According to a gartner study some 62 percent of

This preview shows page 6 - 7 out of 11 pages.

justified in their actions against the company. According to a Gartner study some 62 percent of insiders that have malicious intent are categorized as “second streamers” or people who are looking for a supplemental income (Varughese, 2016). Everyday hackers are looking for open systems, weak security features or flaws by using sophisticated programs that attacks and invade companies all over the world including CareFirst that holds an enormous amount of information on servers. If this information is stolen by hackers it can be placed on the black market and sold. It is always going to be hard to understand what the intentions of hackers is going to be, below are some of the motivations of a cyber bad actor. Information Theft – this is when an attacker tries to acquire information from a target and/or information that is stored on the targets network. The information could be in the form of intellectual property, customer information, or business-critical information. Since 2005, 25% of all data breaches were the result of targeted attacks, this makes them very effective. Espionage – when an attackers goal is to monitor the targets activities and steal information that the target has, information that could potentially compromise national security. This was seen with Operation Shady RAT was one of the biggest cyber espionage cases, since 2006 it has affected over 70 companies and organizations. Cyber attackers were able to gain access to legal contacts, government secrets and other sensitive data (Panganini, 2017). Sabotage – when the goal of the attacker is the defamation, blackmail or destruction of its targets. This was seen in the Ashley Madison and Sony data breaches, where attackers
Image of page 6

Subscribe to view the full document.

INFORMATION SYSTEMS AND IDENTITY MANAGEMENT 7 used the stolen information to blackmail the company into acceding to specific demands. TrendMicro (Gregg, 2017) . CareFirst must encourage a multi-factor authentication method to avoid breach. All the company’s PC has been pass-worded which is a good way to start to prevent outside intrusion. However, the company needs to engage in a multi-factor authentication with the use of a token to authenticate every user. It could be a hard token which has to be with an employee at all time or a soft token that could be downloaded on mobile phones and used as needed. Furthermore, the company should migrate all the data that could be easily accessed from all local machines through applications like putty and WINSCP to a different server. This is also known as a nested server security. Employees will have to log into their PC first, and then log into the JUMP server using the safe-start token whenever they need access to data. Amount of data accessible is limited by employee position and the project that is being worked on.
Image of page 7
You've reached the end of this preview.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern