizational computers. Finally, to organizations that work online, it would be wise to start putting down their online transaction to avoid malware attacker (Moore, 2017). It would not be of any value to continue with operations that would later be very devastating. Imagining an organization is a hospital system such as England case, waiting until an attacker happens may be very dangerous because it may result to patient harm or even death. According to Eyob (2009), looking for an alternative in advance once news about the malware come up might be the best option rather than waiting for disaster by use of ostrich method approach. Therefore, taking all of these measures would have averted the malware attacker. Hence saving organizational money and disruption that might occur. References Dawson, M., Eltayeb, M., Omar, M. (2016). Security Solutions for Hyperconnectivity and the Internet of Things. Hershey: IGI Global. Doug Olenick, O., Abel, R., Olenick, D., Masters, G., Olenick, D. (2017). Data Breach hits California Association of Realtors. SC Media US. Retrieved 27 August 2017, from https://www.scmagazine.com/data-breach-hits-california-association-of- realtors/article/673795/ Eyob, E. (2009). Social implications of data mining and information privacy: Interdisciplinary frameworks and solutions. Hershey: Information Science Reference. Fowler, K. (2016). Data breach preparation and response: Breaches are certain, impact is not. Gupta, B., Agrawal, D. P., Yamaguchi, S. (2016). Handbook of research on modern cryptographic solutions for computer and cyber security. Hershey: Information Science Gupta, M., Walp, J., Sharman, R. (2012). Strategic and practical approaches for information security governance: Technologies and applied solutions. Hershey, PA: Information Science . Mellado, D. (2013). IT security governance innovations: Theory and research. Hershey, PA: Information Science Reference. Moore, M. (2017). Cyber security breaches and issues surrounding online threat protection. Ransomware cyber-attack strikes world's biggest firms. (2017). ITV News. Retrieved 27 August 2017, from https://www.itv.com/news/2017-06-27/ransomware-cyber-attack-strikes- worlds- biggest-firms/ Robbins, G. (2017). California Association of Realtors subsidiary suffers major data breach. sandiegouniontribune.com. Retrieved 27 August 2017, from https://www.sandiegouniontribune.com/news/cyber-life/sd-me-rebs-breach-20170709-story.html Shabtai, A., Elovici, Y., Rokach, L. (2012). A survey of data leakage detection and prevention solutions. New York: Springer. Shinder, T. W., Diogenes, Y., Shinder, D. L. (2013). Windows server 2012 security from end to edge and beyond: Architecting, designing, planning, and deploying Windows server 2012 security solutions. Amsterdam: Elsevier. Spacek, R. (2017). Data breach hits California Assn. of Realtors subsidiary. latimes.com. Retrieved 27 August 2017, from https://www.latimes.com/business/la-fi-reb-data-breach- 20170710-story.html Thomas, L. M. (2014). Thomas on data breach: A practical guide to handling data breach notifications worldwide. Eagan, MN: Thomson Reuters/Westlaw. Turner, M., Kotoky, M., Wienberg, M. (2017). Ransomware Cyber-attack Goes Global.Bloomberg.com. Retrieved 28 August 2017, from https://www.bloomberg.com/news/articles/2017-06-28/cyberattack-reaches-asia-as-new- targets-hit-by-ransomware-demand Wong, J., Solon, O. (2017). Massive ransomware cyber-attack hits nearly 100 countries around the world. the Guardian. Retrieved 27 August 2017, fromhttps://www.theguardian.com/technology/2017/may/12/global-cyber-attack-ransomware- nsa-uk-nhs

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.