ACCT 326 Writing Assignment
Name
Institution
Subject
Date
ACCT 326 Writing Assignment
Home Depot Data Breach
Data breaches involving theft of credit and debit card have significantly increased with the Home depot customer information being hacking victims. The hackers infected the company network with computer malware through a third party vendor username giving them access to 56 million credit and debit cards and 53 million email addresses relating to the customers (Gyetvan & Buchanan, 2016). However, the hacking provided the company with an opportunity to reconsider the cybersecurity strategies that would protect their system and customers’ information. The company enabled the EMV chip-and-PIN payment cards and establishing different networks to prevent keeping the payment network and the Home Depot network under one system (Gyetvan & Buchanan, 2016). This enhanced with encryption of the data would help them prevent a future data breach.
Consequently, the company’s customers reacted immediately after illegal individuals acquired their information by engaging the company into lawsuits to recover their lost money. Due to their failure to protect the consumers’ data, the company incurred $10 billion in repayment and settlement of the lawsuits (Gyetvan & Buchanan, 2016). Though the company handled the breach differently by being transparent, it needs to have measures to mitigate the risk before it happens, such as undertaking adequate cybersecurity insurance and conduct internal cybersecurity audits. Also, establishing different networks to have segmented data information makes it difficult for hackers to retrieve enhanced by an encrypted system. It is the company’s sole responsibility to offer the security of the customers’ information by improving their breach response plan whereby the systems would detect any unauthorized undertaking in their system and block the user to prevent losing the customers’ trust and incurring unnecessary expenses in compensation.
Neiman Marcus Breach
The company has also been affected by a breach in their systems by hackers. In 2016 the company was a victim of a data breach through their stores implanted into their systems t6hrough credit skimming malware that enabled the hackers to obtain 370000 customers card information and used fraudulently, costing the company and the customers. Out of the total cards, the hackers used 9200 to undertake a fraudulent transaction without being noticed (Osborne, 2019). The data breach occurs through the use of a computer virus to the company’s primary system, which gives the hackers’ access to all the information concerning the customers of the various stores and utilizes it to their benefit.
However, in any data breach, the organization and the customers react to the insecurity differently. The customers’ generally undertake a legal action by suing the company for failing to guarantee privacy of their information which leads to significant compensation. Neiman Marcus settled on $1.5billion on compensating the customers whose data had been breached due to the law suits (Osborne, 2019). However to prevent occurrence of future data breaches and protect its customers information the company sort the services of a third party cybersecurity to undertake comprehensive cyber security risk assessment. These practices are meant to ensure that the company maintains reasonable procedures in protecting personal information of their customers. The undertakings are significantly important since it is the responsibility of the organization to protect and provide security to the customers’ personal information and the whole organization’s information from any external or internal breach and data insecurity.
P.F. Chang’s Breach
P.F. Chang’s is also among the big business to fall victim to a data breach, which involved the personal information of their customers’ credit and debit cards. The restaurant chain detected the breach of their customers before the breach caused colossal damage. However, the hackers had already stolen some of the employees’ data and started using them. Simultaneously, some also sold the credit and debit information to other people through an anonymous site. It was easy for the hacker to undertake their cybercrime through a security compromise and steal the data. Since it is hard to detect these crimes, the restaurant management involved a third-party forensics expert in determining the nature and scope of the breach (Detroit.com, 2014). The company has also instituted various security protocols changing the way customers used their cards by using a manual credit card imprinting system to protect their data.
Due to the nature the company handled the occurrence by not providing all the information relating to the breach’s nature, it was difficult for the customers to establish their reactions. The customers were only left in acknowledging the new measures and have confidence in the company to protect their nature. Since the company changed operations, the customers believed that the company had solved the breach and could not happen again. However, the company has the ultimate responsibility in protecting the customers’ personal information by undertaking security protocols and procedures. It is upon the company to educate and provide the customers with the ability and knowledge to follow up their data and detect any abnormal activity and report for further actions and security protocols enhancement.
Prevention
Since it is the organizations’ responsibility to prevent and protect the customers’ information, they must ensure no unauthorized access to their network through technology. By blocking their network through artificial intelligence using effective systems that enhance and detect any unauthorized activities in their system frameworks. Similarly, the institutions need to undertake significant measures of ensuring that they have an IT technician and expert or request the services of a third party in undertaking significant control measures and risk assessment in the systems. Cybersecurity of any institution system depends on the critical infrastructures in protecting their networks by implementing the relevant tools in monitoring, governance, and reporting security incidences in their systems (Ten & Liu, 2010). To enhance these, the institution has to have the employee equipped with the necessary skills to detect and monitor cyber insecurities in their systems.
Role of Government and ISACA
The government plays a critical role in enhancing and promoting cybersecurity in the country and their companies through the government incentives in technology that promote cybersecurity that enhances the institutions’ abilities and power by protecting themselves through implementing liability protection programs using the relevant technology. Similarly, the government offers education programs in technologies and through cybersecurity programs. Through the regulation and passing of relevant legislations, the government adequately enhances cybersecurity protection (Crumpler & Lewis,2019). However, the cybersecurity enhancement requires a collaborative role from the government and institutions such as the ISACA. The institution offers relevant advice concerning the monitoring and controlling of the cybersecurity issues. They act as watchdogs and ensure that the various companies undertake their responsibilities regarding the set guidelines and principles to prevent and promote the customers’ data. They hold the companies responsible and ensure that the customers are adequately equipped with the necessary information to ensure that they can protect their data by promoting an understanding (Crumpler & Lewis, 2019). The organizations ensure that the companies adhere to the cybersecurity protocols and utilize quality and effective technology without manipulating them.
Awareness
The study significantly attributes the responsibilities of protecting and preventing the customers’ personal information from an unauthorized third party to the companies handling the information. The need to have a cyber-security measure is critical since a data breach costs the company significantly in terms of cost and installing new protocols and guidelines. However, the customers need to protect their data by understanding the companies they engage with before providing their personal and sensitive information. One should consider the relevant measures and security protocols enhanced by the company. However, the customers can also regularly monitor their credit and debit cards to check if their accounts and balances are precise to detect fraudulent activity and report it before it becomes out of control.
Consequently, the customers should protect their data in the online platforms since it is a collaborative effort in promoting cybersecurity. Hackers have devised different strategies in finding customer’s personal information on all online platforms. Thus the customers should have an adequate understanding of any mischievous process requiring them to give their personal information through websites disguised as their organization’s frameworks. The customer needs to have a protection strategy in their accounts by having a strong password, saved in places not easily accessible by hackers.
References
Crumpler, W., & Lewis, J. A. (2019). Cybersecurity Workforce Gap. Center for Strategic and International Studies (CSIS).
Detroit.com. (2014). P.F. Chang’s Confirms Breach, Makes a Change. WDIV. Retrieved from https://www.clickondetroit.com/business/2014/06/13/pf-changs-confirms-breach-makes-a-change/.
Gyetvan, S., & Buchanan, M. (2016). A Closer Look At The Fallout From The Home Depot Data Breach | Data Security Law Blog. Patterson Belknap Webb & Tyler LLP. Retrieved from https://www.pbwt.com/data-security-law-blog/closer-look-fallout-home-depot-data-breach#:~:text=Media%20outlets%20reported%20that%20the,the%20company’s%20self%2Dcheckout%20terminals.&text=According%20to%20reports%20from%20the,obtained%2053%20million%20email%20addresses.
Osborne, C. (2019). Neiman Marcus agrees to a $1.5 million data breach settlement | ZDNet. ZDNet. Retrieved from https://www.zdnet.com/article/neiman-marcus-agrees-to-1-5-million-data-breach-settlement/.
Ten, C. W., Manimaran, G., & Liu, C. C. (2010). Cybersecurity for critical infrastructures: Attack and defense modeling. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, 40(4), 853-865.