Data Breach at National Australia Bank: Security Issues and Responses
VerifiedAdded on  2023/01/12
|7
|2344
|37
Case Study
AI Summary
This case study analyzes the data breach incident at National Australia Bank (NAB), focusing on the security vulnerabilities and the bank's response. The report outlines the overview of the problem, which involved the unauthorized access of customer data. It investigates the common security issues auditors need to address, such as malicious insiders and malware. The case study details NAB's response to the breach and proposes information security measures the bank should adopt, including strong passwords, firewalls, antivirus protection, laptop security, and scheduled backups. The study also explores the role of cloud computing in information security, highlighting its benefits in protecting data through firewalls, access control, and disaster recovery. The conclusion emphasizes the importance of securing customer data and the impact of data breaches on both the company and its customers. The case study references various books and journals to support its findings.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Case study of
National
Australia Bank
National
Australia Bank
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
INTRODUCTION....................................................................................................................................3
MAIN BODY...........................................................................................................................................3
Overview of addressed problem...........................................................................................................3
Describe common security issues that an auditors need to investigate................................................4
Describe NAB’s response to the data breach.......................................................................................4
Propose information security measures NAB should adopt................................................................5
Role of cloud computing in information security................................................................................6
CONCLUSION........................................................................................................................................6
REFERENCES.........................................................................................................................................8
MAIN BODY...........................................................................................................................................3
Overview of addressed problem...........................................................................................................3
Describe common security issues that an auditors need to investigate................................................4
Describe NAB’s response to the data breach.......................................................................................4
Propose information security measures NAB should adopt................................................................5
Role of cloud computing in information security................................................................................6
CONCLUSION........................................................................................................................................6
REFERENCES.........................................................................................................................................8
INTRODUCTION
Data breach is confirmed incident in that confidential. Sensitive as well as other protected data
has been accessed or may disclose with an unauthorized fashion. In addition to this, data breaches may
include personal health information, personally identifiable information, trade secrets or intellectual
property. Moreover, common data breach exposures involve personal information of particular person
such as credit card number, social security number, health care history as well as other corporate
information like customer lists, manufacturing processes and software source code.
This report is based on National Australia Bank case study of data breach. It is fourth largest
bank in Australia with contacted approx. 13000 customers. Respective report will give overview of
addressed problem along with common security issues which an auditors need to investigate.
Moreover, it will also describe response of National Australia bank in case of data breach. In addition
to this, security measures which National Australia Bank have adopt in relation of their data breach
will also elaborate. In the end role of cloud computing in information security will explain.
MAIN BODY
Overview of addressed problem
In the cased addressed problem is related to data breach which taken place in National
Australia Bank. Data breach is confirmed incident in that confidential. Sensitive as well as other
protected data has been accessed or may disclose with an unauthorized fashion. In addition to this,
data breaches may include personal health information, personally identifiable information, trade
secrets or intellectual property. Moreover, common data breach exposures involve personal
information of particular person such as credit card number, social security number, health care
history as well as other corporate information like customer lists, manufacturing processes and
software source code. NAB has contacted approx. 13000 customers for advising that some personal
information provided when only their accounts was set up uploaded without any authorisation, to
servers of two data services company.
Describe common security issues that an auditors need to investigate
There are several security issues which auditors need to investigates with National Australia
Bank while conducting audit related to data breach situation. Explanation of these are as follows :-
 Malicious insiders – In organisation many staff member have access to important information
and there will be always a chance that someone will may misuse it. That sounds cynical, but
unfortunately the lure of financial gain from selling data on the dark web is too great for
Data breach is confirmed incident in that confidential. Sensitive as well as other protected data
has been accessed or may disclose with an unauthorized fashion. In addition to this, data breaches may
include personal health information, personally identifiable information, trade secrets or intellectual
property. Moreover, common data breach exposures involve personal information of particular person
such as credit card number, social security number, health care history as well as other corporate
information like customer lists, manufacturing processes and software source code.
This report is based on National Australia Bank case study of data breach. It is fourth largest
bank in Australia with contacted approx. 13000 customers. Respective report will give overview of
addressed problem along with common security issues which an auditors need to investigate.
Moreover, it will also describe response of National Australia bank in case of data breach. In addition
to this, security measures which National Australia Bank have adopt in relation of their data breach
will also elaborate. In the end role of cloud computing in information security will explain.
MAIN BODY
Overview of addressed problem
In the cased addressed problem is related to data breach which taken place in National
Australia Bank. Data breach is confirmed incident in that confidential. Sensitive as well as other
protected data has been accessed or may disclose with an unauthorized fashion. In addition to this,
data breaches may include personal health information, personally identifiable information, trade
secrets or intellectual property. Moreover, common data breach exposures involve personal
information of particular person such as credit card number, social security number, health care
history as well as other corporate information like customer lists, manufacturing processes and
software source code. NAB has contacted approx. 13000 customers for advising that some personal
information provided when only their accounts was set up uploaded without any authorisation, to
servers of two data services company.
Describe common security issues that an auditors need to investigate
There are several security issues which auditors need to investigates with National Australia
Bank while conducting audit related to data breach situation. Explanation of these are as follows :-
 Malicious insiders – In organisation many staff member have access to important information
and there will be always a chance that someone will may misuse it. That sounds cynical, but
unfortunately the lure of financial gain from selling data on the dark web is too great for
many. Employees are also susceptible to use sensitive information maliciously if they are
disgruntled at work or have left the organisation under poor terms and still have access to its
systems.
ï‚· Malware - It is an ideal case of exactly how basic digital wrongdoing can be. Convicts buy a
bit of vindictive programming, discover a framework that contains a known powerlessness,
plant the malware and gather up the prizes. What those prizes are relies upon the sort of
malware. It could be anything from a keylogger, which tracks what a client types into a
machine, to ransomware, which bolts a framework and requests payment for the client to gain
their access again.
These are major security issue which auditor have to investigate while finding reason behind data
breach in National Australia Bank. It is important to find actual reason so that such things will never
happen in future again.
Describe NAB’s response to the data breach
In data breach situation National Australia bank has response that customers need not to take
any legal action in relation of the same. It has been analysed by them that no such unusual activities
has taken place with their accounts as well as personal information. Along with this, they said that
24/7 monitoring process was conducted by them for ensuring their customers security within effective
manner.
Propose information security measures NAB should adopt
It is important for an organisation to take major steps for securing information because data
breach give negative impact on brand image as well as their customers loyalty. No several other
personal information related to bank as well as several other and formation with anyone other if such
practices take place within an organisation will result in several negative impact on their working. In
relation of national Australia Bank it is important for them to take measures tab in relation of data
breach full stop explanation of these are as follows :-
ï‚· Establish strong passwords - it is one of the most common measures which can organisation
can take for securing their data. As National Australian bank should have to put together a
combination of capital, lowercase letter, numbers as well as other symbol for creating and
strong password. They have to ensure that password should not contain any name or birthday
as well as personal information. Along with this it is important to change password on
continuous basis as per the requirement
 Set up a firewall – For National Australia bank firewall is an important initiative which they
can consider for protecting data. Firewalls are mainstay of cloud architecture as it protect
perimeter of NAB network security as well as its end users. In addition to this firewalls also
disgruntled at work or have left the organisation under poor terms and still have access to its
systems.
ï‚· Malware - It is an ideal case of exactly how basic digital wrongdoing can be. Convicts buy a
bit of vindictive programming, discover a framework that contains a known powerlessness,
plant the malware and gather up the prizes. What those prizes are relies upon the sort of
malware. It could be anything from a keylogger, which tracks what a client types into a
machine, to ransomware, which bolts a framework and requests payment for the client to gain
their access again.
These are major security issue which auditor have to investigate while finding reason behind data
breach in National Australia Bank. It is important to find actual reason so that such things will never
happen in future again.
Describe NAB’s response to the data breach
In data breach situation National Australia bank has response that customers need not to take
any legal action in relation of the same. It has been analysed by them that no such unusual activities
has taken place with their accounts as well as personal information. Along with this, they said that
24/7 monitoring process was conducted by them for ensuring their customers security within effective
manner.
Propose information security measures NAB should adopt
It is important for an organisation to take major steps for securing information because data
breach give negative impact on brand image as well as their customers loyalty. No several other
personal information related to bank as well as several other and formation with anyone other if such
practices take place within an organisation will result in several negative impact on their working. In
relation of national Australia Bank it is important for them to take measures tab in relation of data
breach full stop explanation of these are as follows :-
ï‚· Establish strong passwords - it is one of the most common measures which can organisation
can take for securing their data. As National Australian bank should have to put together a
combination of capital, lowercase letter, numbers as well as other symbol for creating and
strong password. They have to ensure that password should not contain any name or birthday
as well as personal information. Along with this it is important to change password on
continuous basis as per the requirement
 Set up a firewall – For National Australia bank firewall is an important initiative which they
can consider for protecting data. Firewalls are mainstay of cloud architecture as it protect
perimeter of NAB network security as well as its end users. In addition to this firewalls also
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
provide assistance to respective bank is safeguarding traffic within several apps which are
stored in cloud.
 Think of antivirus protection – Antivirus as well as anti-malware both are indispensable to
protecting your Data. Antivirus are designed for preventing, search for, detect and remove
viruses but also adware, worms, trojans, and many more.
 Secure every laptop – there is high risk of laptop stolen as they are portable so it is important
to take measure steps in relation of security measures for protecting all the laptops which
employees are using for their daily basis activities. Laptops include important information as
well as customer’s data also. So it is essential for National Australia Bank to take major steps
of securing laptops. For this most simple solution is to encrypt all the laptops in this data will
be unreadable without passwords.
ï‚· Schedule backups - After conducting daily basis work employees can backups schedule to
external hard drives as well as in cloud for keeping data stored safely. For this work right
frequency will be weekly but employees of NAB can do incremental backups within every few
days. Along with this, National Australia Bank can use Wimi also which help in centralizing
documents. With the assistance of this documents can be share with team members, clients as
well as partners in secured manner.
Thus, by taking all the measures mention above it will be easy for National Australian Bank to secure
their data s well as information in more effective manner.
Role of cloud computing in information security
Cloud computing is delivery of several services with the assistance of internet. These resources
involve tools as well as applications such as servers, data storage, databases, networking, software and
many more. Instead of keeping files on hard drivers or local storage device, cloud based storage make
possible for company to save them to a remote database. Furthermore, as long as an electronic device
has access to the web cloud computing has access to data and software programs to run it. Cloud
computing is one of the well known option for people as well as business firm for several reasons
which include cost savings, speed and efficiency, increased productivity, performance as well as
security. National Australia Bank can use cloud security which is set of control based safeguards as
well as technology protection. Main motive of its designing is to protect resources which are stored
online from theft, leakage, data loss and many more.
Cloud computing have its wide role in data security as it provide combination of methods for
protecting data if National Australia Bank. Firewalls are mainstay of cloud architecture as it protect
perimeter of NAB network security as well as its end users. In addition to this firewalls also provide
assistance to respective bank is safeguarding traffic within several apps which are stored in cloud.
Along with this, access control help in protecting data by allowing to set list of different assets
stored in cloud.
 Think of antivirus protection – Antivirus as well as anti-malware both are indispensable to
protecting your Data. Antivirus are designed for preventing, search for, detect and remove
viruses but also adware, worms, trojans, and many more.
 Secure every laptop – there is high risk of laptop stolen as they are portable so it is important
to take measure steps in relation of security measures for protecting all the laptops which
employees are using for their daily basis activities. Laptops include important information as
well as customer’s data also. So it is essential for National Australia Bank to take major steps
of securing laptops. For this most simple solution is to encrypt all the laptops in this data will
be unreadable without passwords.
ï‚· Schedule backups - After conducting daily basis work employees can backups schedule to
external hard drives as well as in cloud for keeping data stored safely. For this work right
frequency will be weekly but employees of NAB can do incremental backups within every few
days. Along with this, National Australia Bank can use Wimi also which help in centralizing
documents. With the assistance of this documents can be share with team members, clients as
well as partners in secured manner.
Thus, by taking all the measures mention above it will be easy for National Australian Bank to secure
their data s well as information in more effective manner.
Role of cloud computing in information security
Cloud computing is delivery of several services with the assistance of internet. These resources
involve tools as well as applications such as servers, data storage, databases, networking, software and
many more. Instead of keeping files on hard drivers or local storage device, cloud based storage make
possible for company to save them to a remote database. Furthermore, as long as an electronic device
has access to the web cloud computing has access to data and software programs to run it. Cloud
computing is one of the well known option for people as well as business firm for several reasons
which include cost savings, speed and efficiency, increased productivity, performance as well as
security. National Australia Bank can use cloud security which is set of control based safeguards as
well as technology protection. Main motive of its designing is to protect resources which are stored
online from theft, leakage, data loss and many more.
Cloud computing have its wide role in data security as it provide combination of methods for
protecting data if National Australia Bank. Firewalls are mainstay of cloud architecture as it protect
perimeter of NAB network security as well as its end users. In addition to this firewalls also provide
assistance to respective bank is safeguarding traffic within several apps which are stored in cloud.
Along with this, access control help in protecting data by allowing to set list of different assets
accessing. For example NAB will allow only manager to access application while restricting other
staff. Through maintaining access control NAB can keep their important data safe from hackers or any
data breach activity. Most important is that cloud provider takes step in protecting data that in transit.
Data security method involves virtual private networks, masking, encryption and so on. Furthermore.
Virtual private networks allow remote personnel for contacting to corporate networks. For remote
access purpose VPN accommodate tablets and Smartphone’s. Moreover, cloud computing also
provides disaster recovery which is key of security as it will help NAB in recovering data which is
stolen or lost. Thus, cloud computing play important role in securing data within National Australia
bank.
CONCLUSION
After going through entire discussion it has been summarised that, it is responsibility of an
organisation to secure data of their customers. Because it include sensitive as well as other protected
data has been accessed or may disclose with an unauthorized fashion. In addition to this, data breaches
may include personal health information, personally identifiable information, trade secrets or
intellectual property. Moreover, common data breach exposures involve personal information of
particular person such as credit card number, social security number, health care history as well as
other corporate information like customer lists, manufacturing processes and software source code. It
is important for an organisation to secure data of their customers breaching of data give negative
impact on both company as well as customers. In information security cloud computing have their big
role.
staff. Through maintaining access control NAB can keep their important data safe from hackers or any
data breach activity. Most important is that cloud provider takes step in protecting data that in transit.
Data security method involves virtual private networks, masking, encryption and so on. Furthermore.
Virtual private networks allow remote personnel for contacting to corporate networks. For remote
access purpose VPN accommodate tablets and Smartphone’s. Moreover, cloud computing also
provides disaster recovery which is key of security as it will help NAB in recovering data which is
stolen or lost. Thus, cloud computing play important role in securing data within National Australia
bank.
CONCLUSION
After going through entire discussion it has been summarised that, it is responsibility of an
organisation to secure data of their customers. Because it include sensitive as well as other protected
data has been accessed or may disclose with an unauthorized fashion. In addition to this, data breaches
may include personal health information, personally identifiable information, trade secrets or
intellectual property. Moreover, common data breach exposures involve personal information of
particular person such as credit card number, social security number, health care history as well as
other corporate information like customer lists, manufacturing processes and software source code. It
is important for an organisation to secure data of their customers breaching of data give negative
impact on both company as well as customers. In information security cloud computing have their big
role.
REFERENCES
Books and Journals
Cadwalladr, C. and Graham-Harrison, E., 2018. Revealed: 50 million Facebook profiles harvested for Cambridge Analytica
in major data breach. The guardian, 17, p.22.
Janakiraman, R., Lim, J.H. and Rishika, R., 2018. The effect of a data breach announcement on customer behavior:
Evidence from a multichannel retailer. Journal of Marketing, 82(2), pp.85-105.
Manworren, N., Letwat, J. and Daily, O., 2016. Why you should care about the Target data breach. Business
Horizons, 59(3), pp.257-266.
Cheng, L., Liu, F. and Yao, D., 2017. Enterprise data breach: causes, challenges, prevention, and future directions. Wiley
Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5), p.e1211.
Gressin, S., 2017. The equifax data breach: What to do. Federal Trade Commission, 8.
Chakraborty, R., Lee, J., Bagchi-Sen, S., Upadhyaya, S. and Rao, H.R., 2016. Online shopping intention in the context of
data breach in online retail stores: An examination of older and younger adults. Decision Support Systems, 83, pp.47-56.
Kashmiri, S., Nicol, C.D. and Hsu, L., 2017. Birds of a feather: intra-industry spillover of the Target customer data breach
and the shielding role of IT, marketing, and CSR. Journal of the Academy of Marketing Science, 45(2), pp.208-228.
Ablon, L., Heaton, P., Lavery, D.C. and Romanosky, S., 2016. Consumer attitudes toward data breach notifications and loss
of personal information. Rand Corporation.
Shu, X., Tian, K., Ciambrone, A. and Yao, D., 2017. Breaking the target: An analysis of target data breach and lessons
learned. arXiv preprint arXiv:1701.04940.
Trautman, L.J. and Ormerod, P.C., 2016. Corporate Directors' and Officers' Cybersecurity Standard of Care: The Yahoo
Data Breach. Am. UL Rev., 66, p.1231.
Thielman, S., 2016. Yahoo hack: 1bn accounts compromised by biggest data breach in history. The Guardian, 15, p.2016.
Gwebu, K.L., Wang, J. and Wang, L., 2018. The role of corporate reputation and crisis response strategies in data breach
management. Journal of Management Information Systems, 35(2), pp.683-714.
Rosati, P., Cummins, M., Deeney, P., Gogolin, F., van der Werff, L. and Lynn, T., 2017. The effect of data breach
announcements beyond the stock price: Empirical evidence on market activity. International Review of Financial
Analysis, 49, pp.146-154.
McSweeney, C.L., 2017. Defending with Clapper: Applying the Supreme Court's Article III Standing Interpretation to Data
Breach Lawsuits. J. High Tech. L., 18, p.71.
Books and Journals
Cadwalladr, C. and Graham-Harrison, E., 2018. Revealed: 50 million Facebook profiles harvested for Cambridge Analytica
in major data breach. The guardian, 17, p.22.
Janakiraman, R., Lim, J.H. and Rishika, R., 2018. The effect of a data breach announcement on customer behavior:
Evidence from a multichannel retailer. Journal of Marketing, 82(2), pp.85-105.
Manworren, N., Letwat, J. and Daily, O., 2016. Why you should care about the Target data breach. Business
Horizons, 59(3), pp.257-266.
Cheng, L., Liu, F. and Yao, D., 2017. Enterprise data breach: causes, challenges, prevention, and future directions. Wiley
Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5), p.e1211.
Gressin, S., 2017. The equifax data breach: What to do. Federal Trade Commission, 8.
Chakraborty, R., Lee, J., Bagchi-Sen, S., Upadhyaya, S. and Rao, H.R., 2016. Online shopping intention in the context of
data breach in online retail stores: An examination of older and younger adults. Decision Support Systems, 83, pp.47-56.
Kashmiri, S., Nicol, C.D. and Hsu, L., 2017. Birds of a feather: intra-industry spillover of the Target customer data breach
and the shielding role of IT, marketing, and CSR. Journal of the Academy of Marketing Science, 45(2), pp.208-228.
Ablon, L., Heaton, P., Lavery, D.C. and Romanosky, S., 2016. Consumer attitudes toward data breach notifications and loss
of personal information. Rand Corporation.
Shu, X., Tian, K., Ciambrone, A. and Yao, D., 2017. Breaking the target: An analysis of target data breach and lessons
learned. arXiv preprint arXiv:1701.04940.
Trautman, L.J. and Ormerod, P.C., 2016. Corporate Directors' and Officers' Cybersecurity Standard of Care: The Yahoo
Data Breach. Am. UL Rev., 66, p.1231.
Thielman, S., 2016. Yahoo hack: 1bn accounts compromised by biggest data breach in history. The Guardian, 15, p.2016.
Gwebu, K.L., Wang, J. and Wang, L., 2018. The role of corporate reputation and crisis response strategies in data breach
management. Journal of Management Information Systems, 35(2), pp.683-714.
Rosati, P., Cummins, M., Deeney, P., Gogolin, F., van der Werff, L. and Lynn, T., 2017. The effect of data breach
announcements beyond the stock price: Empirical evidence on market activity. International Review of Financial
Analysis, 49, pp.146-154.
McSweeney, C.L., 2017. Defending with Clapper: Applying the Supreme Court's Article III Standing Interpretation to Data
Breach Lawsuits. J. High Tech. L., 18, p.71.
1 out of 7
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.