Protection against cyberattacks

For part 1 and 2 it should be 200-300 words for each part using references that are based in the United States and also websites only.

Part 1

Discuss the importance of preparing financial plans and how an entrepreneur might use financial projections and financial ratio analysis.

Part 2

Is information on the Internet truly free, or should intellectual property such as copyrighted music or software be protected? What are some steps that might be taken to protect this property?

Keep in mind to integrate Saint Leo core value of integrity, as it applies to this case. Responses for each case discussion question should be in paragraph form and be approximately 250-300 words in length for each question. Also, use references that are based in the United States and they are websites.

Part 3

Technological advances have resulted in profound changes in society. One of the greatest transformations is the collection, storage, and use of personal information. Access to personal information originates from many different sources, often without the individual being fully aware of it. Businesses may endeavor to use this information to recruit strong “employee applicants, offer more attractive products or services to prospective consumers, package desirable investment options to potential investors, and so on.

But, the risk that this information will fall into the wrong hands or be used for criminal purposes is ever present. In August 2014, the Department of Homeland Security announced that breaches of company safeguards meant to protect personal information had occurred at more than 1,000 American businesses already that year. This situation was so dire that some security analysts said that it had become the exception if businesses’ information systems had not been compromised.

Criminals had become astonishingly adept at breaking into company records. They had learned how to scan corporate information systems for remote access opportunities—a vendor with remote access to a company’s system, for example, or employees with the ability to work remotely—and then deploy computers to guess their usernames and passwords until they found a working combination. They used these footholds to virtually crawl through corporate networks until they gained access to in-store cash register systems. From there, they collected payment card data and sent it back to their servers, often outside the United States. Millions of American consumers’ payment card details were allegedly sold on the black market to criminals all over the world. Some of the more significant break-ins are described below.

∙At Home Depot, the nation’s largest home improvement retailer, 56 million credit card accounts were compromised, and 53 million e-mail addresses were exposed. Cybercriminals targeted the firm’s 7,500 self-checkout lanes, since these terminals were clearly referenced in their computer systems as payment terminals. Analysts believed that the intruders went undetected as they moved around Home Depot’s systems during regular daytime business hours and designed their malware to collect data, transmit it to an outside system, and then erase its tracks before the company’s detection systems could discover the attack.

∙At Target, a global retailer with revenues approaching $100 billion annually, an estimated 40 million shoppers’ information was exposed. More than 17 million new credit cards had to be reissued following the attack, at an estimated cost of more than $200million to the financial institutions involved.

∙Anthem, one of the nation’s largest health insurers, had up to 80 million records accessed by cybercriminals; these included Social Security numbers, birthdays, physical and e-mail addresses, employment information and income data for customers and employees, including the company’s own chief executive. Anthem officials became aware of the breach when one of their senior administrators noticed that someone was using his identity to request information from the company’s database. “This is one of the worst breaches I have ever seen,” said Paul Stephens, director of Privacy Rights Clearinghouse.

∙A cyberattack at Japan Airlines, one of the Japan’s two largest airlines, exposed the personal information of more than 750,000 members of their frequent-flier program. The stolen data included names, genders, birth dates, addresses, e-mail addresses, and places of work. The company noticed that their customer information systems were running slowly for a few days; it later estimated that 190,000 customers’ data were stolen during this time.

∙Twitter, the online social networking service, announced that data for 250,000 of its users were vulnerable after it detected unusual access patterns and discovered their systems had been compromised. Accessed were usernames, e-mail addresses, and encrypted passwords. Some believed that the company’s systems were entered through a well-publicized vulnerability in Oracle’s Java software, a system installed on more than 3 billion devices.”

As these examples show, various weaknesses in companies’ software systems can leave customers’ information vulnerable to theft (although most credit card companies have fraud protection programs that eliminate any liability for their customers when their cards are fraudulently used). Many companies were deeply worried about the growing risks of cyberattack, and major financial institutions wanted to minimize their potential liability from the fraudulent use of customer data.

How could these companies better protect themselves and their customers? Some firms realized they needed to upgrade security measures within their computer systems to limit access by vendors at remote sites and to require employees working off-site to better secure their computers or other devices with more complex and more difficult-to-detect passwords.

Another possible protection afforded to customers was to upgrade credit and debit cards, using technology first developed and adopted in Europe. So-called EMV cards (for Europa-MasterCard-Visa, the companies that first backed this new technology), easily recognized by their gold, square symbols, were designed to be inserted into a card payment terminal, where they stayed until the transaction was completed. EMVs were more secure, since they were embedded with a special chip that made it harder to access information than from the magnetic strip used on most cards in the United States. EMV cards also created a unique code for each transaction, making them more difficult to counterfeit than striped cards.

Credit card networks embraced the new technology and established October 2015 as the deadline for most U.S. retailers to upgrade their payment systems to accommodate EMV cards. Merchant Warehouse, which processed credit and debit card transactions for 80,000 U.S. merchants, reported however that only 60 percent of its clients’ locations would be able to meet that deadline. A major reason for the delay was cost, estimated to be between $500 and $1,000 per payment terminal.

Some big retailers, including Walmart, Kroger, and Target, were aggressive in their upgrades and expected to meet the deadline. “We saw the fact that it was being implemented in the U.K. and many other countries around the globe; we saw the fraud decrease once this solution was implemented,” said a Walmart financial executive. By 2015, all of the 4,838 Walmart stores, including Sam’s Clubs, had the chip-based hardware in place and nearly 1,000 had turned it on.

Another concern was the cost of creating and distributing these new cards. By 2014 about 1 billion credit and debit cards were in use in the United States, but just 20 million chip cards had been issued, according to Smart Card Alliance. The new cards could cost up to $2 each, compared to pennies for the magnetic-strip cards. With some financial institutions issuing millions of cards, the investment was in the tens of millions of dollars.

The increasing costs for security raised an important issue: Who should pay for protection against cyberattacks? Should it be the retailers or the banks? Predictably, banks said retailers should pay to reissue the new and safer cards after a security breach in which the retailer had been at fault. Retailers countered by saying that banks should take steps to keep cards secure so they cannot be corrupted. This debate made its way to the U.S. Congress, where lawmakers began to examine the issue at a Senate banking committee hearing on data security issues.

Sources:

“U.S. Finds ‘Backoff’ Hacker Tool Is Widespread,” The New York Times, August 22, 2014, bits.blogs.nytimes.com; “Home Depot Hackers Exposed 53 million Email Addresses,” The Wall Street Journal, November 6, 2014, online.wsj.com; “What Did the Target Hack Really Cost? The Numbers Trickle In,” The Wall Street Journal, February 18, 2014, blogs.wsj.com; “Anthem Hacking Points to Security Vulnerability of Health Care Industry,” The New York Times, February 5, 2015, www.nytimes.com; “J.P. Morgan Says About 76 Million Households Affected by Cyber Breach,” The Wall Street Journal, October 2, 2014, online.wsj.com; “Japan Airlines Reports Hacker Attacks,” The Wall Street Journal, September 30, 2014, online.wsj.com; “PF Chang Hack Hit 33 Restaurants for 8 Months,” PCWorld, August 4, 2014, www.pcworld.com; “Twitter Hacked: Data for 250,000 Users May Be Stolen,” The New York Times, February 4, 2013, bits.blogs.nytimes.com; “In a Cyber Breach, Who Pays, Banks or Retailers?” The Wall Street Journal, January 12, 2014, online.wsj.com; and “Why U.S. Retailers Are Still Vulnerable to Card Fraud,” Bloomberg Businessweek, April 10, 2014, www.businessweek.com

  1. What are the benefits and risks to consumers of using paperless, electronic systems to pay for products and services both online and in stores? Do the benefits to consumers justify the risks, or not?
  2. Do you think technology will be able to stay ahead of sophisticated cybercriminals, or not? Why do you think so?