Tuesday, May 5, 2020
Security Mechanism Hacked by POS Malware
Question: Discuss about the Security Mechanism for Hacked by POS Malware. Answer: 1. A security breach is an event which results in an unlawful access of data, service, application or network which bypasses the underlying security mechanism. Computer security is the system which helps to keep the information protected from the theft and also protect the hardware and software information from getting damaged. Computer security protects the information to get harm which may come via network access , code injection and data which caused due to malpractice by the operator. (Krausz,2013). I have chosen an article Eddie Bauer Hacked by POS Malware this article mainly focused on protecting the card through which we pay any bill. Eddie Bauer is a San Francisco-based private company which is a firm of Golden Gate Capital it has 360 stores in the United State and Canada. All these stores of the company get affected by the data breach and 40 stores of this company which was in Germany, southeast Asia and Japan which was safe from a breach. (Schwartz, 2016). The data breach take place by the card payment as nowadays many people prefer to pay the bill through card payment so the personal information of the account is stored in the store computer which was a breach and affect the people as the personal information of their account had been breached. Then the company tells that all the customer personal data are not affected. Then the company determined that the payment card information of the customer which has been used at their retail stores on various dates between January 2, 2016, and July 17, 2016, have been accessed. After that the CEO of the company says that "Not all cardholder transactions during this period were affected. Payment card information which is used by online at eddiebauer.com was not affected they are safe. The CEO of the company told that they are investigating for it and they will find out the attacker as soon as possible and they have also alerted the FBI about this attack to protect the data of the customer. The CEO of the company also told that because of the caution they will offer an identity protection service to all the customer who had the purchases the product from their store and do the card payment between the 2nd January 2016 to 17th July 2016. This incident takes place in the month of august in 2016. After all this the company decided to do something to protect the payment system so they use the computer security system to protect the data and keep it in a secure way. They keep all the information with an id and password which can only be seen by the staff of the store. They also keep some of the data encrypted so nobody can see it. Which the only computer will detect but no one can see the information of the customer. To keep the data secure during billing by a card payment the customer should take care of some of the things so the other cannot affect their details. Some of the thing which should be notify by the customer are, they should be aware of the expedited shipping when there shipping and billing address are different. When the billing and shipping address is different and the customer is forcefully asking for expedited shipping then there is the high possibility of having fraud. We should always make sure about the IP location and credit card address both should match up. One way to clarify the transactions detail , is to check all IP addresses which initiate from countries where the people are not offer shipping. Then people should also watch out the some of the suspicious email accounts. As we can notice that some of the email addresses are dead but steal are in use and you will receive a fraudulent order, so before doing the transaction always check the email address and placed the ord er. Keep a log of credit card number. Before paying the bill people should check the online store is valid or not. Because sometimes some of the website are fraud and they only take the money and take the account detail by all this. So always keep a security code safe so no one can do the transaction from your card. 2. Information security has different types of laws which are mainly designed to protect the personal credentials information and from an unlawful disclosure, access, achievement or some other situation where the unlawful person have access the personally identifiable information for an unauthorized purpose. In health cares data breach notification law is typically requires to covers the entities to execute the breach notification policy, and also report and handle the breach notification. Data breach mainly takes place in any healthcare when there is the loss or theft of any unlawful access to data which contain sensitive or personal information. Data breach covers mainly the personal identification information or individual identification information. In health care management the data are always needed to keep secure as the patient information should be kept secure as mainly personal information is kept in that of an individual person which should be only known by the doctor and patient so data security in the healthcare management is very important in health care. Some of the current laws of information security focus closely on the industry which is specific use of information like the details of the credit report of the medical data relatively than protecting the privacy of the individual. Some of the people believes that protecting the personal information is important then the credit information. Medical data breach means stealing the information of health which includes the personal health information of any human being electronic health record or the medical billing information from their health insurance. As I have done a research of Anthem medical data breach case which takes place on 4th February in the year 2015. The problem in this anthem medical data breach was that in the year 2015 it disclose the criminal hacker who have broken the servers and potentially stolen 37.5 million records from the healthcare system which contain all the personal identification information from the server. Then after few days it came to know that in Anthem has raised the number into 78.8 million peoples data has been affected. (Riley, 2015). According to the anthem the data breach of the medical data has been extended into multiples brands of Anthem Inc. which are use in market as its own healthcare plans which include Anthem Blue Cross as well as the Blue Shield. It also says that all the medical information and financial data of the brand was not compromised. The anthem also faces the problem like civil lawsuits for not having the data encrypted. The data of Anthem was stolen just before the data br each was discovered. (Mathews, 2015). . After the attack company anthem has provided an advisory to the people that whose data has been stolen should always monitor their account and remain watchful of the theft. After that Anthem Inc has a budget of 50 million dollars for the security of the Infrastructure and the facilities. To prevent the attack anthem take some vital step to protect the data. The first security layer is the Login ID and password for the employees and patients. The second step is a started to give the card, token, or a Smartphone app which will produce a temporary password or a lengthy number which will be changed in every hour and minute. Anthem management was not aware about the security arrangement in the company and how much protective that should be. Two layer securities are considered as a best security stage for the company but Anthem did not have two layered security arrangement. Once the anthem has exposed the attack then many IT area were shut down which did not require the two-factor authentication. After that in 7th and 8th February Anthem again reworked all its account which had given the privileged access to the sensitive information which requires the three authentications. The authentications are login, physical token, and a temporary password which will change in every few hours or minutes. After doing all this till now the Anthem still does not know more about the source of the breach like who are stealing the information and how. The ongoing security policies should be as per the industry standard. Federal government also provide some set of rules and regulation to each company which need to be implementing for perfect Infrastructure security inside the organization. Management can ensure the effectiveness of the current security policy by some external security audit and taking feedback from the employees as well. The maintenances of the ongoing s ecurity measures is also required for the proper function of the company. Companies can also adopt the ISO guideline for the security of the company and the data of the consumers. References: Schwartz.M.J., (2016). Eddie Bauer Hacked by POS Malware. houston. (2016). Data breach at health insurer anthem could impact Millions. Retrieved August 25, 2016, from https://krebsonsecurity.com/2015/02/data-breach-at-health-insurer-anthem-could-impact-millions/ MathewSchwartzJ. (2016, August 19). Eddie Bauer hacked by POS Malware. Retrieved August 25, 2016, from https://www.databreachtoday.in/eddie-bauer-hacked-by-pos-malware-a-9348 Krausz, M. (2013). The true cost of information security breaches: A business approach. London, United Kingdom: IT Governance Publishing Riley, C. (2015, February 4). Insurance giant anthem hit by massive data breach. CNN. Retrieved from https://money.cnn.com/2015/02/04/technology/anthem-insurance-hack-data-security/ Mathews, A. W. (2015, February 24). Anthem: Hacked database included 78.8 Million people. . Retrieved fromm https://www.wsj.com/articles/anthem-hacked-database-included-78-8-million-people-1424807364 Houston. (2016). Data breach at health insurer anthem could impact Millions. Retrieved August 25, 2016, from https://krebsonsecurity.com/2015/02/data-breach-at-health-insurer-anthem-could-impact-millions/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.