Organizational Hacking
In this day and age, data breaches have increased in quantity and intensity. Therefore, it is essential that the security professional assess situations which could threaten the security of an organization’s intellectual property. Students will then gain the knowledge, tools, and resources to recognize and mitigate real time attacks.
Research a data breach, ransomware, or data exfiltration attack that has occurred within the last 6 months that successfully compromised an organization.
In 500-750 words, address the following:
1. Describe in detail how the attacker made the breach. Specifically, how was the attacker able to get in and out of the system? What was the threat vector?
2. Explain what the attacker did during the breach.
3. Describe the effects of the attack on the various stakeholders. Be sure to include non-technical elements of the entire corporation (e.g., public relations, marketing, and/or sales).
Prepare this assignment according to the guidelines found in the Help write my thesis – APA Style Guide, located in the Student Success Center. An abstract is not required.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
Organizational Hacking
Data breaches have significantly increased in the quantity and intensity thus negatively affecting organizations and businesses and there is a need to counter such a situation. Data breaches compromise the operations of organizations to the point of such organization recording failure. Therefore, security professionals need to arm themselves resources, tools and knowledge to counter data breach attacks to ensure that organizations can handle their operations and activities without being compromised. Adidas an athletic apparel firm is one organization that experienced data breach from third parties thus compromising the business and such attacks need to be prevented in the present and future.
2. Describe in detail how the attacker made the breach. Specifically, how was the attacker able to get in and out of the system? What was the threat vector?
Hackers adopt different techniques and process in getting access to a website and getting out. The hackers at the Adidas website used a combination of technique to get access to the system. In this case, the hackers used session management, broken authentication and social engineering attacks (Bohnsack and Liesner, 2019). The hackers in begin by establishing a password as the first step of cracking network security of an organization or a website. The hackers exploit the administrators or website users to enable them to gather vital information that enables them to exploit the website to gain the necessary credentials to illegally access the websites and the computer systems (Sandhya et al., 2017). The hacker being a third party gets an identity that enables them to access the access of a website in different capacities such as being a user, administrator and other related parties. This enables them to exploit the website such as gaining confidential files and information at the expense of legitimate users. This approach was used by hackers that gained access to the Adidas website and exploit it at the expense of the organization and the users.
2. Explain what the attacker did during the breach.
According to a press release from the Adidas, the hackers were in a position to gain access to critical and confidential data relating to some of their customers. The attack exposed the customers that used the addidas.com to access the services and make purchases from the apparel retailer (Sundar, 2015). Addidas noted that on June 26 noted the illegal access of some of the data of their customers and this attacked millions of the customers. The hackers were able to retrieve information on the customers’ encrypted password, contact information and their usernames. Additionally, Addidas was quick to note that the information on the customer’s credit card and their fitness was not accessed by the hackers. More so, the attack made Addidas lose four million dollars as the average cost of the data hack for e-commerce.
3. Describe the effects of the attack on the various stakeholders.
The data breach attack had adverse effects on a wide range of parties affecting their operations and wellbeing. In this regard, the customers were highly affected as their confidential information was accessed thus subjecting them to mental stress and torture (Gupta and Nene, 2016). The customers were in fear that their credit information could have been retrieved thus compromising their finances. Consequently, Addidas was affected as customers were in fear of transacting with them in fear of their confidential information being compromised thus making Adidas record low profit and revenue levels (Lee and Lee, 2015). Additionally, public relations and marketing departments faced a hard time in convincing customers to purchase their products.
References
Bohnsack, R., & Liesner, M. M. (2019). What the hack? A growth hacking taxonomy and practical applications for firms. Business Horizons.
Gupta, P., & Nene, M. J. (2016). CyberPsycho attacks: techniques, causes, effects and recommendations to end-users. International Journal of Computer Applications, 156(11).
Lee, M., & Lee, J. (2012). The impact of information security failure on customer behaviors: A study on a large-scale hacking incident on the internet. Information Systems Frontiers, 14(2), 375-393.
Sandhya, S., Purkayastha, S., Joshua, E., & Deep, A. (2017, January). Assessment of website security by penetration testing using Wireshark. In 2017 4th International Conference on Advanced Computing and Communication Systems (ICACCS) (pp. 1-4). IEEE.
Sundar, R. (2015). Parameters Considered by Consumers Shopping and Issues at Adidas Online Store: A Case Study.
