Cybersecurity Autopsy: Target Data Breach Case Study - ACC/ACF 2400

Verified

Added on 2023/06/07

AI Summary

This case study examines the Target data breach, analyzing potential sources of risk as outlined by Dube and Bernier, including employee negligence, business partner vulnerabilities, hacking, and software weaknesses. It references examples like EnerVest, Sage, Equifax, and WannaCry to illustrate various breach origins. The study emphasizes the importance of employee security protocols, up-to-date systems to combat hacking, and addressing software vulnerabilities. Recommendations include one-time passwords and regular system updates. The document is available on Desklib, a platform offering study tools and solved assignments for students.

Running Head: ORGANIZATION DATA BREACH 1
ORGANIZATION DATA BREACH
Student Name
Institution Affiliation
Facilitator
Course
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

ORGANIZATION DATA BREACH 2
According to the five potential sources of risk which were listed by Dube and Bernier in
their paper “Risk Management Approach for IT solutions” each deserves attention because the
various security breaches which have been reported in the past have indicated different sources
of breaches. For instance, EnerVest and Sage companies had their data breach through their
untrustworthy employees while Equifax and WannaCry had their experience through hacking.
Considering these few cases and others is a clear indication that data breach can originate from
different angles and therefore business organizations should be equipped all the time (Krebs,
2013).
Employees are among the major sources of breach which any business should count
among the top potential risk. This is in consideration to the fact that organization employees are
all aware of the operational process of any organization systems and can easily compromise with
the data in partnership with external parties (Picanso, 2006). For instance, some of organization
employees are aware of server passwords either legally or illegally and therefore if they intend to
share with attackers can do so leading to serious data breach incidences for an organization. A
case example can be observed in the EnerVest Company which faced its data breach calamity
through one of its employees who was revenging because of job termination in the company.
Business partners who are sometimes considered as colleagues in the business
environment may also act as a data breach threat to an organization (Romanosky, Hoffman &
Acquisti, 2014). Although not a very common incidences, in the process of interaction between
the company staff at their basic level, they may come across information system passwords and
which can be used to access the organization databases and other critical components of the
organization information system which may reveal crucial data (Romanosky, Hoffman &

ORGANIZATION DATA BREACH 3
Acquisti, 2014). Such incidences are observed in the cases where the organization may be acting
as threat in the business environment and then targeted as a way of destroying its reputation.
Currently, business organizations invest heavily in the IT components unlike some
decades ago where organizations could run under softwares which are outdated and face no
threats. The trend has begun after the realization that hackers are out targeting such
vulnerabilities to exploit information systems. So, hackers have become a threat to organization
systems because of their advancement with the technology trends (Sen & Borle, 2015). A good
example under this category is the case of Yahoo which was reported in 2016. This dominant
internet giant faced this biggest data breach in history through its 500 million user’s data being
compromised by the attacker. It was reported that the hackers achieved their target by hashing
the user’s passwords using a robust bcrypt algorithm.
Weaknesses in the organization softwares can also act as a source of data breach for an
organization. Such weaknesses include but not limited to outdated softwares, compromised
softwares and open source softwares. These weaknesses make it easy for the hackers to penetrate
into the organization crucial data and harm the organization (Sen & Borle, 2015).
To control the risks of these sources, there are different approaches which could have
been followed by the Target; ensuring that the employees who have system passwords are given
those passwords under one-time basis to avoid them causing harm to the system in case of
incidences like termination of work contract. To control hacking, the organization should ensure
that its systems are up to date.
References
Krebs, B. (2013). Sources: Target investigating data breach. Krebs on Security.

ORGANIZATION DATA BREACH 4
Picanso, K. E. (2006). Protecting information security under a uniform data breach notification
law. Fordham L. Rev., 75, 355.
Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach
litigation. Journal of Empirical Legal Studies, 11(1), 74-104.
Sen, R., & Borle, S. (2015). Estimating the contextual risk of data breach: An empirical
approach. Journal of Management Information Systems, 32(2), 314-341.