Financial and Data Privacy: Case Study Analysis Report

Verified

Added on 2022/08/10

AI Summary

This report examines the critical issue of financial and data privacy, focusing on a case study involving the leakage of sensitive HIV patient information in Singapore. It explores various cybersecurity threats, including data leakage, insider threats, ransomware, phishing, and hacking, highlighting their impact on organizations. The report analyzes the vulnerabilities that led to the breach and discusses mitigation strategies such as encryption, access controls, employee training, and the implementation of robust security software. It emphasizes the importance of proactive measures to protect sensitive data and prevent future breaches, offering insights into best practices for data privacy and cybersecurity in the financial sector and beyond. The report also references the importance of data backup, data encryption and employee awareness to ensure the protection of data from external threats.

Running head: - FINANCIAL AND DATA PRIVACY
FINANCIAL AND DATA PRIVACY
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1FINANCIAL AND DATA PRIVACY
Introduction
This case deals with an online criminal activity that had leaked the information
regarding all the HIV positive patients in the regions of Singapore by an individual who is
still unrecognized. The records that have been leaked consisted of information belonging to
5,400 natives of Singapore and 8,800 foreigners having the inclusion of pass applicants as
well as holders (Parkinson et al., 2017). This also leaked the information that belonged to
2,400 individuals through the method of contract tracing. The information that had been
leaked primarily were the likes of names, phone numbers, identification numbers, test results
of HIV, addresses as well as information related to medical.
The Ministry of Health (MOH) confessed the fact that all the details that had been
leaked is still in the possession of that individual who had been working behind this
happening since the first day. However, the prime mind behind the entire incident was Mikhy
K Farrera Brochez, an American who was also HIV-positive living in Singapore since the
year of 2008. In addition to this, Ler Teck Siang, who used to be the head of MOH’s National
Public Health Unit until May 2013 was also a primary contributor towards the leakage of the
entire information contained within the HIV registry (Kirichenko, Radivilova & Carlsson,
2018). All of this information leakage was primarily due to the lack of cybersecurity
procedures within the organization of Ministry of Health (MOH).
Some of the primary threats that have been identified in the above article belong to
the field of cyber security that had led initially to the leakage of personal information that
belonged to thousands of patients of the Ministry of Health (MOH).
Data Leakage
Cyber security and the relative procedures are considered to be hard to implement
within the business organizations, there is the possibility of external sources that might

2FINANCIAL AND DATA PRIVACY
potentially harm the cyber security of the organization. Hence, it is also important for the
workplaces to implement procedures of cyber security outside the office premise to prevent
the external sources from trying to get into the database and hamper the data privacy of the
organization (Puthal et al., 2017). Data leakage can take place in multiple ways with the
widespread usage of smartphones as well as tablets. Such data leakage can be done with the
help of cheap storage devices that are easy to carry, wherein the data can be stored and
carried out of the organization leading to leakage of data that only belongs to the authority of
the respective business organizations. In the above scenario, all the information that belonged
to individual HIV patients was stored in a HIV registry that had minimum or no levels of
cyber security. This was the sole reason that led to the leakage of information to an external
source named, Mikhy K Farrera Brochez.
This cause of data leakage can be properly mitigated with the help of following
methods,
i) Keeping the database encrypted with proper methods of encryption and the
passcode known to the authorities of the organization only.
ii) Having GPS tracking enabled upon the storage devices, which might help in
tracking the same and wiping the device off.
iii) Usage of encryption software on all the workstations of the company to ensure
that no external sources will have the possibility to get past the systems
(Blakemore, 2016).
iv) Having cloud based storages as a form of back up to get hold of the data whenever
and wherever possible that will save the cost as well as risks associated with real
time storage devices.

3FINANCIAL AND DATA PRIVACY
Insider threat
This particular threat refers to such employees that might be hired by the organization,
but the employees might turn up against the organization as well as act as a primary source of
conveying the company information to external sources. Hence, employees of the
organization can act as a mistake or maliciously active for leakage of information along with
documents to online criminals to be used for their own purpose of criminal activities (Hemilä,
Mikkola & Salonen, 2019). In the Singapore incident, Ler Teck Siang was the head of
National Public Health Unit for the Ministry of Health. Ler used to have the primary access
to the HIV registry, which is allegedly assumed to have been compromised by him to
Brochez. Ler supplied all the information that is contained within the registry to Brochez and
ended up betraying his former workplace.
The threats that are posed towards data leakage within an organization can be
potentially mitigated with the help of the following strategies,
i) Provisioning the employees with proper training to be careful and active enough
to tackle such situations.
ii) Placing a limitation upon the access of information in terms of the employees.
This particularly states that fact that employees will only be having the ability to
access the information that is required by them in carrying out their
responsibilities (Benson, McAlaney & Frumkin, 2019).
iii) Placing a control over the usage of portable devices such as the likes of USB
storage devices, hard drives as well as media players.
iv) Installation of monitoring software applications to track the activities of the
employees.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4FINANCIAL AND DATA PRIVACY
Some of the other threats that have been prevailing towards the information of
business organizations have been identified which are the likes of Ransomware, Phishing and
hacking.
Ransomware
This commonly refers to a form of threat within the field of cyber threats that takes
the form of a malware and attempts towards the encryption of data. This is followed by the
online criminal group in extorting the data against a specific amount of ransom. The hacker
claims the fact that they will supply with a passcode that will be able to open the locked
information only after they get hold of the ransom money (Luna et al., 2016). Majority of the
ransomwares in the recent conditions are deployed using emails. In addition to this, online
criminals deploying ransomware also have the tendency to get the ransom and use the
information for their own benefits rather than supplying the respective business organization
with the passcode to get their own data back. Some of the methods that can be used for
mitigating the ransomware attacks have been stated below. These are,
i) Awareness among the employees of the organization should be careful regarding
unsolicited emails, particularly the ones that demand a quicker response from the
employees of the organization.
ii) Installation as well as maintenance of antivirus programs along with application
software that safeguard the technical components against potential malware
(Kruse et al., 2017).
iii) Keeping the software applications updated for dealing against newer forms of
malware that are potentially deployed by the online criminals.

5FINANCIAL AND DATA PRIVACY
iv) Backing up of data along with managing the same to make sure of the fact that no
data is lost in such scenarios of ransomware attacks where the hacker places a
block upon the regular activity of the respective organization.
Phishing
This particularly refers to another attempt for gaining of sensitive information while
acting as a trustworthy contact to the respective organization in particular. In addition to this,
spear phishing refers to the act of gaining sensitive information from a particular individual
(Sapienza et al., 2018). This particular method of gaining personal information that might
belong to the business organization or to an individual employee of the organization is
specifically done through emails that consists of a fake company logo and the content present
on the email is fake as well as but convincing at the same time. Hence, it can be stated that,
business environments working within the field of business and carrying out their regular
activities have the potential to be attacked by a certain link that might take the individual to a
particular phishing site that looks similar to an original website. From there, the individual
falls into a trap and get drowned into the activity of necessarily paying a ransom to get out of
the situation (Teoh & Mahmood, 2017). In regards to this, there should be the
implementation of certain cyber security procedures that needs a potential implementation
within the policies of the company. These are,
i) The employees should be aware of the fact that other companies do no ask for
sensitive information from the individuals.
ii) Tendency among the employees to be suspicious regarding emails that might be
unexpected or having the containment of something related to phishing.
iii) Installation of anti-malware applications into every single workstations of the
organizations.

6FINANCIAL AND DATA PRIVACY
iv) Installation as well as application of spam filters that needs to be turned on at
every single entry point of data to filter out the spam ones (Nobles, 2019).
Hacking
This particular method refers to the activity of gaining access into the systems of
respective business organizations from externally existing sources. In general, the online
criminals makes use of various illegal methods to gain access into the systems working
within the business organizations such as the information belonging to all the employees or
sensitive information regarding the business related procedures of the same (Gonzalez-
Granadillo et al., 2018). Particularly, the hackers make special efforts to get into the database
of banking sectors or IT companies because of the fact that these particular sectors are in
possession of major quantities of data. The threats that are associated with this technique are
the likes of revelations regarding usernames as well as passwords and tricking the individuals
to fill up forms convincing them to enter personal information belonging to them. As a
reason, the business organizations can make use of the following methods to mitigate the
possible cause of hacking,
i) Installation of proper firewalls that might have the potential capability to identify
as well as prevent such threats from gaining an entry.
ii) There must be the existence of various methods for data security to disallow
external sources from gaining access and gathering sensitive information (Trim &
Upton, 2016).
iii) Provisioning the employees with adequate training to fight against such online
hackers.
Data privacy

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7FINANCIAL AND DATA PRIVACY
This method particularly deals with the procedure of proper handling of various data
that belongs to the business organizations and the necessary safeguarding of the same
because of the fact that such information belong to customers that might be sensitive as well
as personal (Shoro, Hyder & Kazmi, 2018). As a reason, various activities such as consent,
regulatory obligations as well as consent is necessary to prevent such information from going
into the wrong hands. Some common methods of data privacy are,
i) Backing up of data.
ii) Encryption techniques for data protection.
iii) Implementation of access control policies upon the information.
iv) Installation of various malware and data security software that will prevent
external as well as unauthorized access into the personal information of the
companies in particular.
Conclusion
This common occurrence takes place in majority of the organizations leading to
leakage of sensitive information to externally existing sources through the usage of various
methods that have been discussed above. As a reason, this has become a serious issue that
needs to be considered by all the organizations within the field of business to identify the
cyber threats and to make use of proper policies as well as procedures that have the
potentially capability to identify, prevent as well as mitigate the occurrence of the same. In
addition to this, the discussion also states that leakage of information might also be controlled
with proper training to the individual employees regarding suspicious efforts from online
criminals.

8FINANCIAL AND DATA PRIVACY
References
Benson, V., McAlaney, J., & Frumkin, L. A. (2019). Emerging threats for the human element
and countermeasures in current cyber security landscape. In Cyber Law, Privacy, and
Security: Concepts, Methodologies, Tools, and Applications (pp. 1264-1269). IGI
Global.
Blakemore, B. (2016). Policing cyber hate, cyber threats and cyber terrorism. Routledge.
Gonzalez-Granadillo, G., Dubus, S., Motzek, A., Garcia-Alfaro, J., Alvarez, E., Merialdo,
M., ... & Debar, H. (2018). Dynamic risk management response system to handle
cyber threats. Future Generation Computer Systems, 83, 535-552.
Hemilä, J., Mikkola, M., & Salonen, J. (2019, December). Management of Cyber Security
Threats in the Factories of the Future Supply Chains. In 9th International Conference
on Operations and Supply Chain Management, OSCM 2019.
Kirichenko, L., Radivilova, T., & Carlsson, A. (2018). Detecting cyber threats through social
network analysis: short survey. arXiv preprint arXiv:1805.06680.
Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in
healthcare: A systematic review of modern threats and trends. Technology and Health
Care, 25(1), 1-10.
Luna, R., Rhine, E., Myhra, M., Sullivan, R., & Kruse, C. S. (2016). Cyber threats to health
information systems: A systematic review. Technology and Health Care, 24(1), 1-9.
Nobles, C. (2019). Cyber threats in civil aviation. In Emergency and Disaster Management:
Concepts, Methodologies, Tools, and Applications (pp. 119-141). IGI Global.

9FINANCIAL AND DATA PRIVACY
Parkinson, S., Ward, P., Wilson, K., & Miller, J. (2017). Cyber threats facing autonomous
and connected vehicles: Future challenges. IEEE transactions on intelligent
transportation systems, 18(11), 2898-2915.
Puthal, D., Mohanty, S. P., Nanda, P., & Choppali, U. (2017). Building security perimeters to
protect network systems against cyber threats [future directions]. IEEE Consumer
Electronics Magazine, 6(4), 24-27.
Sapienza, A., Ernala, S. K., Bessi, A., Lerman, K., & Ferrara, E. (2018, April). Discover:
Mining online chatter for emerging cyber threats. In Companion Proceedings of the
The Web Conference 2018 (pp. 983-990).
Shoro, S., Hyder, M. S., & Kazmi, S. N. H. (2018). Social Media Security Risks and Cyber
Threats. International Journal of Computer Science & Emerging Technologies, 2(1),
33-37.
Teoh, C. S., & Mahmood, A. K. (2017, July). National cyber security strategies for digital
economy. In 2017 International Conference on Research and Innovation in
Information Systems (ICRIIS) (pp. 1-6). IEEE.
Trim, P., & Upton, D. (2016). Cyber security culture: Counteracting cyber threats through
organizational learning and training. Routledge.