IT 0 IT 1 Case Study: National Australia Bank Data Breach Analysis
VerifiedAdded on 2022/09/06
|10
|2424
|20
Case Study
AI Summary
This case study examines the 2019 National Australia Bank (NAB) data breach, where sensitive customer data was uploaded without authorization, affecting approximately 13,000 consumers. The assignment analyzes the breach, identifying human error as the primary cause and highlighting common security issues such as malware, DoS attacks, phishing, and ransomware. It details NAB's response, including communication with affected customers and IT infrastructure changes. The study proposes various security measures, including employee training, implementation of security policies, firewalls, two-step verification, encryption, and anti-phishing tools. It also emphasizes the role of cloud computing in enhancing information security and protecting data. The conclusion stresses the importance of proactive security measures and the integration of cloud-based solutions to prevent future breaches and protect sensitive information.
IT 0
Case Study: NAB Data Breach
Case Study: NAB Data Breach
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT 1
Table of Contents
Introduction.................................................................................................................................................2
Overview of the addressed problem...........................................................................................................2
Common security issues..............................................................................................................................3
NAB’s response to the data breach.............................................................................................................4
Information security measures....................................................................................................................4
Provide training and education to the employees...................................................................................5
Implement security policies and adopt IT members................................................................................5
Use firewall networks..............................................................................................................................5
Use two-step verification.........................................................................................................................5
Use encryption technique and anti-phishing tools..................................................................................5
Role of cloud computing in information security........................................................................................6
Conclusion...................................................................................................................................................6
References...................................................................................................................................................8
Table of Contents
Introduction.................................................................................................................................................2
Overview of the addressed problem...........................................................................................................2
Common security issues..............................................................................................................................3
NAB’s response to the data breach.............................................................................................................4
Information security measures....................................................................................................................4
Provide training and education to the employees...................................................................................5
Implement security policies and adopt IT members................................................................................5
Use firewall networks..............................................................................................................................5
Use two-step verification.........................................................................................................................5
Use encryption technique and anti-phishing tools..................................................................................5
Role of cloud computing in information security........................................................................................6
Conclusion...................................................................................................................................................6
References...................................................................................................................................................8
IT 2
Introduction
As per the provided scenario, National Australia Bank is the 4th largest bank in Australia. In
the year 2019, NAB connected around 13,000 consumers to advise that several sensitive
data delivered their account was uploaded without authorization to the 2 data service
communities. This problem lost the data of consumers including name, contact information
and other financial documents and produced data breach concerns. After this attack, it is
found that this data breach occurred due to human error where the team members were
uploaded data to other servers that produced security concerns. The purpose of the
investigation is to review security issues linked to the computing networks and describe
effective security techniques for securing data of users in NAB. This report will include
numerous sections, for example, an overview of the addressed problem, common security
issues, response of NAB towards a data breach, effective security measures and techniques
and role of cloud computing.
Overview of the addressed problem
It is determined that the employees of NAB uploaded data of 13,000 consumers to the
servers of 2 data service communities without taking authority and knowledge that
produced data breach and security threat related problems in the NAB. The Chief Data
Officer reported that after these issues security teams have communicated with
communities who suggested that all information and facts obtained from the servers are
deleted within two hours. This issue was occurred due to human error and produced
breach problems in the NAB that compromised data of users including name, date of birth,
license number and so on (Ahmed, and Hossain, 2014). Moreover, NAB communicated with
the affected consumers through calls and emails and handled the problems occurred in the
workplace. NAB reported that the consumers do not require taking any action regarding
their account as IT members have reviewed their accounts and have not detected any
unusual activity in the systems. Moreover, NAB changed its IT infrastructure and managed
such issues by implementing effective security systems and policies.
Introduction
As per the provided scenario, National Australia Bank is the 4th largest bank in Australia. In
the year 2019, NAB connected around 13,000 consumers to advise that several sensitive
data delivered their account was uploaded without authorization to the 2 data service
communities. This problem lost the data of consumers including name, contact information
and other financial documents and produced data breach concerns. After this attack, it is
found that this data breach occurred due to human error where the team members were
uploaded data to other servers that produced security concerns. The purpose of the
investigation is to review security issues linked to the computing networks and describe
effective security techniques for securing data of users in NAB. This report will include
numerous sections, for example, an overview of the addressed problem, common security
issues, response of NAB towards a data breach, effective security measures and techniques
and role of cloud computing.
Overview of the addressed problem
It is determined that the employees of NAB uploaded data of 13,000 consumers to the
servers of 2 data service communities without taking authority and knowledge that
produced data breach and security threat related problems in the NAB. The Chief Data
Officer reported that after these issues security teams have communicated with
communities who suggested that all information and facts obtained from the servers are
deleted within two hours. This issue was occurred due to human error and produced
breach problems in the NAB that compromised data of users including name, date of birth,
license number and so on (Ahmed, and Hossain, 2014). Moreover, NAB communicated with
the affected consumers through calls and emails and handled the problems occurred in the
workplace. NAB reported that the consumers do not require taking any action regarding
their account as IT members have reviewed their accounts and have not detected any
unusual activity in the systems. Moreover, NAB changed its IT infrastructure and managed
such issues by implementing effective security systems and policies.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT 3
Common security issues
Security is a major concern faced by companies where hackers use malicious codes and
malware networks for performing cyber-crimes and attacks. Aigbe and Akpojaro, (2014)
reported that the security of data is a complex part of the business communities for which
it is significant to understand common security risks that occurred in the computing
devices. Various risk factors that lead to security problems in the business communities
that need to be managed for protecting data from the hackers. These factors include lack of
awareness, presence of unauthorized activities, misconfiguration of networks and
accessing spam or fraud signals into the computing devices.
Bartlett, (2015) reported that malware is a common security issue faced by the
communities where the hackers develop larger viruses and spams that help to reduce the
confidentiality of data and lead data breach issues. Moreover, DoS and ransomware are also
major security attacks that need to be investigated by the auditors in order to protect data
and sensitive information. from a recent study, it is determined that DoS is a kind of cyber-
attack that occurs due to the presence of traffic signals in the computing networks and
servers by which the criminals can obtain login credentials of the user's account and gather
all reliable data of the users. On the opposite side, ransomware is a leading security issue
where the hackers use botnet and malicious programs and transfer larger spams to the
computing networks. By using such processes, criminals can reduce the privacy of
networks and obtain login credentials and obtain sensitive data of the users and business
communities (Habiba, et al., 2014).
After obtaining data criminals encrypt using malicious systems and demand money from
the consumers for earning money. Therefore, it is significant to handle unauthorized
signals from the systems due to which data breach problems can occur and data of users
can be used for illegal purposes. Inukollu, Arsi, and Ravuri, (2014) highlighted that most of
the criminals perform phishing activities where they transfer spam messages and signals to
the users through social networking sites and emails. In which the users click on
transferred signals and loss of confidentiality of data and hackers obtain all sensitive data
without their permission.
Common security issues
Security is a major concern faced by companies where hackers use malicious codes and
malware networks for performing cyber-crimes and attacks. Aigbe and Akpojaro, (2014)
reported that the security of data is a complex part of the business communities for which
it is significant to understand common security risks that occurred in the computing
devices. Various risk factors that lead to security problems in the business communities
that need to be managed for protecting data from the hackers. These factors include lack of
awareness, presence of unauthorized activities, misconfiguration of networks and
accessing spam or fraud signals into the computing devices.
Bartlett, (2015) reported that malware is a common security issue faced by the
communities where the hackers develop larger viruses and spams that help to reduce the
confidentiality of data and lead data breach issues. Moreover, DoS and ransomware are also
major security attacks that need to be investigated by the auditors in order to protect data
and sensitive information. from a recent study, it is determined that DoS is a kind of cyber-
attack that occurs due to the presence of traffic signals in the computing networks and
servers by which the criminals can obtain login credentials of the user's account and gather
all reliable data of the users. On the opposite side, ransomware is a leading security issue
where the hackers use botnet and malicious programs and transfer larger spams to the
computing networks. By using such processes, criminals can reduce the privacy of
networks and obtain login credentials and obtain sensitive data of the users and business
communities (Habiba, et al., 2014).
After obtaining data criminals encrypt using malicious systems and demand money from
the consumers for earning money. Therefore, it is significant to handle unauthorized
signals from the systems due to which data breach problems can occur and data of users
can be used for illegal purposes. Inukollu, Arsi, and Ravuri, (2014) highlighted that most of
the criminals perform phishing activities where they transfer spam messages and signals to
the users through social networking sites and emails. In which the users click on
transferred signals and loss of confidentiality of data and hackers obtain all sensitive data
without their permission.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT 4
Moreover, the companies use computing devices and wireless networks which are easy to
hack by the users by transferring malware signals for which auditors need to investigate
the types of processes used by the criminals. However, few other security concerns need to
be evaluated including spoofing attack, spyware, DDoS attack and so on (Khan, 2016).
Therefore, it is reported that all these are major security issues faced by the communities
and also produce data breach and hacking activities in the business operations for which it
is significant to manage risk factors and aware employees about cyber-crimes.
NAB’s response to the data breach
From the given scenario, it is determined that NAB’s employees transferred the data of
13000 users to 2 business communities that produced data breach issues in the business.
After this concern, NAB responded that compromised data of users included name,
financial information and contact information. Chief data officer reported that the data
breach issue was occurred due to human error and it was not a cyber-security concern.
Moreover, security members of NAB communicated with companies and reported that
breach data and facts were deleted within 2 hours. NAB also responded that users do not
require taking any action as we have reviewed accounts of the consumers and not found
any unusual activity in the system.
The IT members also reported that if government IDs of consumers requires to be reissued,
NAB would cover the cost and provide reliable services to the affected users. Moreover, Ms.
Crisp reported that the management takes complete responsibility and assure users that
they will understand how this happened and will change security networks and
infrastructure for protecting data of the consumers. All these are major responses
highlighted by NAB after the data breach and security concern.
Information security measures
There are numerous security measures and techniques that should adopt by NAB for
protecting data and addressing cyber-crimes. These measures are described below:
Moreover, the companies use computing devices and wireless networks which are easy to
hack by the users by transferring malware signals for which auditors need to investigate
the types of processes used by the criminals. However, few other security concerns need to
be evaluated including spoofing attack, spyware, DDoS attack and so on (Khan, 2016).
Therefore, it is reported that all these are major security issues faced by the communities
and also produce data breach and hacking activities in the business operations for which it
is significant to manage risk factors and aware employees about cyber-crimes.
NAB’s response to the data breach
From the given scenario, it is determined that NAB’s employees transferred the data of
13000 users to 2 business communities that produced data breach issues in the business.
After this concern, NAB responded that compromised data of users included name,
financial information and contact information. Chief data officer reported that the data
breach issue was occurred due to human error and it was not a cyber-security concern.
Moreover, security members of NAB communicated with companies and reported that
breach data and facts were deleted within 2 hours. NAB also responded that users do not
require taking any action as we have reviewed accounts of the consumers and not found
any unusual activity in the system.
The IT members also reported that if government IDs of consumers requires to be reissued,
NAB would cover the cost and provide reliable services to the affected users. Moreover, Ms.
Crisp reported that the management takes complete responsibility and assure users that
they will understand how this happened and will change security networks and
infrastructure for protecting data of the consumers. All these are major responses
highlighted by NAB after the data breach and security concern.
Information security measures
There are numerous security measures and techniques that should adopt by NAB for
protecting data and addressing cyber-crimes. These measures are described below:
IT 5
Provide training and education to the employees
It is determined that the lack of awareness about security threats is a major factor that
produces data breach issues in the communities for which it is significant for NAB to
provide training to employees (Park, 2014). By providing educational programs to the
employees, NAB may be capable to detect fraud and spam signals transmitted by the
attackers and enhance the security of data easily.
Implement security policies and adopt IT members
It is found that a lack of effective security plans can produce problems for the NAB due to
which the hacking issues can occur in the systems. So, it is suggested that NAB should
implement effective security policies and adopt IT members for detecting and handling
malware signals from the computing devices effectively (Singh, and Chatterjee, 2017).
Use firewall networks
A firewall is an effective security tool that has the capability to detect the malware and
traffic signals from the computing devices effectively. NAB should design and implement
firewall networks in the computing devices and install firewall-based servers in the web
browsers in order to handle unauthorized activities. Moreover, NAB may change IT
infrastructure and implement wireless networks and communication systems using
firewall-based routers (Stojmenovic, and Wen, 2014). Therefore, it is highlighted using
such a process, NAB can detect and address the security threats occurred in the computing
devices and enhance the privacy of data.
Use two-step verification
It is highlighted that the employees of NAB use less effective and simple passwords in the
computing devices that can be hacked by the criminals through malicious codes. For
avoiding such issues, NAB should implement two-step verification processes in the
computers and networking systems where they can manage data breach issues and handle
unauthorized activities that occurred in the databases.
Use encryption technique and anti-phishing tools
Encryption is a kind of technique that is now used in the security methods where users can
convert signals or data into codes that cannot be detected by the criminals. So, it is
Provide training and education to the employees
It is determined that the lack of awareness about security threats is a major factor that
produces data breach issues in the communities for which it is significant for NAB to
provide training to employees (Park, 2014). By providing educational programs to the
employees, NAB may be capable to detect fraud and spam signals transmitted by the
attackers and enhance the security of data easily.
Implement security policies and adopt IT members
It is found that a lack of effective security plans can produce problems for the NAB due to
which the hacking issues can occur in the systems. So, it is suggested that NAB should
implement effective security policies and adopt IT members for detecting and handling
malware signals from the computing devices effectively (Singh, and Chatterjee, 2017).
Use firewall networks
A firewall is an effective security tool that has the capability to detect the malware and
traffic signals from the computing devices effectively. NAB should design and implement
firewall networks in the computing devices and install firewall-based servers in the web
browsers in order to handle unauthorized activities. Moreover, NAB may change IT
infrastructure and implement wireless networks and communication systems using
firewall-based routers (Stojmenovic, and Wen, 2014). Therefore, it is highlighted using
such a process, NAB can detect and address the security threats occurred in the computing
devices and enhance the privacy of data.
Use two-step verification
It is highlighted that the employees of NAB use less effective and simple passwords in the
computing devices that can be hacked by the criminals through malicious codes. For
avoiding such issues, NAB should implement two-step verification processes in the
computers and networking systems where they can manage data breach issues and handle
unauthorized activities that occurred in the databases.
Use encryption technique and anti-phishing tools
Encryption is a kind of technique that is now used in the security methods where users can
convert signals or data into codes that cannot be detected by the criminals. So, it is
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT 6
suggested that NAB should design and implement encryption-based systems by which they
can enhance the security of communication systems and private details where users
require private keys for accessing sensitive data. Moreover, IT members should install anti-
phishing tools in the computing networks which can help to detect spams and manage
phishing related attacks easily. Therefore, it is highlighted that all these are effective
security measures and techniques that should be implemented by the NAB to protect data
and manage security concerns in an effective manner.
Role of cloud computing in information security
Wrigley, (2014) reported that cloud computing is an IT technology that delivers a way to
control and handle larger datasets effectively. It plays a significant character in information
security as it helps companies to store larger datasets effectively and provide a backup plan
by which business communities can protect personal and sensitive information. From a
recent study, it is determined that in terms of information security, cloud computing
provides various policies, processes, and controls that work together for protecting
information and financial data of the companies.
The security networks of the companies are mainly configured with the cloud-based
servers for addressing unauthorized access and security risks from the systems. Yi, Qin,
and Li, (2015) stated that cloud computing has the potential to filter traffic signals from the
computing devices and reduce administration overhead related concerns that can
significantly impact on the information security and lead privacy of data easily. Therefore,
it is suggested that NAB should design and implement cloud-based networks in the
business activities and allow cloud servers to store and manage data of the users in order
to protect databases from the criminals.
Conclusion
From the above identification, it may be concluded that security is a major problem that
needs to be evaluated effectively and lack of awareness about cyber-crimes produced data
breach issues in the NAB organization. This paper reviewed a case study based on the
security of the NAB organization and highlighted viewpoints about the major security
suggested that NAB should design and implement encryption-based systems by which they
can enhance the security of communication systems and private details where users
require private keys for accessing sensitive data. Moreover, IT members should install anti-
phishing tools in the computing networks which can help to detect spams and manage
phishing related attacks easily. Therefore, it is highlighted that all these are effective
security measures and techniques that should be implemented by the NAB to protect data
and manage security concerns in an effective manner.
Role of cloud computing in information security
Wrigley, (2014) reported that cloud computing is an IT technology that delivers a way to
control and handle larger datasets effectively. It plays a significant character in information
security as it helps companies to store larger datasets effectively and provide a backup plan
by which business communities can protect personal and sensitive information. From a
recent study, it is determined that in terms of information security, cloud computing
provides various policies, processes, and controls that work together for protecting
information and financial data of the companies.
The security networks of the companies are mainly configured with the cloud-based
servers for addressing unauthorized access and security risks from the systems. Yi, Qin,
and Li, (2015) stated that cloud computing has the potential to filter traffic signals from the
computing devices and reduce administration overhead related concerns that can
significantly impact on the information security and lead privacy of data easily. Therefore,
it is suggested that NAB should design and implement cloud-based networks in the
business activities and allow cloud servers to store and manage data of the users in order
to protect databases from the criminals.
Conclusion
From the above identification, it may be concluded that security is a major problem that
needs to be evaluated effectively and lack of awareness about cyber-crimes produced data
breach issues in the NAB organization. This paper reviewed a case study based on the
security of the NAB organization and highlighted viewpoints about the major security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT 7
issues occurred in the companies. It is found that due to human error, the data of users
were breached in NAB where employees transferred personal data to servers of 2
companies. There are major four security issues that need to be investigated by auditors
including malware, DoS, phishing, and ransomware. Therefore, it is suggested that NAB
should implement firewall-based networks and include encryption systems along with
cloud computing for protecting data from the hackers and enhancing security and
confidentiality of data effectively.
issues occurred in the companies. It is found that due to human error, the data of users
were breached in NAB where employees transferred personal data to servers of 2
companies. There are major four security issues that need to be investigated by auditors
including malware, DoS, phishing, and ransomware. Therefore, it is suggested that NAB
should implement firewall-based networks and include encryption systems along with
cloud computing for protecting data from the hackers and enhancing security and
confidentiality of data effectively.
IT 8
References
Ahmed, M. and Hossain, M.A., (2014) Cloud computing and security issues in the
cloud. International Journal of Network Security & Its Applications, 6(1), p.25.
Aigbe, P. and Akpojaro, J., (2014) Analysis of security issues in electronic payment
systems. International journal of computer applications, 108(10), pp. 12-18.
Bartlett III, R.P., (2015) Do Institutional Investors Value the Rule 10b-5 Private Right of
Action? Evidence from Investors’ Trading Behavior following Morrison v. National
Australia Bank Ltd. The Journal of Legal Studies, 44(1), pp.183-227.
Habiba, U., Masood, R., Shibli, M.A. and Niazi, M.A., (2014) Cloud identity management
security issues & solutions: a taxonomy. Complex Adaptive Systems Modeling, 2(1), p.5.
Inukollu, V.N., Arsi, S. and Ravuri, S.R., (2014) Security issues associated with big data in
cloud computing. International Journal of Network Security & Its Applications, 6(3), p.45.
Khan, M.A., (2016) A survey of security issues for cloud computing. Journal of network and
computer applications, 71(6), pp.11-29.
Park, J., (2014) Global Expansion of National Securities Laws: Extraterritoriality and
Jurisdictional Conflicts. UNHL Rev., 12(2), p.69.
Singh, A., and Chatterjee, K., (2017) Cloud security issues and challenges: A survey. Journal
of Network and Computer Applications, 79(6), pp.88-115.
Stojmenovic, I. and Wen, S., (2014) The fog computing paradigm: Scenarios and security
issues. In 2014 federated conference on computer science and information systems, 12(6), pp.
1-8.
Wrigley, S., (2014) Winner-Business to Business: National Australia Bank Quarterly
Business Survey. Market & Social Research, 22(2), p.54.
References
Ahmed, M. and Hossain, M.A., (2014) Cloud computing and security issues in the
cloud. International Journal of Network Security & Its Applications, 6(1), p.25.
Aigbe, P. and Akpojaro, J., (2014) Analysis of security issues in electronic payment
systems. International journal of computer applications, 108(10), pp. 12-18.
Bartlett III, R.P., (2015) Do Institutional Investors Value the Rule 10b-5 Private Right of
Action? Evidence from Investors’ Trading Behavior following Morrison v. National
Australia Bank Ltd. The Journal of Legal Studies, 44(1), pp.183-227.
Habiba, U., Masood, R., Shibli, M.A. and Niazi, M.A., (2014) Cloud identity management
security issues & solutions: a taxonomy. Complex Adaptive Systems Modeling, 2(1), p.5.
Inukollu, V.N., Arsi, S. and Ravuri, S.R., (2014) Security issues associated with big data in
cloud computing. International Journal of Network Security & Its Applications, 6(3), p.45.
Khan, M.A., (2016) A survey of security issues for cloud computing. Journal of network and
computer applications, 71(6), pp.11-29.
Park, J., (2014) Global Expansion of National Securities Laws: Extraterritoriality and
Jurisdictional Conflicts. UNHL Rev., 12(2), p.69.
Singh, A., and Chatterjee, K., (2017) Cloud security issues and challenges: A survey. Journal
of Network and Computer Applications, 79(6), pp.88-115.
Stojmenovic, I. and Wen, S., (2014) The fog computing paradigm: Scenarios and security
issues. In 2014 federated conference on computer science and information systems, 12(6), pp.
1-8.
Wrigley, S., (2014) Winner-Business to Business: National Australia Bank Quarterly
Business Survey. Market & Social Research, 22(2), p.54.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT 9
Yi, S., Qin, Z. and Li, Q., (2015) Security and privacy issues of fog computing: A survey.
In International conference on wireless algorithms, systems, and applications, 12(6), pp. 685-
695.
Yi, S., Qin, Z. and Li, Q., (2015) Security and privacy issues of fog computing: A survey.
In International conference on wireless algorithms, systems, and applications, 12(6), pp. 685-
695.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.