Essay Example on Digital Transformation: Ramping Up Change and Threats

Introduction

Every year, technologists, risk managers, and security professionals comment broadly on the unmatched level of change people and businesses have or will experience from year to year. Actually, change and the escalation of new threats has become the only unchanging factor people can anticipate. The digital transformation of the global economy continues to be an ever-accelerating change of the way people conduct business, work, and life. Nevertheless, the digital shift comes alongside an effect that is far less acknowledged. As sector after sector adopts digital technology and data to change the nature of their business and customer interactions, their cyber risk profiles vary just as greatly. Every year, the scale of attacks is broadening and the impact is escalating. Moreover, as the digital transformation progresses, businesses are speeding up the migration of data to the cloud, creating new digital systems and raising the number of endpoints. These advancements develop an exponential growth in attack surface and a new set of risks against which companies must manage. Hence, this paper explores recent information security attacks and the types of cyber attackers.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Information Security Attacks

The number of information security attacks has grown constantly over the last several years affecting crucial personal data and infrastructure. Two examples of these attacks are Yahoo cyber attack and the WannaCry Ransomware.

Yahoo Security Attack

In September 2016, Yahoo reported that data related to 500 million user accounts was stolen in 2014 (Balakrishnan, 2016). Undeniably, this constituted the largest massive hacking of personal data directed against a single entity. The hackers stole names, email addresses, dates of birth, phone numbers, passwords, and security questions and answers. The hackers exploited the lack of vigilance in Yahoo regarding information security. For example, Yahoo was using MD5, which is a cryptographic hashing function susceptible to reversal with brute attacks (Olcott, 2017). Hence, the attackers used a tool they had stolen from the company during a previous attack to infiltrate Yahoo's user accounts. The tool enabled the attackers to create malicious cookies and log in without passwords (Balakrishnan, 2016). According to the U.S. Department of Justice, the Russian intelligence agency conspired with criminal hackers to conduct the attack (Olcott, 2017). This attack affected Yahoo adversely. Apparently, Verizon had agreed to purchase the company earlier in 2016. Although the company was notified of the breach, it had limited information. Consequently, Verizon bought Yahoo for $4.5 million instead of $4.8 as announced in 2016 (Olcott, 2017). Now, Verizon, as the new owner of Yahoo, can take various steps to avoid these forms of breaches in future. These steps include creating strong cryptographic control, anticipating the consequences of cybercrime, and making security the company's brand (Balakrishnan, 2016).

WannaCry Ransomware

The WannaCry Ransomware was a global cyber attack that crippled over 230,000 computers (Field, 2018). The hard-drive encrypting malware spread so quickly since the attackers behind it had combined normal malware with EternalBlue, a leaked NSA hacking instrument that enables WannaCry to use worm-like abilities to self-propagate on vulnerable Windows systems (Navetta, Segalis, Locker, & Hoffman, 2017). The worm searched for vulnerable public-facing SMB ports to which it could establish a connection. The leaked SMB exploits were used to deploy the Ransomware not only to the specific system but also to any other vulnerable machine connected to the network. The attack shut down the computers with messages from the attackers demanding ransom payments in Bitcoin cryptocurrency. Notably, the attackers exploited a security gap in computers running Microsoft operating systems that had not been updated with a security patch structure to address this precise vulnerability.

The U.S and the U.K blamed North Korea for the attack. Irrefutably, the attack's effects were adverse and extensive. For example, according to the Department of Health, WannaCry cost the National Health Service (NHS) PS92 million as it crippled numerous computer systems in U.K hospitals (Field, 2018). Other companies that were affected included the Renault, Deutsche Bahn, Russian Central Bank and FedEx (Castillo & Falzon, 2018). Companies stocks declined significantly (Castillo & Falzon, 2018).

Luckily, the attack was averted when Markus Hutchins, a cybersecurity expert based in England established a hidden weakness in the cyber attack that stopped the further propagation of WannaCry (Castillo & Falzon, 2018). Nevertheless, companies had to take various steps to avoid a similar attack in the future. In particular, they had to adopt patch management to ensure crucial assets and infrastructure is safeguarded, patched and updated timely (Castillo & Falzon, 2018).

Types of Attackers

Cyber attackers can be grouped by their set of goals, motivation, and capabilities. This paper analyzes hackers and identity thieves, as they comprise the major cybercrime actors.

Hacker

A hacker is a person who intrudes into a computer system or network illegally (Kumar & Agarwal, 2018). To a hacker, one is an IP address, an email address or a prospect for a watering hole attack. Hackers may use man-in-the-middle attacks and attempt to get in-between communications computers are engaged with other computers. The hacker can record the web pages one is browsing and any other unencrypted data. Hacking attacks occur on social networking platforms such as Twitter or Facebook, blogging sites, banks, and online financial transactions. Due to the hacking activity, people lose crucial data such as names, date of birth, telephone numbers, and credit card numbers. Hackers are mainly motivated by a cause, which can be political, economic or social. For example, embarrassing celebrities, waking up a company to its vulnerabilities, highlighting human rights, or going after groups whose ideologies they do not agree with can motivate them (Madarie, 2017).

Undeniably, hacking is a prevalent issue today. Yahoo Security Breach is a recent example of hacking where attackers managed to hack into Yahoo systems and steal personal information of its users. The hackers stole names, email addresses, dates of birth, phone numbers, passwords, and security questions and answers. They were motivated by Yahoo's data security vulnerabilities that they had unearthed in a previous attack.

Identity Thief

Identity theft is a form of fraud that involves the gathering of personal information and using it to build a picture of others through the Internet. If adequate sensitive data is collected, it can allow an identity thief to masquerade as another person in some way, the worst-case scenario involving the thief stealing one's bank details. Online identity theft can be attained in various ways like malware injection, forced hacking, and email phishing. According to Hedayati (2012), the primary motives of attackers for stealing identities include to sell the stolen information, to commit further fraud, and hiding their identity.

An example of a recent example of identity theft is the case relating to Sharif King, the Manhattan man who was convicted for engaging in identity theft schemes in the U.S. he had fraudulently used his employees' identities to steal money and buy a car.

Conclusion

To conclude, information security attacks is a prevalent problem in recent times characterized by advancement in technology. As unearthed in this paper, it is clear that companies such as Yahoo and individuals are at risk of being cybercrime victims. These attacks make them lose crucial data, breach their infrastructure and affect their stocks negatively. Notwithstanding, companies, and individuals can mitigate this risks by ensuring their computer systems and information stored in them is secured by creating strong cryptographic control, anticipating the consequences of cybercrime, and making security the company's brand.

References

Balakrishnan, A. (2016, September 22). Yahoo confirms Huge Data Breach, Affecting at least 500 Million Accounts. CNBC. Retrieved from https://www.cnbc.com/2016/09/22/yahoo-confirms-huge-data-breach-affecting-at-least-500-million-accounts.html

Castillo, D., & Falzon, J. (2018). An analysis of the impact of Wannacry cyberattack on cybersecurity stock returns. Review of Economics & Finance, 13, 93-100. Retrieved from http://www.bapress.ca/ref/ref-article/1923-7529-2018-03-93-08.pdf

Field, M. (2018, October 11). WannaCry Cyber Attack cost the NHS PS92 Million as 19,000 Appointments Cancelled. The Telegraph. Retrieved from https://www.telegraph.co.uk/technology/2018/10/11/wannacry-cyber-attack-cost-nhs-92m-19000-appointments-cancelled/

Hedayati, A. (2012). An analysis of identity theft: Motives, related frauds, techniques and prevention. Journal of Law and Conflict Resolution, 4(1), 1-12. doi: 10.5897/JLCR11.044

Kumar, S., & Agarwal, D. (2018). Hacking Attacks, Methods, Techniques and Their Protection Measures. International Journal of Advance Research in Computer Science and Management, 4 (4). Retrieved from https://www.researchgate.net/profile/Sunil_Kumar603/publication/324860675_Hacking_Attacks_Methods_Techniques_And_Their_Protection_Measures/links/5ae7ea5ca6fdcc03cd8dbf8f/Hacking-Attacks-Methods-Techniques-And-Their-Protection-Measures.pdf

Madarie, R. (2017). Hackers' Motivations: Testing Schwartz's Theory of Motivational Types of Values in a Sample of Hackers. International Journal of Cyber Criminology, 11(1). doi: 10.5281/zenodo.495773

Navetta, D., Segalis, B., Locker., E., &Hoffman, A. (2017). "WannaCry Ransomware Attack Summary", Data Protection Report. [Online]. Retrieved from http://www.dataprotectionreport.com/2017/05/wannacry-ransomware-attack-summary/

Olcott, J. (2017, May 19). Deconstructing the 2016 Yahoo Security Breach. Darkreading. Retrieved from https://www.darkreading.com/attacks-breaches/deconstructing-the-2016-yahoo-security-breach-/a/d-id/1328866