Respond to Student Post below. 150 -250 word min "CyberSecurity and Risk Management" Please respond to the following: · Identify one cyberattack that occurred in the last 2 years. What caused the cybe

Respond to Student Post below.

150 -250 word min

"CyberSecurity and Risk Management" Please respond to the following:

· Identify one cyberattack that occurred in the last 2 years. What caused the cyberattack? Do not repeat an example that has been posted previously.

· How did the cyberattack impact data loss, financial loss, cleanup cost, and the loss of reputation?

· If you were the manager of this company, what are some key steps you would have taken to prevent cyberattacks and enhance cyber security?

· Recommend information that should be in the cloud and describe which information should not be in the cloud. Be sure to include in your recommendation your thoughts on preventing cyberattacks, addressing security concerns, or strengthening network infrastructure.

Respond to Student Post

    In September of 2017, Equifax Credit Reporting Agency announced that their systems had been breached, which resulted in approximately 148 million Americans personal information being compromised. Equifax is one of three credit reporting agencies that create detailed reports on consumers personal information which include: a person’s name, social security number, phone number, driver’s license number, address, date of birth, and home address, the personal data is compiled with other information which gives lenders and even employers a look to rate an individual credit worthiness. Based on the information provided by Equifax the cyberattack was caused by the attackers first scanning the web for vulnerable servers in which they found a vulnerability within the Equifax dispute portal servers, this led to locating additional servers and login credentials. In a span of 75 days the hackers remained hidden while maintaining presence and slowly extracted data from 51 databases in small increments. The vulnerability that caused the breach was basically a flaw in a tool designed to build web applications, according to Equifax spokesperson.

   It is widely known and still being reported that Equifax executives knew of this flaw before the cyberattack happened but failed to address the issue. The cyberattack not only left millions of customers not knowing if or how criminals would be able to use their personal information, by having access to an individual name, social security number, birth date, and address placed many Americans in fear of identity theft and everything else that comes with someone having access to all of your sensitive information at their fingertip. According to my research, there is still no evidence of who was behind the hack, and the so called “stolen data” has never been found?  The data breach impacted banks, schools, employers and many other businesses, and not to mention the impact it could have on people lives. I have always thought of my credit report and the information contained in my credit report as my life and to think that some potential unknown person has the capability to use my information for their own personal use is unsettling.  The FTC has fined Equifax, the financial loss consists of Equifax agreeing to settle and pay 575 million and up to 700 million to compensate the approximately 148 million Americans affected by this cyberattack. They must also provide members of the class action lawsuit 6 free credit reports per year and free credit monitoring. I still think it is a small price to pay, due to their negligence.

  If I were the manager of this company, I would improve security practices and possibly not give just anyone the ability to pull credit reports. Credit reporting agencies are in business to provide personal information on consumers and some information is needed in order to correctly identify a person, but too much information is not needed, I think social security numbers should not be accessible in the cloud. One way to address security concerns is to provide employees with a token, at my previous employer we were required to have a token to gain access to our computer to sign on every morning, I must admit it truly got on my nerves because the password would change throughout the day, and if I went to lunch, break, or forgot my token, the system would lock me out and I would have to call IT to reset my generated password.  I think any business that hold sensitive information such as a company like Equifax, should equip their employees with some type of authentication method to gain access to that personal information, practice basic security measures, and make sure that systems are up to date.

References:

Baltzan, P. (2018). Information Systems. In P. Baltzan, Information Systems (4th ed., pp. 148-162). New York,, NY: McGraw-Hill Education. Retrieved 10 10,, 2019

The Equifax Breach Affecting Nearly Half Of Americans Was "entirely Preventable"

John Detrixhe - https://qz.com/1491250/the-equifax-breach-was-entirely-preventable-us-house-report-says/

The Great Equifax Mystery: 17 Months Later, the Stolen Data Has Never Been Found, and Experts Are Starting To Suspect a Spy Scheme

Kate Fazzini - https://www.cnbc.com/2019/02/13/equifax-mystery-where-is-the-data.html