A co nstant vigilance regarding security needs to be

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ity issues; and help yo u co nsider whether a f irm has techno lo gies, training, po licies, and pro cedures in place to assess risks, lessen the likeliho o d o f damage, and respo nd in the event o f a breach. A co nstant vigilance regarding security needs to be part o f yo ur individual skill set and a key co mpo nent in yo ur o rganizatio n’s culture. An awareness o f the threats and appro aches discussed in this chapter sho uld help reduce yo ur chance o f beco ming a victim. As we examine security issues, we’ll f irst need to understand what’s happening, who ’s do ing it, and what their mo tivatio n is. We’ll then examine ho w these breaches are happening with a f o cus o n techno lo gies and pro cedures. Finally, we’ll sum up with what can be do ne to minimize the risks o f being victimized and quell po tential damage o f a breach f o r bo th the individual and the o rganizatio n. K E Y TAK E AWAYS I nformation security is everyone’s business and needs to be made a top organiz ational priority. Firms suffering a security breach can experience direct financial loss, exposed proprietary information, fines, legal payouts, court costs, damaged reputations, plummeting stock prices, and more. I nformation security isn’t just a technology problem; a host of personnel and procedural factors can create and amplify a firm’s vulnerability. QU E S TI ONS AND E XE RC I S E S 1. The 2011 data theft at database firm Epsilon impacted a number of the firm’s clients, including Best Buy, Capital One, Citi, the Home Shopping Network, JP Morgan Chase, Kroger, Walgreens, and the College Board. Were you impacted by this breach (or any other)? How did you find out about the breach? Did you take action as a result? Research and report the estimated costs associated with this breach. Has the theft resulted in additional security issues for the individuals who had their data stolen? 2. As individuals or in groups assigned by your instructor, search online for recent reports on information security breaches. Come to class prepared to discuss the breach, its potential impact, and how it might have been avoided. What should the key takeaways be for managers studying your example? 3. Think of firms that you’ve done business with online. Search to see if these firms have experienced security breaches in the past. What have you found out? Does this change your attitude about dealing with the firm? Why or why not? 4. What factors were responsible for the TJX breach? Who was responsible for the breach? How do you think the firm should have responded? 13.2 Why Is This Happening? Who Is Doing It? And What’s Their Motivation? L E A RN I N G OBJ E C T I V E S 1. Understand the source and motivation of those initiating information security attacks. 2. Relate examples of various infiltrations in a way that helps raise organiz ational awareness of threats. Thieves, vandals, and o ther bad guys have always existed, but the enviro nment has changed. To day, nearly every o rganizatio n is o nline, making any Internet-co nnected netwo rk a po tential entry po int f o r the gro wing wo rldwide co mmunity o f co mputer criminals. So f tware and hardware so lutio ns are also mo re co mplex than ever. Dif f erent vendo rs, each with their o wn po tential weaknesses, pro vide techno lo gy co mpo nents that may be co mpro mised by misuse, misco nf iguratio n, o r mismanagement. Co rpo ratio ns have beco me data packrats, ho arding inf o rmatio n in ho pes o f turning bits into bucks by licensing databases, targeting advertisements, o r cro ss-selling pro ducts. And f latter o rganizatio ns also mean that lo wer-level emplo yees may be able to use techno lo gy to reach deep into co rpo rate assets—amplif ying threats f ro m o perato r erro r, a renegade emplo yee, o r o ne co mpro mised by external f o rces. There are a lo t o f bad guys o ut there, and mo tivatio ns vary widely, including the f o llo wing: Acco unt thef t and illegal f unds transf er Stealing perso nal o r f inancial data Co mpro mising co mputing assets f o r use in o ther crimes Exto rtio n Espio nage Cyberwarf are Terro rism P ranksters P ro test hacking (hacktivism) Revenge (disgruntled emplo yees) Criminals sto le mo re than $ 560 millio n f ro m U.S. f irms in 2009, and they did it “witho ut drawing a gun o r passing a no te to a teller.”S. Kro f t, “Cyberwar: Sabo taging the System,” 60 Minutes, No vember 8, 2009; J. Leyden, “Cybercrime Lo sses Almo st Do uble,” Register, March 15, 2010. While so me steal cash f o r their o wn use, o thers resell their hacking take to o thers. There is a thriving cybercrime underwo rld market in which dat a h arvest ers sell to cash ­out f raudst ers: criminals who might purchase data f ro m the harvesters in o rder to buy (then resell) go o ds using sto len credit cards o r create f alse acco unts via identity thef t. These co llectio n and resale o peratio ns are ef f icient and so phisticated. Law enf o rcement has taken do wn sites like DarkMarket and Shado wCrew, in which card thieves and hacking to o l peddler...
View Full Document

This document was uploaded on 01/31/2014.

Ask a homework question - tutors are online