IT Security Breaches
docx
keyboard_arrow_up
School
Grand Canyon University *
*We aren’t endorsed by this school
Course
415
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
4
Uploaded by MUG72640
IT Security Breaches
Arkelly Kigoma
College of Technology, Grand Canyon University
ITT-415: IT Business Case Planning for Global Enterprise
Instructor: Johnny Chang
02/18/2024
The adoption of new Information Technology (IT) innovations has led to increased uncertainty among employees, a greater demand for security measures, and more entry points for
cyber-attacks, which all increase the risk of data breaches for firm. The Target data breach in 2013 was a big deal, showing how hackers can use social tricks to break into a company's systems. This breach exposed the private info of lots of customers and really hurt Target's reputation. The hackers tricked Target's employees into giving them access to the company's systems, and then used this access to steal data.
Social Engineering and Credential Exploitation
Social engineering is the art of manipulating individuals to divulge confidential information or perform actions that compromise security. The hackers used a sneaky trick called "social engineering" to fool Target's employees. They might have sent fake emails or made fake calls pretending to be from Target's IT or other trusted sources. These messages tricked employees into sharing passwords or clicking on bad links, which let the hackers get into Target's network.
Once inside, the hackers used the passwords and access they got to move around Target's systems like they belonged there. They avoided getting caught by pretending to be normal users, hiding among the millions of transactions that happen every day.
Failure of Strategic Operational Planning
Despite significant planning and investment in cybersecurity measures, Target's defenses proved insufficient in thwarting the data breach. Several critical elements of a robust strategic operational plans were overlooked, contributing to the breach's success.
Inadequate Employee Training: Target's employees didn't know enough about cybersecurity to
recognize the hacker's tricks. Better training could have helped them spot fake emails and know when something wasn't right. Weak Access Controls: Once the hackers get in, it’s too easy for them to move around and access sensitive data. Target should have had a stronger control in place, like making people prove who they are with more than just a password.
Inadequate Monitoring and Response Mechanisms: Target didn't notice the hackers for a long time, so the breach went on for a while. They needed better tools to spot and stop hackers faster.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Reference:
Wang, Q., Ngai, E. W. T., Pienta, D., & Thatcher, J. B. (2023). Information Technology Innovativeness and Data-
Breach Risk: A Longitudinal Study. Journal of Management Information Systems, 40(4), 1139–1170. https://doiorg.lopes.idm.oclc.org/10.1080/07421222.2023.2267319
Krebs, B. (2013, December 18). Target Investigating Data Breach
. Retrieved from Krebs on Security: https://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/