Potential IT Threats of Cloud Computing and PageUp Data Breach

Verified

Added on  2023/06/10

|7
|1449
|267
AI Summary
This article discusses the potential IT threats related to cloud computing technology, including lack of control, leak of confidential data, high dependence on the internet, and threat of cyberattacks. It also covers the PageUp data breach, which compromised the personal information of thousands of Australians. The article explores the threats exploited and provides recommendations to mitigate the risk.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
IT Risk Management

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Topic-1
Potential IT Threats of Cloud Computing
Cloud computing is a process which is used by corporations to use various remote
servers which are hosted through the internet to perform their business operations such as
processing, managing and storing data (Brender & Markov, 2013). The use of cloud
computing has increased between modern enterprises because they rely on the internet and it
provides them a cheaper and efficient tool to perform their operations. However, there are
various potential IT threats related to cloud computing technology as well which resulted in
adversely affecting the data and performance of companies.
Risk-1: Lack of control
Organisations have the option to use public, private or hybrid cloud while using cloud
computing technology. The cost of using private cloud is relatively expensive, thus, most
enterprises uses public cloud services. In case of public cloud, the companies did not have
control over their data because it is stored on the servers of their Cloud Service Provider
(CSP). The lack of control means that in case any conflict arises between the company and
the CSP, then the CSP can restrict the corporation from accessing its own data (Khorshed, Ali
& Wasimi, 2012).
Risk-2: Leak of confidential data
As discussed above, public cloud service is the most common form of cloud
computing which is used by a large number of enterprises. However, in this process,
companies store which confidential and sensitive business data in the servers of its CSP.
Most corporations avoid using cloud computing technology because they do not trust a third-
party with their confidential data (Claycomb & Nicoll, 2012). Furthermore, the data of the
company can also be accessed by employees of CSPs which resulted in adversely affecting
the profitability of the company.
Risk-3: High Dependence of the internet
In order to use cloud computing technology, corporations are required to use a high-
speed internet connection so that they are able to download and upload their data on the
servers quickly. Thus, in case a reliable and high-speed internet connection is not available,
Document Page
then companies are not able to access their business data due to which they operations stop.
Moreover, due to lack of internet or electricity at CSP, the companies face downtime of
servers. In such case, corporations are not able to access their data even if they are connected
to a high-speed internet connection (Brender & Markov, 2013). Thus, enterprises face the risk
of losing valuable time in case they use cloud computing technology.
Risk-4: Threat of Cyberattacks
Along with the popularity of cloud computing technology, the number of cyber-attack
has increased as well. Cybercriminals target large CSPs in order to gain unauthorised access
to the data of companies. Most corporations did not take appropriate security measures which
resulted in increasing the threat of data breach of enterprises. Cybercriminals attack CSPs to
collect the data of their clients which puts the confidential data of companies at high risk
(Martens & Teuteberg, 2012). The companies suffer substantial loss in case its data is leaked
to cybercriminals, thus, there are many potential IT threats in cloud computing technology.
Document Page
References
Brender, N., & Markov, I. (2013). Risk perception and risk management in cloud computing:
Results from a case study of Swiss companies. International journal of information
management, 33(5), 726-733.
Claycomb, W. R., & Nicoll, A. (2012). Insider threats to cloud computing: Directions for
new research challenges. Computer Software and Applications Conference
(COMPSAC), 387-394.
Khorshed, M. T., Ali, A. S., & Wasimi, S. A. (2012). A survey on gaps, threat remediation
challenges and some thoughts for proactive attack detection in cloud
computing. Future Generation computer systems, 28(6), 833-851.
Martens, B., & Teuteberg, F. (2012). Decision-making in cloud computing environments: A
cost and risk based approach. Information Systems Frontiers, 14(4), 871-893.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Topic-2
Summary
PageUp, Australia based HR Company, reported a data breach in May 2018 due to
which the personal information of thousands of Australians was leaked (McLean, 2018). The
leaked details include information about Australians such as personal information, Tax File
Numbers (TFNs), bank details and others. PageUp has over 2 million active users which
include large Australian enterprises such as Aldi, Telstra, Coles, National Australia Bank
(NAB), Australia Post, Medibank and others. According to Karen Cariss, Chief Executive of
PageUp, the company noticed “unusual activity” on May 23 after which it launched an
investigation (McGrath & Blumer, 2018). Organisations use PageUp’s software for
recruitment and performing other human resource functions such as storing information like
personal data, salary information, tax numbers, bank details and others.
The breach was occurred due to a malware which resulted in leaking confidential data
of the company to cybercriminals. After finding some unusual activity on May 23, the
investigation reported a breach of data on May 28. The cybercriminals or group who
performed this attack is still unknown. The attack was performed by using a malicious code
which was executed inside PageUp’s systems. Due to such malicious code, criminals were
able to access the documents of the company. Although the malware which hit the company
is not identified, however, Mr MacGibbon, Head of the ACSC, provided that cybercriminals
always focus on finding new ways to steal credentials and confidential data of organisations
in order to wreak havoc on our society (McGrath & Blumer, 2018).
Threats Exploited
PageUp is a SaaS-based recruitment firm which offers its services to over 2 million
users which include both large private organisations along with many governmental
organisations. Due to involvement of government organisations, the threat of leak of
confidential data increased, however, it was reported no major government data has leaked in
this breach (Turner, 2018). The breach shows the vulnerability of SaaS-based infrastructure
of PageUp. The IT infrastructure of PageUp is not competent to keep malware out of the
system. The cybercriminals were able to enter their code into the IT infrastructure of PageUp
which shows that they did not build appropriate security protection mechanism or firewalls to
avoid unauthorised access to their data.
Document Page
Recommendations to mitigate the risk
Following are different suggestions which can be used by PageUp to avoid data breach in
the future and protect their data from unauthorised access.
1. PageUp should always use updated software to ensure that it is protected against new
malware. As per MacGibbon, cybercriminals always find new ways to breach data,
thus, updated software protect companies from a data breach.
2. PageUp should focus on securing its hardware from unauthorised access. According
to IBM, more than 60 percent of cyber-attacks are caused due to the insider threat,
thus, PageUp should protect its hardware (Kim, 2016).
3. PageUp should use strong encryption to protect its data during transmission. As it is a
SaaS-based company, it should rely on encryption to avoid unauthorised access.
4. Trained and educated employees could also assist in avoiding data breaches in the
company.
Document Page
References
Kim, E. (2016). The people you trust most could be planning the next big cyber attack on
your company. Retrieved from https://www.businessinsider.in/The-people-you-trust-
most-could-be-planning-the-next-big-cyber-attack-on-your-company/articleshow/
52661993.cms
McGrath, P & Blumer, C. (2018). Bank details, TFNs, personal details of job applicants
potentially compromised in major PageUp data breach. Retrieved from
http://www.abc.net.au/news/2018-06-06/australian-data-may-be-compromised-in-
pageup-security-breach/9840048
McLean, A. (2018). PageUp confirms some data compromised in breach. Retrieved from
https://www.zdnet.com/article/pageup-confirms-some-data-compromised-in-breach/
Turner, J. (2018). How Australia must use the PageUp data breach to become stronger.
Retrieved from https://www.afr.com/technology/web/security/how-australia-must-
use-the-pageup-data-breach-to-become-stronger-20180615-h11gd3
1 out of 7
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]