This literature review evaluates the eBay hack case and the precautionary steps that lacked off in the system. It focuses on the incident that breached the security system of eBay in May 2014 and analyzes the security management.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head:LITTERATURE REVIEW ON CYBER SECURITY LITTERATURE REVIEW ON CYBER SECURITY OF EBAY Name of the Student Name of the University Author note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1 LITTERATURE REVIEW ON CYBER SECURITY Abstract In this literature review we have evaluated the eBay hack case and confirmed several attempts on its network, it might have taken further steps. The literature review focused on an incident which has breached the security system of the EBay on the month of May 2014 and has evaluated the precautionary steps that lacked off in the system. The implementation of the better security walls in the network secures the transaction by the EBay employees to the customers. The security measures along with the background of the incident and the description with analysis on the security management is evaluated in this report.
2 LITTERATURE REVIEW ON CYBER SECURITY Table of Contents Introduction:.............................................................................................................................3 Discussion:...............................................................................................................................3 Background of the company and the incident:......................................................................3 Incident Description:............................................................................................................4 Analysis of the incident from the security management point of view:................................4 Opinion on the eBay hack case:............................................................................................6 Conclusion:...............................................................................................................................6 Suggestion:...............................................................................................................................7 References:...............................................................................................................................8
3 LITTERATURE REVIEW ON CYBER SECURITY Introduction: The aim of the literature review is to focus on an incident of cyber security case which has breached valuable information of the customers and the organization. The project also evaluates the need of cyber security in every organization dealing with the customer information. Cyber security refers to the process of protecting the internet based connected systems [11]. It also includes the protection of hardware, software and data from the web attacks or commonly known as the cyber security and prevents from accessing the unauthorized data from the data centers. This literature review will also evaluate the cyber security incident of EBay data theft hack that happened in a series during the years of 2014 and 2015. Discussion: Background of the company and the incident: EBay is a multinational e - Commerce Company. The company is located in San Jose, California, United States of America. The company facilitates the sales for consumer through its own created website all over the world. During, 1995, Pierre Omidyar founded eBay and became a remarkable business success story. The EBay is now a multi - billion dollar business that is been operated in around 30 countries [2]. The company manages their own website which is the eBay website, and works as an online auction and shopping purpose website. In this website the people and businesses are able to buy and sell a wide range of goods and offer a wide range of services worldwide. The website is made free for buyers to access and use. They only have to login and create their own shopping profiles which can be created at free of cost, but the sellers are charged some amount of fees for listing their items after a limited number of free listings and again when those items have been sold. Besides the original auction conducted by eBay, there is an eBay style sales department, the website has came up with a new facility of the buy it now option for the customers which has created an great expansion and fame to the organization globally. Universal Product Code, ISBN or other shopping of SKU numbers, online classified advertising, online trading of event
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 LITTERATURE REVIEW ON CYBER SECURITY tickets, and other services are made available to the users globally.EBay, a wholly-owned eBay subsidiary from 2002 to 2015, has previously offered online money transfers as part of its services. On May 21, 2014, The company found that between late February and early March the consumer database of usernames, passwords, phone numbers and physical addresses was infringed [1]. the passwords were advised to be changed by the users after the incident came to the news and public notice. The user profiles that have not yet done so have been given a change password feature to speed this up. The Syrian Electronic Army took over the assault, which was stated by the SEA [3]. Incident Description: Thefirstreportthatwaspublishedmentioningtheattackswerereceivedfromthe headquarters of the EBay in San Jose, California, United States on May 21, 2014. The EBay security breach has affected a population of 145 million users [4]. The hacker was able to access the network of eBay through the login credentials of an employee and gain access to information such as usernames, passwords, physical addresses, telephone numbers and birth date. The hacker(s) also had passwords available, but the likelihood that they would be compromised is low because the passwords were in encrypted form. The larger the company, the more assets it has and depends on, the more difficult it is to discuss exactly how the security breach occurred which was stated by the IT Consultants. There was lack of creating and maintaining a separate small team for the purpose of managing small segments of the organization like maintaining the firewall for the company which was mostly needed in this case. Creating a top - down and bottom - up communication structure to report on the status of such assets is key to preventing future data breaches for an organization. Due to the security breach the EBay requested the users to change their passwords. Creating a top - down and bottom - up communication structure to report on the status of such assets is key to preventing future data breaches for an organization. The passwords were asked to change as it may be possible for the hacker to access the eBay account of the user or other accounts using the same password. Although financial information has not been taken, it is important to note that eBay was then in the spotlight,
5 LITTERATURE REVIEW ON CYBER SECURITY given the latest infringement at Target, and was under a magnifying glass on how to handle crisis management. Analysis of the incident from the security management point of view: The incident of the hacking of eBay has put at risk the private information of their users and the strategy of communication that was subsequently utilized by eBay to get connected with the users. Four main topics are explored in this research which is directly related to the hacking incident and the consequences on the eBay users. Better communication strategies that could have been used by eBay after the crisis. The strategies could have been focused on how eBay rebuilds their own user confidence and how can eBay avoid future incidents like this kind of hacker attacks. This research fre[ort aims to evaluate and demonstrate the relevance of online websites and their trust, privacy, transparency and security to identify how online consumer behavior changes due to incident breaches And to outline the better strategies of communication to be used after a attack crisis due to hacking. Quantitative methodology for understanding the consequences was developed due to the hacking crisis on eBay and identifies better communication strategies that could have been utilized by the company. The low maintenance and security vigilance on the server side that can access the database is the key factor that leads to the interruption in the network by the hackers that lead to the access in database by the hackers [12]. The Australian Information Security association (AISA) has stated that the compromise of eBay's log - in credentials emphasizes that the bulk of an information security budget was no longer working to combat external threats. The data leak ha s originated from the employees by the intentional theft that was lost or stolen devices exposure. Poorly managed privileged credentials increasingly leave organizations as vulnerable as a firewall hole and sensitive information can easily be in the wrong hands. If financial data were kept together with passwords and personal customer details, the eBay compromise could have been worsened. Because eBay usernames, physical address, email address, date of birth and phone number were included in database, this infringement opens the possibility for other types of scams such as phishing attempts. This Provides server and network administrators with an important reminder that security is the responsibility of all. It is clear that the security of their online accounts is the responsibility of all users[9]. As we continue to shift
6 LITTERATURE REVIEW ON CYBER SECURITY more of our daily tasks to online services and with an increasing number of threat vectors that can be used by bad guys, we cannot rely solely on a strong password to keep data and accounts secure. From the security management point of view, the eBay officials should have followed the three parameters of managing online data security [7].The control on employee access segregating the key systems and managing the personal passwords are the key parameters of security. Opinion on the eBay hack case: There are plenty of security measures such as gesture of analytics and user and entity of behavior analytics that can significantly reduce the risk of fraudulent payments after the hack of credentials from the eBay sites. These measures must be implemented by EBay for the Use of proper detection measures and preventive steps could have resisted the kind of fraud that has been committed by the use of vigorous malware. The organization priory warned that this new discovery shows that the malware used in the previously reported customer incident was not a single incident, but part of a wider and highly adaptive banking campaign. The system managers have neglected much areas of threat without sensing the vulnerability of the system when it may be attacked by the hackers. The casual behavior towards the safety of their gateway portal has created much nuisance [6]. EBay is in charge of the network. It is the responsibility of anyone who originates or sends payments to ensure that they do not click on malicious links or phishing emails, that they do not have any malware which is on their systems which are well-defended cyber [8]. On further investigation it was also found that the Employees at these banks appear to have been recruited in the dark web by criminals [4].This becomes a very common event. Disgruntled employees working with cyber criminals constitute a vital threat to the eBay server and the credential lists [5]. The employees help cyber criminals learn about the complex internal functioning of bank payment systems. There was no intension to change or upgraded their existing systems, knowing the amount of importance of the job that is done in their organization.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7 LITTERATURE REVIEW ON CYBER SECURITY Conclusion: In this literature review we can conclude that although the EBay company has confirmed several attempts on its network and also alerted its customers, it might have taken some extra precaution steps. EBay should provide the safety guidelines not only for its own network, but also for the customers to periodically review the status in order to penalize employees or the teams responsible that do not adhere to the clause [6]. Security must be integrated into the central server of Ebay right from their headquarters. The only solution is to have independent cyber security penetration testing by Regulators that take seriously any gap or vulnerability in the BFSI sector and then prosecute them [10]. Suggestion: It will be safer to encrypt consumer data in the database and keep the key. Review controls for foreign transactions isolate them from other systems and implement high - risk controls, a warning system or dash board to review them. In the event of an attack, report to regulators central bodies Instead of identifying vulnerabilities silently [8]. The vulnerability assessments should be conducted by the BFSI sector. They should always conduct penetration tests for real security rather than conformity.
8 LITTERATURE REVIEW ON CYBER SECURITY References: [1] J. Pagliery. Ebay customers must reset passwords after major hack. 2014. [2] L. Kelion, eBay makes users change their passwords after hack.Retrieved January,28, p.2018. 2014. [3] J. Sidhu, R. Sakhuja, and D. Zhou, Attacks on Ebay. [4] W.T. Teo, T.K.Toh, and H.HChung, Advanced Network Technology Laboratories Pte Ltd.,.System and method for securing a network session. U.S. Patent 9,112,897.2015. [5] P. Coggin, Bending and Twisting Networks BSides Vienna. [6] M. R. Randazzo, M. Keeney, E. Kowalski, D. Cappelli, and A. Moore.Insider threat study: Illicit cyberactivityinthebankingandfinancesector(No.CMU/SEI-2004-TR-021).CARNEGIE- MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST. 2005. [7] Thompson, R.W., International Business Machines Corp, 2013.Tracking file contents. U.S. Patent Application 13/613,318. [8] A. SAULLO and D. GUTTADORO. Data protection in policy evolution: management of base and surface encryption layers in OpenStack swift, 2016. [9] Almomani, A., Gupta, B.B., Atawneh, S., Meulenberg, A. and Almomani, E., 2013. A survey of phishing email filtering techniques.IEEE communications surveys & tutorials,15(4), pp.2070-2090. [10] F. S. Tsai and K. L. Chan. Detecting cyber security threats in weblogs using probabilistic models. InPacific-Asia Workshop on Intelligence and Security Informatics(pp. 46-57). Springer, Berlin, Heidelberg. April 2007. [11] R. Von Solms and J. Van Niekerk. From information security to cyber security.computers & security,38, 97-102, 2013.
9 LITTERATURE REVIEW ON CYBER SECURITY [12] D.E. Harmon.Cyber Attacks, Counterattacks, and Espionage. The Rosen Publishing Group, Inc. 2016.