More Subjects
Title page
Cybercrime
Summary
Hackers stole the data of 106 million people from Capital One, a financial services firm. Targeted customers were Americans and Canadians the incident was reported on 30th July, 2019 while the alleged attacker was Paige Thompson who was arrested for conducted an online breach CITATION BBC192 \l 1033 (BBC, 2019). The company revealed that the names, addresses and phone numbers were acquired of 106 million customers. The attacked also managed to get the information of credit cards of hundreds of clients. The details shared by Capital One further reveals that social security numbers of 140,000 people were stolen 80,000 of which were linked to bank accounts. This also included stolen information of insurance numbers of one million of the people who were interconnected to Capital One. The hacker had managed to obtain the credit scores, balances and payment histories of the clients. The company mentioned to conduct future examinations for the determination of breach and its nature. Since this incident Capital One has decided to enhance it breach policy further by strengthening its security infrastructure. The company shared concerns about losing its credibility and need for improving its security policy. The US Justice Department arrested the alleged hacker Paige Thompson, a 33 years old guy for committing computer fraud and abuse. The case was presented in the Federal Court in Seattle. The court documented the online breach while Thompson is more likely to face five years imprisonment and penalty of $25,000.
The present case is represents the practical application of cybercrime in the form of online security breach. Financial companies bear the responsibility of offering adequate security and protection to its customers. However breaches like the one experienced by Capital One negatively impacts the relationship of the company with the clients. The failure of company to protect customer data was the violation of Federal rule and Safeguards rule. Due to this failure company will have to incorporate many changes for improving security system and one was the designing of new legislations and regulations. The case also highlights the inadequate cyber security strategy adopted by Capital One which poses future threats. The company is currently lacking appropriate cyber security framework which indicates the need for integrating a strong mechanism for eliminating all possible threats of cyber crime. The forensic analysis of the Justice Department of the case also stresses on the need of reviewing different information processes for ensuring compliance with the security standards. The incident also poses future risks of data breach that can deteriorate the reputation and business of the firm.
Analysis
In cyber security defence system the need for exchanging data for supporting the management of vulnerabilities, incidents and threats of cybercrime activities are crucial. The exchange is essential for the attainment of a common goal for the exploitation of collaborative opportunities. It is vital to determine the speed at which the cyber attacks unfold that is used for exhibiting a need for supporting timely decision-making and automating response to the possible greatest extent. Only the structured and quality assured data for automated response helps in achieving the goals. The problem is identified as the exchange of information over systems favoring general availability and re-use over integrity affecting quality assurance and traceability leading to loss of metadata. The failure of Capital One to integrate adequate cyber security measures have been the central cause of this incident. The technical factors include loss of confidentiality, loss of accountability, integrity and availability. Cyber security policy suggests undertaking the requirements of law for documenting activities of the cyber and information security systems.
The organizations dealing with important and confidential information need to adopt certain security measures that are for minimizing the threats associated with the information systems. The strategy on cybercrime involves strengthening the regulatory framework of banks and financial institutions. A universal method of regulation for transferring cross-border data minimizes risks of cybercrime. Making cyber security a personal issue enhances the security framework. Training and education, awareness programs related to cyber security issues minimize risks of cyber attacks. The elimination of digital gender gap and capacity building also improves the security.
The case of Capital One highlights the cyber security issues. To assure the quality of the shared data the tracking evolution remains one of the fundamental problems in information technology. Enabling more efficient system allows, having successful cyber defence security system and the management process is capable of protecting the organization and its ability to secure IT assets. Primarily the risk IT management is treated as a necessary component of the management function. To fulfil the IT requirements the company has adopted the OWASP rating method CITATION Gar02 \l 1033 (Stoneburner, Goguen, & Feringa, 2002). It also suggests need for designing process for setting up boundaries, mapping defence goals and valuing them. The cyber security measures depicts provision of the latest view on the current level of protection and the threats faced by the company. Emphasis should be on secure development, awareness level, monitoring capabilities and procedures.
The solutions that Capital One has already adopted include automation, detection, mitigation and correlation of network threat alerts within the cyber intelligence reports and databases available on cloud repositories. The cyber security strategy suggests the need for integrating Intrusion Detection System which will offer enhanced protection. This technology involve setting of a detection system from a network to specific host. It is installed in a VPN device for examining traffic after its decryption. It is host-based and monitors suspicious activities of a single host. Capital One has failed to establish sensors used for the collection of data, analyzers for determination of intrusion and user interface for controlling system behavior. Cyber forensic assumes that the behavior of the intruder is different from the legitimate users. Anomaly detection relies on a collection of data related to the legitimate users for a specific timeframe. The assessment of the behaviors assists in identifying if the behavior is legitimate or not. The approaches used for detection are statistical, knowledge-based and machine learning. Host-based IDS are capable of adding a secure layer of software to the sensitive or the vulnerable systems. The detection of the suspicious behavior depends on the signature or heuristic approach. The security and privacy feature prevents the issues of theft and operational flaws. Another significant advantage of Linux is that it is adaptable to different systems that means the user is not limited CITATION Jen17 \l 1033 (Marsh, 2017). The wide options that Linux offers make the advantages more visible for the audience. Linux offers to enhance security that makes hacking difficult and offers a more efficient system compared to Windows. Linux supports different programme languages. It also allows a range of applications that add more convince the users.
The overall analysis of the case in relevance to the cyber security measures indicates that Capital One needs to upgrade its cyber security framework by developing controls and implementation of access control policy that will improve company’s potentially of mitigating the risks of online thefts in future. Weak cyber security controls emphasizes the need for enhancing the security framework which will lead to prevention of cyber attacks.
References
BIBLIOGRAPHY BBC. (2019). Capital One data breach: Arrest after details of 106m people stolen . Retrieved 10 06, 2019, from https://www.bbc.com/news/world-us-canada-49159859
Friedman, A., & Singer, P. W. (2013). Cybersecurity and Cyberwar: What Everyone Needs to Know.
Heller, M. (2015 йил 05-January). Employee Stole Data of 350,000 Clients: Morgan Stanley. Retrieved 2016 йил 13-July from http://ww2.cfo.com/technology/2015/01/employee-stole-data-350000-clients-morgan-stanley/
Marsh, J. (2017). Linux: Advantages and Disadvantages of Open-Source Technology. Retrieved 2017 йил 08-oct from https://www.storagecraft.com/blog/linux-advantages-disadvantages-open-source-technology/
Moore, T., & Pym, D. (2016). Editorial. Journal of Cybersecurity, Volume 2, Issue 2 , 119-120.
MSN. (2016 йил 06-June). Morgan Stanley Fined $1M by SEC Over Client Data Breach. Retrieved 2016 йил 13-July from http://www.msn.com/en-us/money/topstories/morgan-stanley-fined-dollar1m-by-sec-over-client-data-breach/ar-AAgRzGC
Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk Management Guide for Information Technology Systems. National Institution of Standards and Technology.
More Subjects
Join our mailing list
© All Rights Reserved 2024