Key Topics
Requirement
Question: DATA BREACH INCIDENTS
PART A
The incident of a Computer security breach in Verizon Enterprise Solutions:
Verizon Enterprise Solutions was established in January 2006 and came up again as Verizon Enterprise Solutions on 1 January 2012. And the president of Verizon Enterprise Solutions is Chris Format. This organization is a division of Verizon communications which is based in New Jersey and offers services and products like information technology, cloud computing, data storage, etc. for the government customers and businesses across the world.
The Issue
Recently Verizon Enterprise suffered the computer security data breach because of the security issues and in this the database of customer records of 1.5 million was stolen and was raised for sale on the dark web. Verizon stated that there was no effect on consumer customer data, but this breach affected the customers badly.
The breach was highlighted when the stolen records of the business customers were raised for sale, and the customers have informed accordingly. The price which was offered was $100,000 for all the customers and $10,000 for single block of 100,000 as the database was put up on an underground hacking forum. The report stated that only the customer names and contact numbers had been used. The stolen records were used for phishing attacks upon customers of the Verizon. The hackers wanted to target the arm of the Verizon which provides products and services which also involved online security and cloud computing. The hackers offered the database in various formats and was available in MongoDB which stated that the hacker somehow managed to put the data at Verizon to delete the contents of customers. The credit card information of customers with hashed passwords was also stolen. (Lanaria, 2016)
Hacking
This phishing attack took place through emails in which the hackers manipulated and convinced the customers so that they can share their details. The hacker got an access of the network and data with the help of phishing emails which contained the corrupted document, and this helped the hacker to find susceptibility through other systems and got the important data. This helped the hacker to find a particular system to get a hold on it in order to get the information of the customers. The hackers send the emails to all the users, and they were told to verify their personal information and share their credit card payment information, contact numbers, etc. and by this phishing scam the hackers stole the important data of Verizon Enterprise Solutions.
The computer security breach at Verizon occurred because of the slackness of employers like sharing information with the wrong customer and the unsecured dumping of the personal and important data. And the other issue was that the employees use the customer's data in inappropriate manner for their own benefit, and this causes huge loss to the organization and its customers. (Loshin, 2016)
Preventive Measures
The possible solutions to prevent the data from stealing are as follows:
-
Email filters can be executed so that the mails can be separated into different categories in an organized manner and in case the hacking taking place then the complete information would not be leaked out, and this will help in tracking the hacker.
-
Training can be given to the engineers of Verizon so that they can find the phishing attackers and can immediately deal with them in order to prevent the data from being stolen.
-
A secured authentication process can be embodied so that the effect of hacking can be minimized and the network will remain protected from being hacked, and the data of customers will remain secured.
-
The networks can be watched carefully to find the signs of hacking. The workers have to keep an eye on the networks of data in order to catch the hacker so that the data of customers remain secured.
-
Security systems should be up-to-date on all the networks. An organization should ensure that the security systems are updated in order to protect the data from the phishing scams, and the security system should keep on changing so that the hacker doesn't get access to it.
-
Verizon can give the guidance to its customers about not sharing their information with credit card payment, name, contact details, etc. to anyone via email. And the customers should ask more and more questions from the sender and should remain alert from this kind of emails and inform the organization as soon as possible so that the data can be protected from being hacked and the preventive measures can be implemented by the company as soon as possible.
PART B
The Issue
The 2015 Anthem medical data breach case was the breach of medical information being held by Anthem Inc. The criminal hackers broke various servers of Anthem Inc. and stole more than 37.5 million records on February 4, 2015. These medical records contained personally identifiable information which was stored on their servers. Later that month, on February 24, 2015, the statistics reached to 78.8 million people. It was found out that the brands used by Anthem Inc. for marketing its healthcare plans also suffered the data breach including the branches like Anthem Blue Cross, Blue Cross and Blue Shield of Georgia, Amerigroup, Anthem Blue Cross and Blue Shield, Caremore , Empire Blue Cross and Blue Shield, and UniCare. It has been mentioned by the Anthem that no compromise has been seen with the medical information and financial data. In the wake of this breach, the Anthem offered towards free credit monitoring. Around 80 million company records were estimated to be hacked as per the information given by the The New York Times. This case has instilled the fear that the stolen data might be misused for the identity thefts. The information that has been compromised contained the names, address, e-mail addresses, date of birth, medical IDs, social security numbers and the employment information along with income data.
The issue affected all the customers and employees of the Anthem Inc along with affecting the current as well as formed policyholders. Furthermore, the various branches of the Anthem Inc, using its services were impacted heavily. It was estimated that around 80 million customers and employees were affected by this attack. The identify threats was the most prominent issue as the hackers were believed to potentially steal all the personally identifiable information from the Anthem Inc’s server (which included, names, address, e-mail addresses, date of birth, medical IDs, social security numbers and the employment information along with income data and related credentials) and might use administrator’s credential for downloading these details. This hack issue has cost Anthem approximately $230m in legal as well as consultant fees. (Massive breach at health care company Anthem Inc., 2016)
Hacking
According to the Bloomberg News, the data breach has been performed by China. The investigators are adamant that the breach has been performed by the hackers from China, and it is believed that these hackers were operating undetected inside the Anthem Inc’s network form months. The hackers gained the access by tricking an employee so as to make him click on a phishing email which had been disguised to look like an internal text. It was observed that the hackers were using a repeated pattern for extraction of the medial data and were altering the query so as to avoid detection. Then the data was removed and was seen to be transferred to the encrypted share site which resembled a drop box. This drop box share site highly resembled the share site used by Anthem itself. And the US Office of Personnel Management's inspector general, as per the reports from the September 2013 audit of Anthem, stated that the insurer was found to have vulnerabilities which provided them with a "gateway for malicious virus and hacking activity." ( Cyber security: Attack of the health hackers - FT.com., 2016).
According to the investigators, the hacks trace back to China, and they aimed at targeting the US insurers for learning how the insurer data base and the medical coverage are set up. The blames have been denied by the Chinese government, which is seen to be facing an affluent population with ample of healthcare challenges. However, the medical records are highly valuable for the intelligence purpose.
China has been facing issues with illness and various health issues in their enormous population which further imposes suspicions towards the Chinese government. Further, the promise of the Chinese government of providing universal access towards healthcare to all the citizen of China by 2020 has build pressure on the government thereby, making China a clear suspect in this issue.
Preventive measures
The organization failed to adopt the exact "cyber hygiene" or protections so as to minimize the hack risks and to make the information so vulnerable in case of the network being infiltrated. It has been alleged that Anthem failed to implement a two-factor authentication which eventually failed to require all its users to change their passwords for the credentials, and the employees had access to personal information which had data beyond their job and service areas.
Furthermore, the anthem also ignored to see all the alerts and did not implement any system or software for monitoring the data usage or the related extractions. The company installed the two-factor authentication after the hacking took place and only for its high-level system administrators. The company must have paid attention to the September 2013 audit of Anthem and worked on all the vulnerabilities and issues. Therefore the company needed to have focused on adopting preventive measures from the very beginning. The two factors that would have mitigated the damage are:
-
Contact-aware access control which stops any outsider and all the phished credentials. This controller first identified where the authentication comes from, the platform it is using and various other details.
-
Behavioral analysis analyzes the historic activity of the user as well as others. This is how the authorities discovered the breach, but it must be done using the automated, systematized analysis for catching as well as raising flags or in worse case to close down the access temporarily. ( Kearns, D. , 2016)
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the students
Place Your OrderREFERENCES
-
Cyber security: Attack of the health hackers - FT.com. (2016). Financial Times. Retrieved 26 August 2016, from http://www.ft.com/cms/s/2/f3cbda3e-a027-11e5-8613-08e211ea5317.html?siteedition=intl#axzz4ILKPSWe1
-
Kearns, D. (2016). How We Can Prevent Another Anthem Breach. Dark Reading. Retrieved 26 August 2016, from http://www.darkreading.com/attacks-breaches/how-we-can-prevent-another-anthem-breach-/a/d-id/1319123
-
Lanaria, V. (2016). Verizon Enterprise Suffers Security Breach: Hackers Steal Information Of 1.5 Million Verizon Enterprise Customers. Tech Times. Retrieved 26 August 2016, from http://www.techtimes.com/articles/144153/20160326/verizon-enterprise-suffers-security-breach-hackers-steal-information-of-1-5-million-verizon-enterprise-customers.htm
-
Loshin, P. (2016). Report: 1.5 million Verizon Enterprise customer records stolen. SearchSecurity. Retrieved 26 August 2016, from http://searchsecurity.techtarget.com/news/450280102/Report-15-million-Verizon-Enterprise-customer-records-stolen
-
Massive breach at health care company Anthem Inc.. (2016). USA TODAY. Retrieved 26 August 2016, from http://www.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/