Project Combination Plus Summary

Running head: MILESTONE TWO

Milestone Two

Terri Y. Hudson

IT-659 Cyberlaw & Ethics

April 30, 2017

Case Analysis

The security breach that happened in Yahoo in 2016 is termed as the largest security breach of the century particularly as it is a technology company. Several ethical issues are related to the violation and which can ultimately be tied to the incident. One of the ethical issues is that Yahoo had failed to keep up with the dynamics required to ensure the security of the information of their consumers. Inability to adapt to the changes has meant that the company’s security system is left vulnerable and susceptible to cyber-related crimes. While other businesses are regularly updating their systems to improve security, Yahoo has been slow to invest in the necessary defenses which would be instrumental in keeping away sophisticated hackers. This ethical issue weighs in heavily and plays a key role in the occurrence of the incident at Yahoo. If the firm had considered the importance of upgrading system to protect confidentiality as an ethical consideration, then it would have been to some extent prevent or deal with the threat patterns leading to the incident in 2016 ( Perlroth, 2017).

One the legal compliances that eventually result in the breach and which would possibly lead to other occurrences in the future is the failure to provide timely notifications about the breach. This case happened in previous cases as far as 2014 that the employees at Yahoo were well aware of the breach but had failed to reveal this to the affected customers. This meant that the customers were not able to take precautionary measures. This was a clear violation of the legal requirement that states that companies should give notification to the consumers about any possible breach of the information or that of the enterprise. Failure to do so meant put Yahoo at risk of future attacks at this was seen in the case of the 2016 incident (Perlroth, 2017).

Yahoo also failed to make security as its priority, and despite several requests from the security team about the need for new tools and equipment, the company was more concern about the costs and argued that the new models were complicated. Despite the rapid growth of the enterprise, security was not a priority. This is against one of the fundamental principles of data security which requires that security should be a priority for a company. This preference applies to everyone that is involved in security related matters including the board of directors (Moore, 2010). In this instance, the board of directors had participated in ensuring that the company security system was up to date, it would have placed a vital role in ensuring that the incident in 2016 never occurred.

The inability to provide adequate security measures lead to the hacking of more than 1 billion accounts and although no bank details were hacked, the information stolen has been primarily reported to be sold on the black market where they are used in identity theft. Certain prominent members of the political world have been victimized as their emails have been hacked. This is especially in the American society as they have been victimized the most amongst the hacked accounts.

Incident impact

This incident led to the importance of companies adhering to the principle of data security. It became more important that security should be paramount to the security of information. New regulations were passed to ensure that companies inform the customers without any delay about any security breach in their confidential data. Additionally, the incident led to the importance of firms having security breach insurance as a way of reducing the impact of such occurrences and also in helping to upgrade security systems to prevent future incidents. Additionally, this incident caused consumers to see the importance of taking extra measures in protecting their information that may cause harm in case of a hack to the company’s security system (Carlin, 2015).

Yahoo at that time was aware of the security requirement needed to be implemented so as to prevent the breach. However, at that time, the regulations were lenient, and the company’s lacks of upgrading to the new security measures went unnoticed as a result. The company did not take security as one of its primary consideration despite the heavily increasing number of consumers. However, after the hack, there were more steep laws to ensure that firms give importance to security and at the same time, maintain their budgetary allocation intended for security (Carlin, 2015).

Yahoo has been a giant in the technology industry, and the hacking of their system was more like a shock as to the invisibility cyber security provided. People became more aware of measures to use so as to protect themselves from being hacked. There has been an increase in the awareness and need for creating complicated passwords and not recycling the same passwords for different websites or online accounts. The incident also created a panic about the use of the Yahoo’s account and there was a steep decline in the number of users of the account with consumers opting for other firms like Google that take security as one of their priorities (Ko& Dorantes, 2006).

References

Carlin, J. P. (2015). Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats. Harv. Nat'l Sec. J., 7, 391.

Ko, M., & Dorantes, C. (2006). The impact of information security breaches on financial performance of the breached firms: an empirical investigation. Journal of Information Technology Management, 17(2), 13-22.

Moore, T. (2010). The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection, 3(3), 103-117.

Perlroth, V. (2017). Yahoo Says 1 Billion User Accounts Were Hacked. Nytimes.com. Retrieved 10 April 2017, from https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html?_r=0