Sign In
Not register? Register Now!
Essay Available:
Pages:
3 pages/≈825 words
Sources:
Check Instructions
Style:
APA
Subject:
Business & Marketing
Type:
Case Study
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 12.96
Topic:

Data breach at Equifax

Case Study Instructions:

Case study = Page 75 to 96 in attached document
Identify the key factors that created the weak security situation in a company.
Discuss vulnerabilities that were exploited in Equifax incident.
Provide assessment of appropriate organizational and security controls that were put in place by the company before the breach.
Consider the measures the company has taken to recover from the incident.
Evaluate post-attack security measures.
Discuss and prioritise the risks.
Could have this incident been prevented
Evaluate the company’s response to this incident and the measures proposed by US government. Which of these measures can be adopted by other companie
Must use the following as references as much as possible:
https://www(dot)gao(dot)gov/products/GAO-18-559
https://mcmillan(dot)ca/Files/203115_Cybersecurity_The_Legal_Landscape_in_Canada_October.pdf
https://www(dot)blueliv(dot)com/resources/reports/The_credential_theft_ecosystem.pdf
https://is(dot)muni(dot)cz/el/1423/podzim2018/BSS469/um/P.W._Singer__Allan_Friedman_-_Cybersecurity_and_Cyberwar__What_Everyone_Needs_to_Know___2014__Oxford_University_Press_.pdf



b. Clearly stated the problem faced by /10 DataClear and its leadership (Note: what
specifically is the decision to be made within the context of the case. Ensure you specifically differentiate between the problem and its symptoms.)
c. Demonstrated a thorough analysis supported /25 by academic as well as other sources (Note: The analysis should be in response to the posed
case questions and should incorporate assigned readings, the case and external sources.)
d. Presented recommendations (action plan) /10 (Note: Ensure your recommendations are
supported by evidence from readings and research).

Case Study Sample Content Preview:

Equifax Data Breach
Student’s Name
Institutional Affiliation

Equifax Data Breach
The primary factors that caused the weak security measures at Equifax were the vulnerabilities of the Apache Struts, patch management process and internal controls, the lack of accountability at Equifax’s organizational structure, and technological barriers. Although Equifax had a team of cybersecurity expert in place, these individuals did not carry out their duties well, which gave hackers enough time to create more than 30 backdoors to the company’s system. In particular, hackers began collecting personal identifying information (PII) of registered users on March 10, 2017 (Srinivasan, Pitcher, & Goldberg, 2019). Equifax Countermeasures team identified the breach on July 29 after it updated the certificates of 74 Secure Sockets Layer (SSL).
Hackers exploited the Apache Struts vulnerabilities to access the PII of users from Equifax databases for several months without raising the alarm. These cybercriminals were intelligent, and that is the reason why they created over thirty backdoors using web shells to make it difficult being traced and ensure consistent access to the system (Srinivasan, Pitcher, & Goldberg, 2019). In that case, if one loophole was closed, hackers were left with 29 others, which enabled them to continue exploiting the system. Additionally, it appears like Equifax Countermeasures team did not update the SSL certificates regularly. For this reason, it was hard for them to monitor the traffic and detect any cyber-attack attempt.
Before the breach, Equifax had tried to implement appropriate organizational and security controls. For instance, the chief information officer (CIO) and chief security officer (CSO) were required to work together with the team of cybersecurity to identify and close any loophole. Moreover, SSL certificates were needed to be updated regularly. However, since Equifax was expanding rapidly by acquiring other firms, its systems were not integrated well, which made it easy for hackers to exploit the company’s databases and obtain PII of about 143 million users.
The 2017 Equifax breach was an eye-opener for the company’s cybersecurity team. One of the measures that Equifax emphasized when recovering from the incident was the regular updates of SSL certificates. The other strategy was integrating the ACIS portal to Equifax network. Before the breach, the ACIS portal was operating independently, which was done deliberately to improve operational efficiency. However, this decision increased data breach severity (GAO, 2018). Another measure that was taken to help Equifax recover from the incident was the enhancement of the fraud alert procedures to prevent further damage of the organization in the case of another security breach.
For Equifax to avoid similar breaches in the future, it adopted various post-attack security measures. First, the company limited the access to sensitive files that would permit hackers to obtain information from its databases outside the ACIS portal. Second, there was appropriate segmentation of the ACIS portal to the Equifax network. Third, the CSO was obliged to ensure that all security experts attended meeting meant to address v...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Order

👀 Other Visitors are Viewing These APA Case Study Samples:

HIRE A WRITER FROM $11.95 / PAGE
ORDER WITH 15% DISCOUNT!
Order Now