Homeworkinternetofthingsdatabreachdue1159pmthedayb ✓ Solved
Homework: Internet of Things || Data Breach Due: 11:59pm, the day before your lecture, via Blackboard. May be turned in early. After due date, Blackboard will be closed and the assignment will be a zero. Objective: Students may choose one of following two topics: 1. Find an Internet of Things “connected device†that you consider dumb and pointless. a.
Write one paragraph describing the product, the company that makes it, and the market that product is supposed to appeal to. Please include where you found this product (e.g., Amazon, Kickstarter, Indiegogo, et cetera). b. Write another paragraph describing why this product is stupid, and what potential security risks it poses (i.e., data exposure, presenting a platform for attacks, dangerous if made to malfunction, et cetera). c. The product chosen must be appropriate for class. 2.
Find a security case study regarding a hack or data breach that shouldn’t have happened. a. Write one paragraph discussing the circumstances of the data breach: who was targeted, who did the targeting, what data was exposed, how the company reacted, et cetera. b. Write another paragraph describing what mistakes the company / individual / organization made that made their system less secure. Turn In: Turn this into a PDF document, and upload it into Blackboard in the form of hw9.netid.pdf. Include a proper essay header with your name, student ID number, date, and the section of 1105 you’re enrolled in. Failure to follow the above instructions will net a deduction of 25 points.
Paper for above instructions
Title: Data Breach Case Study: The Equifax IncidentName: [Your Name]
Student ID Number: [Your Student ID]
Date: 24th October 2023
Section: 1105
---
Introduction
One of the most notorious data breaches in recent history is the Equifax data breach, which occurred in 2017. This breach targeted one of the largest credit reporting agencies in the United States, Equifax, compromising sensitive personal information of approximately 147 million individuals. This case provides a critical analysis of the security oversights that led to a massive data leak, illuminating the importance of robust cybersecurity measures in protecting sensitive data.
Circumstances of the Data Breach
The Equifax breach was orchestrated by exploiting a vulnerability in a web application framework called Apache Struts (Federal Trade Commission, 2019). Despite the availability of a patch that addressed this vulnerability, Equifax failed to implement the update in a timely manner, leaving their systems exposed. The hackers gained access to sensitive personal data, including Social Security numbers, birth dates, addresses, and in some cases, driver’s license numbers (Consumer Financial Protection Bureau, 2019). The breach was discovered in July 2017, but it took Equifax until September to inform the public about the incident. Following the breach, Equifax faced severe backlash due to their delayed response and lack of transparency, prompting multiple congressional hearings and lawsuits (Popper, 2019).
Mistakes Leading to Inadequate Security
A plethora of mistakes contributed to the weakness of Equifax's security infrastructure. Firstly, the failure to update the Apache Struts software highlights a significant lapse in their security practices. According to the U.S. Government Accountability Office (GAO) (2018), the vulnerability that was exploited had been publicly disclosed for over two months prior to the attack, but Equifax neglected to prioritize the patching process. This negligence indicated a lack of rigorous cybersecurity protocols and employee training on the importance of software updates.
Additionally, Equifax had a complex and outdated IT infrastructure, which hampered efficient security management. Inefficient asset management practices meant that some critical data, especially personal data, remained unsecured or inadequately protected (U.S. Senate, 2019). Furthermore, Equifax’s incident response strategy was severely lacking. When the breach was eventually detected, the delays in communication and remediation efforts showcased a failure to effectively manage cybersecurity incidents (Zeller, 2021). This incident serves as a stark reminder of the necessity for companies to adopt a proactive approach towards cybersecurity, including regular updates and audits, robust employee training, and timely incident response strategies.
Conclusion
The Equifax data breach illustrates the critical importance of maintaining adequate cybersecurity measures in today’s digital landscape. The combination of neglected software updates, complex IT infrastructure, and poorly managed incident response efforts culminated in one of the largest data breaches to date, compromising the sensitive information of millions of individuals. Organizations must learn from the mistakes made by Equifax and commit to safeguarding personal data through diligent practices, regular updates, and proactive security measures to prevent similar incidents in the future.
---
References
1. Consumer Financial Protection Bureau. (2019). Equifax Data Breach: Report to the American Public. Retrieved from https://www.consumerfinance.gov/
2. Federal Trade Commission. (2019). 2017 Equifax Data Breach. Retrieved from https://www.ftc.gov/equifax-data-breach
3. Popper, J. (2019). How the Equifax Data Breach Happened. New York Times. Retrieved from https://www.nytimes.com/
4. U.S. Government Accountability Office. (2018). Cybersecurity: Recent Data Breaches Highlight Need for Stronger Actions to Protect Personal Information. Retrieved from https://www.gao.gov/
5. U.S. Senate. (2019). Equifax Data Breach: Testimony of Equifax CEO Richard Smith. Retrieved from https://www.senate.gov/
6. Zeller, C. (2021). The major lessons learned from the Equifax breach. Security Magazine. Retrieved from https://www.securitymagazine.com/
7. Kaspersky. (2021). The Big Breach: Understanding Equifax. Retrieved from https://www.kaspersky.com/
8. Ponemon Institute. (2021). Cost of Data Breach Report 2021. Retrieved from https://www.ponemon.org/
9. National Cybersecurity Institute. (2019). How the Equifax Data Breach Changed Cybersecurity Standards. Retrieved from https://www.nationalcybersecurityinstitute.org/
10. BreachLevelIndex. (2019). Data Security Breach Trends: Equifax and the Implications for Businesses. Retrieved from https://breachlevelindex.com/
---
Note: Remember to replace the placeholders in the header with your actual name, student ID, and any other specific details as required. This is a simplified document for educational purposes.