Data Breach: An Increasing Threat to Information Security - Essay Sample

Introduction

The advancement in Information Technology (IT) has led to data becoming a precious commodity to individuals and companies. Unfortunately, this has led to the growth and expansion of cybercrime. By definition, data breach is the unintentional or intentional release of private and confidential information to an untrustworthy party. Other related terms describing this phenomenon include data leak, information disclosure, data spill, and information leakage. Hence, a data breach entails a security incident whereby data and information is accessed without the authorization of the party in charge. A data leak can hurt both consumers and a business organization in several ways since it can damage reputations and lives. It is costly for a business organization and may take time to repair the battered image. Using recent examples, this paper will explain data breach in detail, make a link between data breach and surveillance capitalism and examine the management strategies that may be deployed to regain the trust of the customers after a major data breach.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Discussion

As outlined, a data breach is a security incident involving the unauthorized access of customer's confidential data and information (Isaac & Frenkel, 2018). It has to be understood that data breach can be intentional or unintentional. However, most of the incidents of data breach entail the intentional unauthorized access of corporate intellectual data or personally identifiable information to cause harm or financial gain. With confidential data and information becoming the new goldmine, data leak has become a serious potential pitfall for businesses across the world. The internet is making data breach common as cyber intruders can access private and confidential information regarding the company's customers thousands of miles away.

Due to progress in technology, more information regarding consumers has been moving to the digital platform, therefore, attracting the interest of cyber intruders. It has also made operating a business a costly endeavor. Worldwide, the average total cost of data breach to a company is 3.86 million dollars (Matsakis & Lapowsky, 2018). The most common forms of data breach include the access of personally identifiable information such as credit card numbers, names of customers, and Social Security numbers.

Facebook

Around September 2018, Facebook encountered a major data breach involving around 50 million users (Dodds, 2019). Using a bug, intruders were able to directly take over user accounts and see everything in the profiles. The intruders were able to view account user's reactions, likes, IDs, account names, and comments. In the database belonging to Los Angeles-based cloud servers, the intruders were even able to access the email addresses, friends list, and photos of users besides their names and likes. It is still unclear when the siphoning of data had begun.

The attack is similar to another authorized data breach dubbed the Cambridge Analytica scandal that took place in early 2018 (Isaac & Frenkel, 2018). In this scandal, a third-party company erroneously accessed private data and information about users for private use. Attackers were able to siphon off this information and used it to take over the account of users. In this incident, Cambridge Analytica would capture user's information by the use of a login API. Accordingly, when Facebook users logged in to the institution through Facebook via a survey application, users would leave a wealth of information that the analytics firm could access. Some of the over 150 firms that were authorized by Facebook to access user data included Apple, Amazon, Sony, and Microsoft (Murphy, 2019). Through an account user, these companies were able to get the email addresses of the friends of the users even in cases where the friends had not authorized their accounts to be accessible.

Others like Apple were interested in the contact numbers of users even when such users had explicitly disabled all sharing. These two scandals revealed just how much wealth is in data and information that Facebook users that huge companies would be willing to break the law to access. These data breaches involving Facebook have also planted mistrust in the minds of users that the company is either incapable of keeping their private data safe or is in the business of selling it. Regardless, the data breach will take several years and a substantial amount of money for Facebook to regain the trust of its users again.

Marriot Starwood Hotel

In the data breach incident involving Marriot Starwood Hotel, about 500 million guests were affected. The data leak took place in November 2018 (Whittaker, 2018). Marriot Starwood Hotel is a large hotel chain and thrives on the hotel's ability to luxuriously entertain its guests and customers pay a premium to ensure they are secure and comfortable. Confidential information of the guests including bank card data, passport numbers, contact information, and reservation details was siphoned by a cyber intruder. In 2018, the hotel discovered anomalous behavior in the information database regarding its guests and upon investigation, the brand discovered that the breach can be traced back to 2014 (Telford & Timberg, 2018). The intruder had breached, encrypted, and attempted to remove customer information from the hotel's servers.

The intruders to the hotel's network had encrypted information from the database as a way to evade detection by tools meant to prevent data loss. After encryption, the intruders had been able to remove the data from the network afterward. By the time of the discovery, the intruders had not fully decrypted the data. What shocked the hotel industry was a large number of users whose information was compromised- 500 million guests.

For about 327 of these hotel guests, the combination of the information that was breached was very vital. For example, most of the information contained a combination of phone numbers, names, dates of birth, email addresses, mail addresses, passport numbers, gender, arrival and departure information, communication preferences, reservation dates, and the preferred guest account information of the customers. Besides, the hotel outlined that there was a high possibility that the cyber attackers had also accessed the encryption technology especially the encryption keys. Using technology, the intruders could decrypt the data from the guest's payment cards.

What was particularly alarming is the convenience that the interconnectedness of the hotel chain offered to the intruders. For example, in this case, the intrusion involved malicious software installed at the gift shops, resort restaurants and other cash registers that are all connected to its network. This means that an intruder can target any of the easily accessible points within the network and launch an attack after entering the main server.

Exactis

Exactis is a data broker and aggregation firm whose work is to collect personal information that ranges from personally identifiable information, behavioral information, and marketing data. Its information was breached in June 2018. The number of people affected is thought to be approximately 340 million including consumers and businesses (Kari, 2018).

In terms of size, the volume of the compromised data that was transferred to public servers was two terabytes. It is thought that the data leak compromised every US citizen. However, the compromised information did not include social security numbers or credit card information.

However, further research revealed that the victims could be sitting ducks because the intruders have up to 400 variables including such characteristics as recreational activities and favorite pets (Greenberg, 2018). As Davis (2018) explained, with such a wealth of information, intruders can target victims whenever they want going into the future. This case highlighted how small organizations have large databases of confidential information involving millions of people and how much they are prone to data breaches as a result of inadequate policies and systems in place.

Data Breach and Surveillance Capitalism

There are several meanings attached to the phrase surveillance capitalism but they all have to do with the commodification of personal information (Kavenna, 2019). The economic pressure exerted by capitalism is the chief driving force behind the intensification of monitoring of the online behavior of users. As a result, spaces previously or originally meant to bolster social connections are saturated by corporate actors with the sole purpose of making a profit through predicting user's behavior and influencing it with the personal information (Wood & Ball, 2013).

In her book The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power Professor Shoshana Zuboff (2019) described how all these began with global tech companies including Facebook and Google persuaded billions of users from around the world to give up their confidential information in exchange for convenience. The data gathered by these companies have either been sold or accessed by other companies to predict people's behavior and also to modify and influence it. As Zuboff (2019) explained, surveillance capitalism is having a disastrous effect on freedom and democracy.

In recent years, surveillance capitalism has become a business model. With so much data regarding users easily available online, as Zuboff (2019) argues, businesses led by Microsoft, Amazon, and Google are doing everything to lead the rest in surveillance capitalism. The professor defines surveillance capitalism as a world order that claims humans experience as the free raw material for hidden commercial practices of extraction, prediction, and sales (Zuboff, 2019).

As Fuchs (2013) observed, Zuboff's observation highlights a new business model whereby corporations mine personal data, manipulate it as they see fit, and encourage the consumers to display their ego on major social network platforms. The miners of personal data are surveillance capitalists driven by the desire to predict and manipulate the behavior of consumers towards profitable outcomes (Fuchs, 2013).

Hence, the information that internet users post online, all the items that a person buys from Amazon, every Google search, every confidential conversation recorded by hidden devices, and information offered to the DNA testing labs have become a precious commodity. In this business model of surveillance capitalism, some companies have perfected the means of recording, storing, and selling of personal data to the highest bidder while others have perfected the art of manipulating the data to increase their sales and market share (Castillo, 2019).

As Zuboff (2019) explained, this model has become so rampant that the laws that govern traditional businesses are being left behind. For example, when purchasing antivirus software, the average user is unlikely to detect that the software is collecting data regarding one's behavioral habits, aligning predictive traits, and cataloging them for future access. To make matters worse, the average user is likely to have signed off on this intrusive software unaware sometime during the registration process online.

In her book, Zuboff (2019) offers examples of how this model of capitalism is taking place on a massive scale. She explained that a simple application that is meant to monitor one's health now comes with the technology to discreetly record voice, download pictures, and transfer personal data including emails, text messages, and phone numbers to build a portfolio. With the vast amount of applications that people have embraced in thei...