Critical Analysis of Home Depot Data Breach for INFO814 Assignment 3
VerifiedAdded on 2023/06/04
|8
|1651
|61
Report
AI Summary
This report provides a comprehensive analysis of the Home Depot data breach, examining the incident's causes, including the exploitation of third-party credentials and malware injection within the POS systems. It details the chronological order of events, the specific cyber incident, and its impact...
Read More
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Student name NAVJOT KAUR
Student ID 18468311
Course code INFO814
Course Title Security and Forensics
Tutor name Prashant Khanna
Assignment number 3
Due Date 5th November, 2018
Date Submitted 5th November, 2018
This assignment is my own work:
Signature______________________ Print name: ___________________
ASSIGNMENT COVER SHEET
Student ID 18468311
Course code INFO814
Course Title Security and Forensics
Tutor name Prashant Khanna
Assignment number 3
Due Date 5th November, 2018
Date Submitted 5th November, 2018
This assignment is my own work:
Signature______________________ Print name: ___________________
ASSIGNMENT COVER SHEET
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The Home Depot Data Breach
Executive Summary
The purpose of this report is to critically analyse the Home Depot Case Study and reflect in
the learning those could be utilized for further actions considering privacy and security of
the consumers. The Home Depot has many retail customers and they adopted the POS
system for transforming the payment system for the different stores located at several
places in US. It is important to consider the security of the consumers when an organization
adopts a new technology that can meet the needs and requirements of the users. This
report will express the details related to the causes of the problem, their countermeasures,
and recommendation those could have stopped intruder from accessing and utilizing such
sensitive information. This paper concludes that the biggest lagging factor in the intrusion of
the Home Depot retailers was neglecting the Target data breach and not adopting the
countermeasures as suggested after that attack.
1.
Executive Summary
The purpose of this report is to critically analyse the Home Depot Case Study and reflect in
the learning those could be utilized for further actions considering privacy and security of
the consumers. The Home Depot has many retail customers and they adopted the POS
system for transforming the payment system for the different stores located at several
places in US. It is important to consider the security of the consumers when an organization
adopts a new technology that can meet the needs and requirements of the users. This
report will express the details related to the causes of the problem, their countermeasures,
and recommendation those could have stopped intruder from accessing and utilizing such
sensitive information. This paper concludes that the biggest lagging factor in the intrusion of
the Home Depot retailers was neglecting the Target data breach and not adopting the
countermeasures as suggested after that attack.
1.
The Home Depot Data Breach
Table of Contents
Introduction................................................................................................................................3
Causes of problem......................................................................................................................3
Countermeasures........................................................................................................................4
Conclusion..................................................................................................................................5
Recommendations......................................................................................................................5
References..................................................................................................................................7
1.
Table of Contents
Introduction................................................................................................................................3
Causes of problem......................................................................................................................3
Countermeasures........................................................................................................................4
Conclusion..................................................................................................................................5
Recommendations......................................................................................................................5
References..................................................................................................................................7
1.
The Home Depot Data Breach
Critical Analysis on Home Depot Data Breach
Introduction
It was one of the biggest retail data breaches in 2014 where many of the retail
customers faced data breach that exposed fifty six million credit card details and fifty-three
million email address. It allowed the intruders to gain access to the bank accounts of many
consumers and cost a loss of almost $179 million for Home Depot (Roberts, 2017). Digital
banking and credit cards changed the way of the payment in the modern industry, however,
the handy way of the payment is not much efficient and secure for the users as it is leading
to much vulnerability those are affecting the consumers financially and causing serious loss
to them. It has been analyzed that there were many several attacks driven in a single year
those impacted on the privacy and security of various consumers. This attack was similar to
that of the Target data breach as it should have been considered and proper measures
should have been taken for the measurement and deployment of the strategies. Similar
exploitation methods were used in the Home Depot’s Point of Sale systems.
Causes of problem
The point of Sale Systems has allowed the fast exchange of the cost with the
customers and deliver the payment related operational activities in an efficient and fast
way. However, intrusion or breach can be critical for the consumers as it could be a severe
security and privacy threat for the users using credit cards for the payment (Hawkins, 2015).
Intruders used third-party credentials after stealing them and used for personal benefits.
This information was enough for the intruders to deliver the planned breach and use it for
making the profit through enabling the EMV chip-and-PIN payment cards.
1.
Critical Analysis on Home Depot Data Breach
Introduction
It was one of the biggest retail data breaches in 2014 where many of the retail
customers faced data breach that exposed fifty six million credit card details and fifty-three
million email address. It allowed the intruders to gain access to the bank accounts of many
consumers and cost a loss of almost $179 million for Home Depot (Roberts, 2017). Digital
banking and credit cards changed the way of the payment in the modern industry, however,
the handy way of the payment is not much efficient and secure for the users as it is leading
to much vulnerability those are affecting the consumers financially and causing serious loss
to them. It has been analyzed that there were many several attacks driven in a single year
those impacted on the privacy and security of various consumers. This attack was similar to
that of the Target data breach as it should have been considered and proper measures
should have been taken for the measurement and deployment of the strategies. Similar
exploitation methods were used in the Home Depot’s Point of Sale systems.
Causes of problem
The point of Sale Systems has allowed the fast exchange of the cost with the
customers and deliver the payment related operational activities in an efficient and fast
way. However, intrusion or breach can be critical for the consumers as it could be a severe
security and privacy threat for the users using credit cards for the payment (Hawkins, 2015).
Intruders used third-party credentials after stealing them and used for personal benefits.
This information was enough for the intruders to deliver the planned breach and use it for
making the profit through enabling the EMV chip-and-PIN payment cards.
1.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The Home Depot Data Breach
Countermeasures
P2P encryption was developed for developing high security to the card access as it
completely allowed the cards to be encrypted and safe from being copied or stolen by the
intruder. The malware injection was the one that led the successful deployment of this
attack and that has never been uploaded if the intruders did not possess the third party
credentials. There are many ways in which the stolen details and the credit cards could be
used for the personal benefits and those were the major issue behind expose of such vital
information. Similar cases have also occurred in past as mentioned earlier, Target data
breach was one of the largest retail breaches in U.S. history. The chronological order
presentation of the retail breach is also mentioned in the case study that clearly depicts the
number of attacks being driven in a single year after the attempts driven by Target breach.
Such uncertainties and willingly driven attacks do not only influence the consumers' interest,
however, but it also influences the organization financially (Cooper & Zywicki, 2017). Many
attempts are being driven for making the payment system much secure than it is now or
was before the intrusions such as Point-to-Point encryption, Chip and Pin Cards, mobile
payments, and many more.
Despite these countermeasures, new strategies are being developed and executed
by the intruders such as hacking, intrusion, or unauthorized access to the online database
and using those data for personal benefits. Even in the present time, there are ways through
which intruders can gain access to the data related to the credit cards those could be used
for unauthorized payment transaction and personal benefits of the intruder. This includes
physical access and database hacking for the generation of information that can be used for
unauthorized access (Weiss & Miller, 2015). Moving forward towards the case study, it was
1.
Countermeasures
P2P encryption was developed for developing high security to the card access as it
completely allowed the cards to be encrypted and safe from being copied or stolen by the
intruder. The malware injection was the one that led the successful deployment of this
attack and that has never been uploaded if the intruders did not possess the third party
credentials. There are many ways in which the stolen details and the credit cards could be
used for the personal benefits and those were the major issue behind expose of such vital
information. Similar cases have also occurred in past as mentioned earlier, Target data
breach was one of the largest retail breaches in U.S. history. The chronological order
presentation of the retail breach is also mentioned in the case study that clearly depicts the
number of attacks being driven in a single year after the attempts driven by Target breach.
Such uncertainties and willingly driven attacks do not only influence the consumers' interest,
however, but it also influences the organization financially (Cooper & Zywicki, 2017). Many
attempts are being driven for making the payment system much secure than it is now or
was before the intrusions such as Point-to-Point encryption, Chip and Pin Cards, mobile
payments, and many more.
Despite these countermeasures, new strategies are being developed and executed
by the intruders such as hacking, intrusion, or unauthorized access to the online database
and using those data for personal benefits. Even in the present time, there are ways through
which intruders can gain access to the data related to the credit cards those could be used
for unauthorized payment transaction and personal benefits of the intruder. This includes
physical access and database hacking for the generation of information that can be used for
unauthorized access (Weiss & Miller, 2015). Moving forward towards the case study, it was
1.
The Home Depot Data Breach
found that the Home Depot does not consider target data breach seriously and the same
pain caused to them after a certain period. The intruders use the third party credentials as
mentioned above for getting access to the network however, it was not sufficient for the
plans they were developing for accessing the consumers' data and information related to
the credit card details. So, they deployed the zero vulnerability in windows in a manner to
gain the necessary access to the home depot environment (Devis, Levy & Delak, 2018).
Furthermore, it also allowed intruders to install memory-scraping malware that exposed the
access of about 56 million debit and credit cards in addition to the 53 million email
addresses.
Conclusion
It can be concluded that the POS system of the Home Depot was not secured as
there was not any protection strategy or software installed that could have stopped
intruders from entering the network and accessing the sensitive information. The Point of
Sale System terminals could have been much secured if there was a secured software
configuration or hardware. Moreover, there should be an audit program that would have
monitored the third party credential management and proper monitoring that could have
deployed a much-secured network for the delivery and management of the secured
network for the consumers (Manworren, Letwat & Daily, 2016).
Recommendations
Following are some of the recommendations those need to be implemented in a
manner to make sure that the network is secured enough for tackling the present and
future vulnerabilities and attacks:
1.
found that the Home Depot does not consider target data breach seriously and the same
pain caused to them after a certain period. The intruders use the third party credentials as
mentioned above for getting access to the network however, it was not sufficient for the
plans they were developing for accessing the consumers' data and information related to
the credit card details. So, they deployed the zero vulnerability in windows in a manner to
gain the necessary access to the home depot environment (Devis, Levy & Delak, 2018).
Furthermore, it also allowed intruders to install memory-scraping malware that exposed the
access of about 56 million debit and credit cards in addition to the 53 million email
addresses.
Conclusion
It can be concluded that the POS system of the Home Depot was not secured as
there was not any protection strategy or software installed that could have stopped
intruders from entering the network and accessing the sensitive information. The Point of
Sale System terminals could have been much secured if there was a secured software
configuration or hardware. Moreover, there should be an audit program that would have
monitored the third party credential management and proper monitoring that could have
deployed a much-secured network for the delivery and management of the secured
network for the consumers (Manworren, Letwat & Daily, 2016).
Recommendations
Following are some of the recommendations those need to be implemented in a
manner to make sure that the network is secured enough for tackling the present and
future vulnerabilities and attacks:
1.
The Home Depot Data Breach
1. The latest version of the POS must be used for the processing of the payment
transaction in manner to harness all the benefits of the new operating system being used
for operating this system.
2. The second most powerful option for restricting unauthorized access include
installation of the updated antivirus software that can be utilized for enhancing the security
concept and managing the antimalware and threats those could influence overall security
(Wang, Hahn & Sutrave, 2016).
3. Other approaches such as installing a layer of defense other than the management
layer that can be helpful in preventing the compromise of the POS devices and thus,
improving the security system of the network.
4. Third party management has been resulted in drastic way for the home depot
however, for the present and future aspect the best approach can be to hire the third party.
As all the risks can be transferred to the third parties and compensation can be gained when
there is any intrusion or breach cause defects in the present network.
1.
1. The latest version of the POS must be used for the processing of the payment
transaction in manner to harness all the benefits of the new operating system being used
for operating this system.
2. The second most powerful option for restricting unauthorized access include
installation of the updated antivirus software that can be utilized for enhancing the security
concept and managing the antimalware and threats those could influence overall security
(Wang, Hahn & Sutrave, 2016).
3. Other approaches such as installing a layer of defense other than the management
layer that can be helpful in preventing the compromise of the POS devices and thus,
improving the security system of the network.
4. Third party management has been resulted in drastic way for the home depot
however, for the present and future aspect the best approach can be to hire the third party.
As all the risks can be transferred to the third parties and compensation can be gained when
there is any intrusion or breach cause defects in the present network.
1.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The Home Depot Data Breach
References
Cooper, J. C., & Zywicki, T. J. (2017). A chip off the old block or a new direction for payment
card security? Chips, Pins, and the Law and Economics of Payment Card Fraud.
Davis, K., Levy, Y., & Delak, B. (2018). Towards a Development of Cybersecurity Risk-
Responsibility Taxonomy of Small Enterprises for Data Breach Risk Mitigation.
Hawkins, B. (2015). Case study: The home depot data breach. Retrieved January 19, 2016.
Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data
breach. Business Horizons, 59(3), 257-266.
Roberts, J. J. (2017). Home Depot to Pay Banks $25 Million in Data Breach Settlement.
Fortune.
Wang, Y., Hahn, C., & Sutrave, K. (2016, February). Mobile payment security, threats, and
challenges. In Mobile and Secure Services (MobiSecServ), 2016 Second International
Conference on (pp. 1-5). IEEE.
Weiss, N. E., & Miller, R. S. (2015, February). The target and other financial data breaches:
Frequently asked questions. In Congressional Research Service, Prepared for
Members and Committees of Congress February (Vol. 4, p. 2015).
1.
References
Cooper, J. C., & Zywicki, T. J. (2017). A chip off the old block or a new direction for payment
card security? Chips, Pins, and the Law and Economics of Payment Card Fraud.
Davis, K., Levy, Y., & Delak, B. (2018). Towards a Development of Cybersecurity Risk-
Responsibility Taxonomy of Small Enterprises for Data Breach Risk Mitigation.
Hawkins, B. (2015). Case study: The home depot data breach. Retrieved January 19, 2016.
Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data
breach. Business Horizons, 59(3), 257-266.
Roberts, J. J. (2017). Home Depot to Pay Banks $25 Million in Data Breach Settlement.
Fortune.
Wang, Y., Hahn, C., & Sutrave, K. (2016, February). Mobile payment security, threats, and
challenges. In Mobile and Secure Services (MobiSecServ), 2016 Second International
Conference on (pp. 1-5). IEEE.
Weiss, N. E., & Miller, R. S. (2015, February). The target and other financial data breaches:
Frequently asked questions. In Congressional Research Service, Prepared for
Members and Committees of Congress February (Vol. 4, p. 2015).
1.
1 out of 8
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.