Cyber Security in Business Organizations

Considering the rampant growth of the internet and all the advantages that accompany the internet such as easy and efficient data and information storage, transfer, manipulation and even retrieval via the World Wide Web space, cybersecurity is of paramount importance. Cybercrimes have become very common, affecting big enterprises such as Home Depot, Apple, Sony and many more. Day in day out, on a corporate level, companies is hacked, medical records lost and credit cards stolen. Governments records are illegally accessed and even personal information compromised. These are all due to a breach of cyber security. An effective cyber security should be generated over time and be capable of handling progressively sophisticated antagonists in an increasingly highly interconnected world (Donaldson, Siegel, Williams & Aslam, 2015). It is therefore not easy for a given organization to establish a completely secure its cyberspace unless significant investment is put into the cybersecurity sector.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

The Information Technology sector greatly influences business organizations when it comes to the handling of the organization's data and information. IT plays a critical role in ensuring that the organization's data does not leak out to the general public and is not accessed by any unauthorized person. It is for the IT personnel to secure the organizations cyberspace (De George, 2003).

Strategic establishment of a conducive environment of the IT is important as it guarantees an organization security and information assurance for the organization. It ensures that the organizations delicate and crucial information even that pertaining the clients are well protected far from the reach of those who may use it for felonious purposes (De George, 2003).

Organizations, especially the e-Business and the e-Commerce, are facing enormous challenges in maintaining cybersecurity. These challenges result, both on the cybersecurity personnel and the cybercriminals or attackers. The main challenge is termed as the Advanced Persistent Threats (APT) which has defeated the preventive control employed by the cyber security personnel. APT refers to the widespread professionalization of cyberattacks. Being an adopted professionalization, the cyber attackers committed to the persistent creation of attacks that are target and goal oriented. They have consequently acquired advanced skills in the art hacking and have considerable leverages of the IT technology such that they are capable of breaching an organization without detection by the defenses of the organization. If they are detected, the attackers gradually adjust the attack shrewdly enough until they get through the defense (Donaldson, Siegel, Williams & Aslam, 2015). This is a challenge since it is not easy to develop a defense that adapts to the attack as quickly as the attack adapts to the defense which is the only remedy for the APT.

Another big challenge that the organizations are facing is the challenge of the malware wave. Here the organizations are up to defending their cyberspace from three main types of malware: command and control, customized and polymorphic malware (Donaldson, Siegel, Williams & Aslam, 2015). This malware is proliferating with time, thus becoming even more complicated to defend against and also require specialized cybersecurity fields. This poses a significant challenge for organizations in dealing with the malware hence making them susceptible to cyberattacks.

The third challenge faced by the organization cybersecurity is the consolidation of enterprise Information Technology (IT). Nowadays IT administrations are simply scripted and automated compared to years before when the IT functions were performed manually. It possesses a protection challenge since it is not practical to keep thousands of computers well configured let alone notice a malware. More so, it creates opportunities for attacks in the systems security. The consolidation also puts the large organizations at risk since few IT administrations are required to control huge organizations and data centers. If a perpetrator acquires access to such an administrators information, then he can gain leverage to the IT infrastructure and use it against the organization.

Organizations seem to seek compliance over the compatibility of cybersecurity technologies, and most of these organizations fail to have malware detective controls. Most credit cards breaches like Target Company breach were certified and complied with the payment and Industry Digital Security Standards (PCI-DSS) implying that the credit card service standard is only based on the compliance of the organization rather than the capability to prevent breaches. Some of the technologies do not detect system malware, and if they do, they are overwhelmed with data such that it takes a long time for a malware to be picked out and deleted. This time only gives room for more damage by the malware (Donaldson, Siegel, Williams, & Aslam, 2015). An example is the Target Companys breach. It took Targets IT personnel three days to confirm the breach ("Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It," 2016).

The security specialists team in Bangalore was set to monitor targets computer transmissions around the clock. They noticed a malware sourced from the hackers to their computers in Russia and notified the targets security team in Minneapolis. It was a red flag that the Targets security overlooked. Investigators discovered that there were red flags sent to the team members several weeks before the attack and even before the hackers installed the malware ("Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It," 2016). Target Company may have overlooked the red flag as there were accomplices of the breaching in that they saw the breach but did not inform the management or part of the management was involved in the breach and saw to it that the malware alerts were not responded to accordingly.

They took initiatives after the breach such as refurbishing their information security structure and hastening adaptation of chip-enabled cards in place of the initial ordinary electronic cards that use a magnetic strip. The embedded chip cards are harder to counterfeit compared to the magnetic strip cards. The company also increased the number of staff in their security network ten times than the number of the employees they had before the breach ("Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It", 2016).

The initiatives that were taken by the company certainly improved the situation. There are so many staff members in the security sector that are expected to reduce the chances of corrupt personnel cropping out from the staff without being noticed by the company. However, it increases the probability of exposure of any crime or security breach from within the enterprise. The adoption of the embedded chip cards would be a big leap towards better and more secure mode of the transaction by the cardholder. It would be much harder for hackers to access data encoded within these chips without being detected. The renovation of the security structure of the company would ensure that the firm would now be better prepared to combat any malware that would come up in their system. They would consequently hinder any chances of a typical breach from occurring.

The attack was mainly due to the failure of the management to act accordingly to the warning they received from the Bangalore security team ("Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It", 2016). Had they acted on the warning with immediate effect they would have improved they would have proactively avoided the attack by the hackers. They would have gotten rid of the malware even before the first upload of the breached pieces of information made by the Russians. They were in a position to prevent the hack had they acted accordingly to the issue.

It is evident that their infrastructure was the best malware protection since it is the same malware detection system that the Central Intelligence Agency (CIA) and the Pentagon apply. The FireEye technology can detect malware even before they are executed on the target computer and give a corresponding warning of the same. The technology can also be set in such a way that it can eliminate the malware automatically without intervention by a computer operator. However, this feature was confirmed to have been switched off prior to the breach ("Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It," 2016). Consequently, this may imply that the people involved in the breach must have had an inside party with whom they worked.

As speculated in the article by Jim Walter, director of threat intelligence operations at security technology companies, Target depicted a lack of a proper grasp over its security network during the period of the breach. Moreover, the hackers had access to fine details such as the name Blade Logic used in the malware. The name was borrowed from that of authentic software that the company used for shielding of the companies cardholders and payment data ("Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It", 2016). This raises questions over who was involved in the breach. There is hence an indication that the management must have had loopholes that propagated the attack.

References

De George, R. (2003). The ethics of information technology and business. Malden, MA: Blackwell Pub.Google Books.Retrieved 21/5/2016 from https://books.google.co.ke/books?id=6acCVH389fUC&printsec=frontcover&dq=ethical+concerns+that+information+technologies+raise+in+a+global+context&hl=en&sa=X&redir_esc=y#v=onepage&q&f=falseDonaldson, S., Siegel, S., Williams, C., & Aslam, A. (2015). Enterprise cybersecurity. [New York, NY]: Apress.Google Books. Retrieved 21/5/2016 from https://books.google.co.ke/books?id=vE0nCgAAQBAJ&printsec=frontcover&dq=cyber+security&hl=en&sa=X&redir_esc=y#v=onepage&q=cyber%20security&f=falseMissed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. (2016). Bloomberg.com. Retrieved 20 May 2016, from http://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data#p1