Unformatted text preview: ity issues; and
help yo u co nsider whether a f irm has techno lo gies, training, po licies, and pro cedures in place to
assess risks, lessen the likeliho o d o f damage, and respo nd in the event o f a breach. A co nstant
vigilance regarding security needs to be part o f yo ur individual skill set and a key co mpo nent in
yo ur o rganizatio n’s culture. An awareness o f the threats and appro aches discussed in this chapter
sho uld help reduce yo ur chance o f beco ming a victim. As we examine security issues, we’ll f irst need to understand what’s happening, who ’s do ing it, and
what their mo tivatio n is. We’ll then examine ho w these breaches are happening with a f o cus o n
techno lo gies and pro cedures. Finally, we’ll sum up with what can be do ne to minimize the risks o f
being victimized and quell po tential damage o f a breach f o r bo th the individual and the
o rganizatio n. K E Y TAK E AWAYS
I nformation security is everyone’s business and needs to be made a top organiz ational priority.
Firms suffering a security breach can experience direct financial loss, exposed proprietary
information, fines, legal payouts, court costs, damaged reputations, plummeting stock prices,
I nformation security isn’t just a technology problem; a host of personnel and procedural factors
can create and amplify a firm’s vulnerability. QU E S TI ONS AND E XE RC I S E S
1. The 2011 data theft at database firm Epsilon impacted a number of the firm’s clients, including
Best Buy, Capital One, Citi, the Home Shopping Network, JP Morgan Chase, Kroger, Walgreens, and the College Board. Were you impacted by this breach (or any other)? How did you find out
about the breach? Did you take action as a result? Research and report the estimated costs
associated with this breach. Has the theft resulted in additional security issues for the individuals
who had their data stolen?
2. As individuals or in groups assigned by your instructor, search online for recent reports on
information security breaches. Come to class prepared to discuss the breach, its potential
impact, and how it might have been avoided. What should the key takeaways be for managers
studying your example?
3. Think of firms that you’ve done business with online. Search to see if these firms have
experienced security breaches in the past. What have you found out? Does this change your
attitude about dealing with the firm? Why or why not?
4. What factors were responsible for the TJX breach? Who was responsible for the breach? How do
you think the firm should have responded? 13.2 Why Is This Happening? Who Is Doing It? And What’s
L E A RN I N G OBJ E C T I V E S
1. Understand the source and motivation of those initiating information security attacks.
2. Relate examples of various infiltrations in a way that helps raise organiz ational awareness of
threats. Thieves, vandals, and o ther bad guys have always existed, but the enviro nment has changed.
To day, nearly every o rganizatio n is o nline, making any Internet-co nnected netwo rk a po tential
entry po int f o r the gro wing wo rldwide co mmunity o f co mputer criminals. So f tware and hardware
so lutio ns are also mo re co mplex than ever. Dif f erent vendo rs, each with their o wn po tential
weaknesses, pro vide techno lo gy co mpo nents that may be co mpro mised by misuse,
misco nf iguratio n, o r mismanagement. Co rpo ratio ns have beco me data packrats, ho arding
inf o rmatio n in ho pes o f turning bits into bucks by licensing databases, targeting advertisements, o r
cro ss-selling pro ducts. And f latter o rganizatio ns also mean that lo wer-level emplo yees may be able
to use techno lo gy to reach deep into co rpo rate assets—amplif ying threats f ro m o perato r erro r, a renegade emplo yee, o r o ne co mpro mised by external f o rces. There are a lo t o f bad guys o ut there, and mo tivatio ns vary widely, including the f o llo wing: Acco unt thef t and illegal f unds transf er
Stealing perso nal o r f inancial data
Co mpro mising co mputing assets f o r use in o ther crimes
Exto rtio n
P ro test hacking (hacktivism)
Revenge (disgruntled emplo yees) Criminals sto le mo re than $ 560 millio n f ro m U.S. f irms in 2009, and they did it “witho ut drawing a
gun o r passing a no te to a teller.”S. Kro f t, “Cyberwar: Sabo taging the System,” 60 Minutes,
No vember 8, 2009; J. Leyden, “Cybercrime Lo sses Almo st Do uble,” Register, March 15, 2010.
While so me steal cash f o r their o wn use, o thers resell their hacking take to o thers. There is a
thriving cybercrime underwo rld market in which dat a h arvest ers sell to cash out f raudst ers:
criminals who might purchase data f ro m the harvesters in o rder to buy (then resell) go o ds using
sto len credit cards o r create f alse acco unts via identity thef t. These co llectio n and resale o peratio ns
are ef f icient and so phisticated. Law enf o rcement has taken do wn sites like DarkMarket and
Shado wCrew, in which card thieves and hacking to o l peddler...
View Full Document
This document was uploaded on 01/31/2014.
- Winter '14