MIS Final Paper 1

BUSA 345 MIS Final Paper

Conlan A. Casal

University of Hawaii West Oahu

MIS Final Paper 2

Abstract

The topic of cyber security has made it to the front and center of the information technology

conversation of late. The recent wave of hackers targeting retailers, financial institutions, and government

entities, has brought the issue to the attention of everyone from major corporations, government entities,

to the guy using his smart phone to stream YouTube videos in his spare time. The fact of the matter is

that the hacking of public and private segment at every level has become a major problem, and if not

properly addressed, could create a major ripple throughout the IT spectrum. Cyber criminals and agents

are no longer the tech savvy kid living out of his parents basement, hacking into government websites

and personal emails of classmates. They are not highly sophisticated homogenized actors who target

various sectors in an effort to extract information of nefarious purposes. The end result of these illegal

attacks against business, government, and a private network is to gather information in order to disrupt

operations, sell information, or to use as a political and personal blackmail tool.

MIS Final Paper 3

From the retail and financial sectors, companies such as Target, Visa/Master Card, Home Depot, JP

Morgan Chase and countless others have experienced severe breaches of their networks in recent years

(Winter, 2014). These breaches but have put millions of customers at risk for financial and identity fraud

from the data stolen, and created a public relations nightmare for all effected parties.

Financial Sector: In 2014, a cyber-attack, hackers from what is believed to originate from Russian,

defeated network security measures for JP Morgan/Chase and compromised the data of over 80 million

accounts and millions of small businesses. The attack was identified in July of that year but system

security teams were unable to correct or stop the intrusion for close to a month. During that same attack,

agents attempted to defeat networks by other financial companies as well such as Chase, E*Trade, and

ADP but were not successful (Schupak, 2014).

Retail Sector: From 2013 through 2014, several large retail companies were suffered from breaches

to their network security, exposing debit and credit card information of millions of customers. Two of the

largest big box chains, Home Depot and Target, experienced thefts of customer financial information that

equaled nearly 96 million (Winter). In both instances, hackers were able to infiltrate company networks

by introducing malware software via self-check-out terminals. The malware used in these instances was

engineered to evade ant-virus measures used to protect the system (Winter).

Healthcare Sector: From 2014 to 2105, healthcare processing companies such as Blue Cross and

Anthem were attacked by hackers who stole financial and personal information from nearly 90 million

customers in a coordinated attack of their networks (Anthem, 2017). Hackers apparently were able to

defeat the security measures in place due to the fact that the data stored was not encrypted, making it

easily readable to thieves (Castle, 2013). The information (names, addresses, dates of birth, social

security numbers) from these particular thefts placed millions of people at risk for identity theft. All

pertinent information necessary to obtain credit the identity of someone was made available to hackers

who most likely sold it to an interested agent for fraudulent purposes.

MIS Final Paper 4

Government Sector: Incidents of the hacking of government networks, or Cyber Warfare,

between foreign governments have especially come to light in the last twelve months during the 2016

Presidential election when it was revealed that candidate Hillary Clintons private email server had been

hacked by foreign actors. And although the principals involved in that hacking are still being debated, the

fact of the matter is that sensitive, and in some cases classified information, had been ascertained and

eventually disseminated to Wiki Leaks and possible unfriendly governments interested in having sensitive

information at their disposal for political blackmail.

Preventive Measures

Cyber warfare and thefts are not a new phenomenon. The gravity of this issue has been know and

felt for years, and entire industries related to combatting this issue have developed as a result. Large and

small companies alike are now dedication enormous resources to address this issue. Some corporations

such as Sony have even hired hackers to defeat its security measures, and or help them engineer better

systems to protect their network (DuBois, 2011). This move came after attackers known as the

"Guardians of Peace," created havoc on Sonys company hard drives and digital archives (Schupak).

Many corporations are reviewing internal policies, procedures, and training for its employees, in

order to build a better understanding of the issue of cyber security, which can be practiced at each level of

a business hierarchy. Procedures such as enhanced password protection, network management, hiring

hackers to test security systems, and system hardening are all preventive measures that can better protect

the network as a whole, and prevent unwanted intrusions into it from occurring (DuBois). Incorporating

both simple and complex preventive measures into policy and procedure, and reinforced through training

can help mitigate security infractions and possibly prevent catastrophic ones as mentioned previously.
MIS Final Paper 5

Summary

The security related issues of IT networks are a moving target and one that will require the proper

amount of attention and dedication of resources to resolve. Unfortunately all major sectors (private and

public) seem to be more reactionary than proactive when it comes to implementing preventive measures

to their networks. The cyber criminals in many cases seem to be one or two steps ahead of the keepers of

information. The problem has become the flavor of the week and so wide-spread, that many college and

technical schools are now offering courses and disciplines in cyber security to address the market field for

specialists in that field.

MIS Final Paper 6

References

DuBois, S. (2011, July 11). What it actually takes to prevent a hack attack. Retrieved March

27, 2017, from http://fortune.com/2011/07/11/what-it-actually-takes-to-prevent-a-hack-attack/

Schupak, A. (2014, December 13). Hacking after Sony: What companies need to know.

Retrieved March 28, 2017, from http://www.cbsnews.com/news/hacking-after-sony-what-

companies-need-to-know/

Writer, L. G. (2013, May 30). How to Prevent Hackers in a Company. Retrieved March 28,

2017, from http://yourbusiness.azcentral.com/prevent-hackers-company-23336.html

Winter, M. (2014, November 07). Home Depot hackers used vendor log-on to steal data, e-

mails. Retrieved March 28, 2017, from

http://www.usatoday.com/story/money/business/2014/11/06/home-depot-hackers-stolen-

data/18613167/

Anthem hack exposes data on 80 million; experts warn of identity theft. (n.d.). Retrieved March

28, 2017, from http://www.latimes.com/business/la-fi-anthem-hacked-20150204-story.html

Castle, A. (2013, January 18). How to encrypt (almost) anything. Retrieved March 28, 2017,

from http://www.pcworld.com/article/2025462/how-to-encrypt-almost-anything.html