Analysis of Information Security Breaches Due to Lack of Cyber Hygiene
VerifiedAdded on 2022/08/23
|9
|2153
|17
Report
AI Summary
This briefing paper examines the critical importance of cyber hygiene in maintaining information security within organizations. The paper highlights the vulnerability of organizations, including the ACT government and Home Depot, to cyberattacks due to a lack of employee and security personnel awareness regarding cyber hygiene practices. The analysis covers control weaknesses, risk reduction strategies, and effective cost control measures. It presents case studies of data breaches, emphasizing the financial and reputational consequences of insufficient cyber hygiene, and underscores the need for comprehensive security training and awareness programs. The report concludes by emphasizing that cyber hygiene is a crucial element for protecting confidential information and maintaining the integrity of businesses.
Running head: BRIEFING PAPER: INFORMATION SECURITY
Briefing Paper: Information Security
Name of the Student
Name of the University
Author Note
Briefing Paper: Information Security
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1BRIEFING PAPER: INFORMATION SECURITY
Name:
[Name of the Person addressed to]
Date:
Subject:
Information Security issues due to lack of Cyber Hygiene
Background:
As per the report that is being talked about in this case, there are several issues that
has been detected in the previous times due to the cyber-attacks impacting on an organisation
only because of the lack of knowledge of Cyber hygiene in the people within the
organisation. There has been several expose attack that were analysed and it was found that
online security was not maintained (Such et al. 2019). There were two attacking incidents
that are involving in this case that would be described in details. This would begin with the
analysis of attacks on the ACT government and the analysis of the same attack which show
that there was lack of awareness in the security expert that would protect the cyber hygiene of
the organisation.
However, it was also found that when the security personnel were asked about the
absence of Cyber hygiene methods to protect the information security of the people working
within the organisation, they responded that they did not understand why they would have to
develop a two-step authentication verification process or even maintain a cyber hygiene
procedure to protect the data as they were not a bank where transactions would occur every
now and then (Laws et al. 2018). This point clearly states that this was not an act of data
breaching due to the occurrences of malicious activities by hacker but clearly states how lack
of awareness about computer security has got into the security officers within the
organisation. These people do not understand that the employees and their information that
Name:
[Name of the Person addressed to]
Date:
Subject:
Information Security issues due to lack of Cyber Hygiene
Background:
As per the report that is being talked about in this case, there are several issues that
has been detected in the previous times due to the cyber-attacks impacting on an organisation
only because of the lack of knowledge of Cyber hygiene in the people within the
organisation. There has been several expose attack that were analysed and it was found that
online security was not maintained (Such et al. 2019). There were two attacking incidents
that are involving in this case that would be described in details. This would begin with the
analysis of attacks on the ACT government and the analysis of the same attack which show
that there was lack of awareness in the security expert that would protect the cyber hygiene of
the organisation.
However, it was also found that when the security personnel were asked about the
absence of Cyber hygiene methods to protect the information security of the people working
within the organisation, they responded that they did not understand why they would have to
develop a two-step authentication verification process or even maintain a cyber hygiene
procedure to protect the data as they were not a bank where transactions would occur every
now and then (Laws et al. 2018). This point clearly states that this was not an act of data
breaching due to the occurrences of malicious activities by hacker but clearly states how lack
of awareness about computer security has got into the security officers within the
organisation. These people do not understand that the employees and their information that
2BRIEFING PAPER: INFORMATION SECURITY
are registered within the organisation directory, are extremely important it and severely prone
to data breach attacks. The value of employee personal information and their confidentiality
over the cyber world is not known to the people within the organisation or even the security
expert (Fabiano 2019). They are of the opinion that since these do not fall under the
transactional details of a person to be recovered online, the organisation does not require
maintenance of Cyber hygiene.
Analysis:
Analysing the case, it should be said that there are several cyber security measures
taken within different organisations, yet there are several cases and news reports that still
claim that very few organizations are also falling victim to cyber security attacks (ABC News
2020). When mostly the attacks are often seen to be occurring due to the malicious acts by
unauthorised hackers, there are other reports that clearly show that all of these attacks could
have been clearly avoided.
Control Weaknesses: In this case, it should be mentioned what cyber hygiene means
as a concept. The definition of Cyber hygiene clearly describe that the practices are the steps
that computers and other devices take for maintaining the health of the system and for
increasing the amount of online security (Nolan, Lawyer and Dodd 2019). Mostly it forms
within a routine of an organisation or even for an individual user to decipher and maintain
several steps that would maintain the system health and online security of a device.
Irrespective of the offline and online activities, cyber hygiene will maintain the online
security and system health of the device when it is implied carefully (Vishwanath et al.
2020). Now in this case, the government organisation had reported that its critical data and
confidential information was except by the outside unauthorised hackers twice in in a time
period of less than 6 months right in the year 2018 (Corradini and Nardelli 2019). The first
are registered within the organisation directory, are extremely important it and severely prone
to data breach attacks. The value of employee personal information and their confidentiality
over the cyber world is not known to the people within the organisation or even the security
expert (Fabiano 2019). They are of the opinion that since these do not fall under the
transactional details of a person to be recovered online, the organisation does not require
maintenance of Cyber hygiene.
Analysis:
Analysing the case, it should be said that there are several cyber security measures
taken within different organisations, yet there are several cases and news reports that still
claim that very few organizations are also falling victim to cyber security attacks (ABC News
2020). When mostly the attacks are often seen to be occurring due to the malicious acts by
unauthorised hackers, there are other reports that clearly show that all of these attacks could
have been clearly avoided.
Control Weaknesses: In this case, it should be mentioned what cyber hygiene means
as a concept. The definition of Cyber hygiene clearly describe that the practices are the steps
that computers and other devices take for maintaining the health of the system and for
increasing the amount of online security (Nolan, Lawyer and Dodd 2019). Mostly it forms
within a routine of an organisation or even for an individual user to decipher and maintain
several steps that would maintain the system health and online security of a device.
Irrespective of the offline and online activities, cyber hygiene will maintain the online
security and system health of the device when it is implied carefully (Vishwanath et al.
2020). Now in this case, the government organisation had reported that its critical data and
confidential information was except by the outside unauthorised hackers twice in in a time
period of less than 6 months right in the year 2018 (Corradini and Nardelli 2019). The first
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3BRIEFING PAPER: INFORMATION SECURITY
incident occurred when the hackers had the access to the government directory and this was
crucial enough because the directory contains several contact information of the corporate
people.
Risk Reducing: One of the most crucial facts of this system was because of the
breach that occurred, ACT government had installed a two-step authentication method right
after this data breach had occurred for a mechanism of risk reduction (Kelley 2018).
However, still there was a second attack. Several departments have expressed their
grievances over the poor choice of cybersecurity methods and maintenance of Cyber hygiene
due to lack of awareness within the organisation.
Effective Cost Control: Effective cost control can be achieved at this stage by
immediately making all the employees in the organisation be educated about cyber hygiene
and create more awareness on how each one of them can monitor their own activities to
understand if these are being effectively adding to provide security to the confidential data of
the organisation and the customers (Maennel, Mäses and Maennel 2018).
Further, there would be two particular incidents taken from news reports and articles
to understand how the people within an organisation has lesser information and awareness
about the data breaches and cyber hygiene maintenance procedures. Following would be to
clear description of incidents which would specify the same:
Article 1:
Krebsonsecurity.com. 2020. Home Depot Breach — Krebs On Security. [online]
Available at: <http://krebsonsecurity.com/tag/home-depot-breach/> [Accessed 20
March 2020].
This particular incident is about home depot which is an organisation in the United
states. The organisation had several Debit Card and Credit card data of the customers with the
incident occurred when the hackers had the access to the government directory and this was
crucial enough because the directory contains several contact information of the corporate
people.
Risk Reducing: One of the most crucial facts of this system was because of the
breach that occurred, ACT government had installed a two-step authentication method right
after this data breach had occurred for a mechanism of risk reduction (Kelley 2018).
However, still there was a second attack. Several departments have expressed their
grievances over the poor choice of cybersecurity methods and maintenance of Cyber hygiene
due to lack of awareness within the organisation.
Effective Cost Control: Effective cost control can be achieved at this stage by
immediately making all the employees in the organisation be educated about cyber hygiene
and create more awareness on how each one of them can monitor their own activities to
understand if these are being effectively adding to provide security to the confidential data of
the organisation and the customers (Maennel, Mäses and Maennel 2018).
Further, there would be two particular incidents taken from news reports and articles
to understand how the people within an organisation has lesser information and awareness
about the data breaches and cyber hygiene maintenance procedures. Following would be to
clear description of incidents which would specify the same:
Article 1:
Krebsonsecurity.com. 2020. Home Depot Breach — Krebs On Security. [online]
Available at: <http://krebsonsecurity.com/tag/home-depot-breach/> [Accessed 20
March 2020].
This particular incident is about home depot which is an organisation in the United
states. The organisation had several Debit Card and Credit card data of the customers with the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4BRIEFING PAPER: INFORMATION SECURITY
banks but due to the attack by a malicious hacker in April 2014, the data of these customers
were compromised (Krebsonsecurity.com 2020). This was not only due to the fact that the
attackers had breached the credit card and debit card information but also due to the lack of
awareness in the organisation to maintain cyber hygiene. It was disturbing at such a level that
even after the breach occurred, the organisation had no clue of how the information gathered
by the hacker can be misinterpreted or misused.
It was found that the organisation and its security personnel have no clue that the
credit card and debit card information can be misinterpreted and misused by the hackers for
forging a counterfeit transaction as well. It clearly describes that not just the above analysis of
an incident but also there are other evidences in the Industry that clearly specifies how
organisations do not have adequate knowledge or Awareness of Cyber hygiene to protect the
confidential data of these organisation from malicious hackers. Following would be another
evidence of major cyber security attack that was cyber risks.
Article 2:
Kamleitner, B., Mitchell, V.W., Stephen, A.T. and Kolah, A., 2018. Your customers may
be the weakest link in your data privacy defenses. MIT Sloan Management Review.
The recent cyber Security Analysis audit had concluded that there are several security
training awareness programs that are questionable within the organisation mostly 78% of the
time. Ransom or extortion demands of also increased at such a level that the cyber laws
within the businesses and it expenses have gone beyond 70,000 US dollars. Employees are
not giving with security awareness training and it is also important to note that the training
required for organisations and its employees for having a proper cyber security awareness
requires infiltration of resources (Kamleitner et al. 2018). This means that there are some
requirement of proper analysis about the type and amount of investment required within an
banks but due to the attack by a malicious hacker in April 2014, the data of these customers
were compromised (Krebsonsecurity.com 2020). This was not only due to the fact that the
attackers had breached the credit card and debit card information but also due to the lack of
awareness in the organisation to maintain cyber hygiene. It was disturbing at such a level that
even after the breach occurred, the organisation had no clue of how the information gathered
by the hacker can be misinterpreted or misused.
It was found that the organisation and its security personnel have no clue that the
credit card and debit card information can be misinterpreted and misused by the hackers for
forging a counterfeit transaction as well. It clearly describes that not just the above analysis of
an incident but also there are other evidences in the Industry that clearly specifies how
organisations do not have adequate knowledge or Awareness of Cyber hygiene to protect the
confidential data of these organisation from malicious hackers. Following would be another
evidence of major cyber security attack that was cyber risks.
Article 2:
Kamleitner, B., Mitchell, V.W., Stephen, A.T. and Kolah, A., 2018. Your customers may
be the weakest link in your data privacy defenses. MIT Sloan Management Review.
The recent cyber Security Analysis audit had concluded that there are several security
training awareness programs that are questionable within the organisation mostly 78% of the
time. Ransom or extortion demands of also increased at such a level that the cyber laws
within the businesses and it expenses have gone beyond 70,000 US dollars. Employees are
not giving with security awareness training and it is also important to note that the training
required for organisations and its employees for having a proper cyber security awareness
requires infiltration of resources (Kamleitner et al. 2018). This means that there are some
requirement of proper analysis about the type and amount of investment required within an
5BRIEFING PAPER: INFORMATION SECURITY
organisation so that they can have an infrastructure that properly trains the people within the
organisation and make them accept the regular habits of maintaining cyber security and cyber
hygiene. This would make each and every people within the organisation understand what the
differences between the regular activities and these activities to be prone to cyber security
problems are. Several people within the organisation do not know which exact occurrences of
incidents that they perform in the day to day life within the organisation make them be
vulnerable to Cyber cyberattacks.
Thus, for every organisation it is important that the people who do not understand the
need of Cyber hygiene and how this can be maintained as several occurrences of incidence
clearly show that the data breaches and the cyber-attacks happening because the daily
activities within the lives of the people are not capable enough to put up with the
vulnerability of the organisations to the cyber attackers (Panda et al. 2020). In conclusion it
must be said that the evidences of different incidents have clearly pointed out that there are
several people within the organisation including the security officers that have the lack of
Cyber hygiene awareness which often claims the probable vulnerability of an organisation.
Thus, from the incidents that have been described above, their analysis and other evidences, it
is clear that cyber hygiene is lacking in over 78% organisations who have implemented
Information Technology systems and online activities to carry on the day to day business
(Camillo 2017). This can cause and claim the confidential information of several employees
and customers causing the loss of business, loss of resources and even the loss of integrity for
the business. Not only has that it also claimed the right to information privacy of the
customers and employees within the organisation.
Contact:
[The name of the person preparing the briefing report]
organisation so that they can have an infrastructure that properly trains the people within the
organisation and make them accept the regular habits of maintaining cyber security and cyber
hygiene. This would make each and every people within the organisation understand what the
differences between the regular activities and these activities to be prone to cyber security
problems are. Several people within the organisation do not know which exact occurrences of
incidents that they perform in the day to day life within the organisation make them be
vulnerable to Cyber cyberattacks.
Thus, for every organisation it is important that the people who do not understand the
need of Cyber hygiene and how this can be maintained as several occurrences of incidence
clearly show that the data breaches and the cyber-attacks happening because the daily
activities within the lives of the people are not capable enough to put up with the
vulnerability of the organisations to the cyber attackers (Panda et al. 2020). In conclusion it
must be said that the evidences of different incidents have clearly pointed out that there are
several people within the organisation including the security officers that have the lack of
Cyber hygiene awareness which often claims the probable vulnerability of an organisation.
Thus, from the incidents that have been described above, their analysis and other evidences, it
is clear that cyber hygiene is lacking in over 78% organisations who have implemented
Information Technology systems and online activities to carry on the day to day business
(Camillo 2017). This can cause and claim the confidential information of several employees
and customers causing the loss of business, loss of resources and even the loss of integrity for
the business. Not only has that it also claimed the right to information privacy of the
customers and employees within the organisation.
Contact:
[The name of the person preparing the briefing report]
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6BRIEFING PAPER: INFORMATION SECURITY
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7BRIEFING PAPER: INFORMATION SECURITY
References
ABC News. 2020. ACT Government Hacks Expose Weaknesses In Territory's Cyber
Security: Expert. [online] Available at: <https://www.abc.net.au/news/2019-12-02/cyber-
security-act-government-hack-awareness/11755394> [Accessed 20 March 2020].
Camillo, M., 2017. Cyber risk and the changing role of insurance. Journal of Cyber
Policy, 2(1), pp.53-63.
Corradini, I. and Nardelli, E., 2019, July. Social Engineering and the Value of Data: The
Need of Specific Awareness Programs. In International Conference on Applied Human
Factors and Ergonomics (pp. 59-65). Springer, Cham.
Fabiano, N., 2017, July. The Internet of Things ecosystem: The blockchain and privacy
issues. The challenge for a global privacy standard. In 2017 International Conference on
Internet of Things for the Global Community (IoTGC) (pp. 1-7). IEEE.
Kamleitner, B., Mitchell, V.W., Stephen, A.T. and Kolah, A., 2018. Your customers may be
the weakest link in your data privacy defenses. MIT Sloan Management Review.
Kelley, D., 2018. Investigation of attitudes towards security behaviors. McNair Research
Journal SJSU, 14(1), p.10.
Krebsonsecurity.com. 2020. Home Depot Breach — Krebs On Security. [online] Available at:
<http://krebsonsecurity.com/tag/home-depot-breach/> [Accessed 20 March 2020].
Laws, G., Nowatkowski, M., Heslen, J. and Vericella, S., 2018, June. Guidelines for Cyber
Hygiene in Online Education. In ANNUAL (p. 93).
Maennel, K., Mäses, S. and Maennel, O., 2018, November. Cyber Hygiene: The Big Picture.
In Nordic Conference on Secure IT Systems (pp. 291-305). Springer, Cham.
References
ABC News. 2020. ACT Government Hacks Expose Weaknesses In Territory's Cyber
Security: Expert. [online] Available at: <https://www.abc.net.au/news/2019-12-02/cyber-
security-act-government-hack-awareness/11755394> [Accessed 20 March 2020].
Camillo, M., 2017. Cyber risk and the changing role of insurance. Journal of Cyber
Policy, 2(1), pp.53-63.
Corradini, I. and Nardelli, E., 2019, July. Social Engineering and the Value of Data: The
Need of Specific Awareness Programs. In International Conference on Applied Human
Factors and Ergonomics (pp. 59-65). Springer, Cham.
Fabiano, N., 2017, July. The Internet of Things ecosystem: The blockchain and privacy
issues. The challenge for a global privacy standard. In 2017 International Conference on
Internet of Things for the Global Community (IoTGC) (pp. 1-7). IEEE.
Kamleitner, B., Mitchell, V.W., Stephen, A.T. and Kolah, A., 2018. Your customers may be
the weakest link in your data privacy defenses. MIT Sloan Management Review.
Kelley, D., 2018. Investigation of attitudes towards security behaviors. McNair Research
Journal SJSU, 14(1), p.10.
Krebsonsecurity.com. 2020. Home Depot Breach — Krebs On Security. [online] Available at:
<http://krebsonsecurity.com/tag/home-depot-breach/> [Accessed 20 March 2020].
Laws, G., Nowatkowski, M., Heslen, J. and Vericella, S., 2018, June. Guidelines for Cyber
Hygiene in Online Education. In ANNUAL (p. 93).
Maennel, K., Mäses, S. and Maennel, O., 2018, November. Cyber Hygiene: The Big Picture.
In Nordic Conference on Secure IT Systems (pp. 291-305). Springer, Cham.
8BRIEFING PAPER: INFORMATION SECURITY
Nolan, C., Lawyer, G. and Dodd, R.M., 2019. Cybersecurity: today’s most pressing
governance issue. Journal of Cyber Policy, pp.1-17.
Panda, S., Panaousis, E., Loukas, G. and Laoudias, C., 2020. Optimizing Investments in
Cyber Hygiene for Protecting Healthcare Users. arXiv preprint arXiv:2001.03782.
Such, J.M., Ciholas, P., Rashid, A., Vidler, J. and Seabrook, T., 2019. Basic Cyber Hygiene:
Does It Work?. Computer, 52(4), pp.21-31.
Vishwanath, A., Neo, L.S., Goh, P., Lee, S., Khader, M., Ong, G. and Chin, J., 2020. Cyber
hygiene: The concept, its measure, and its initial tests. Decision Support Systems, 128,
p.113160.
Nolan, C., Lawyer, G. and Dodd, R.M., 2019. Cybersecurity: today’s most pressing
governance issue. Journal of Cyber Policy, pp.1-17.
Panda, S., Panaousis, E., Loukas, G. and Laoudias, C., 2020. Optimizing Investments in
Cyber Hygiene for Protecting Healthcare Users. arXiv preprint arXiv:2001.03782.
Such, J.M., Ciholas, P., Rashid, A., Vidler, J. and Seabrook, T., 2019. Basic Cyber Hygiene:
Does It Work?. Computer, 52(4), pp.21-31.
Vishwanath, A., Neo, L.S., Goh, P., Lee, S., Khader, M., Ong, G. and Chin, J., 2020. Cyber
hygiene: The concept, its measure, and its initial tests. Decision Support Systems, 128,
p.113160.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.