Research recent cyber breaches that have occurred with different companies

at
Categories
Tags

 

Research recent cyber breaches that have occurred with different companies. Select a company that had a cyber
breach and consider what happened and what could have been done differently (examples include Sony, Maersk,
Saks, Lord & Taylor, Sacramento Bee, TicketFly, Panera, Facebook, Target, Under Armour, and Equifax). Given
that cyber breaches are more common, write about the importance of cyber defenses and organizational
hardening for an organization’s supply chain. In your paper, consider the government requirements that are
currently in place and how this might apply to commercial organizations. Consider using the outline below to
better focus your paper on this complex topic:
I. Introduction
II. Review and discuss the organization that had a cyber breach.
III. Explain the importance of cyber defenses as it related to the cyber breach under discussion.
IV. Discuss the applicable government requirements.
V. Conclusion
Instructions:
Label your Word document as follows: yourlastname.docx (ex: Johnson.docx).
Essay format; not bullet format
Minimum 4 full pages of content (Word Document) of strategic material (does not include cover page, abstract,
nor reference pages)
5/31/24, 8:08 AM Writers Hub – Freelance Writing
https://www.writershub.org/writer/orders/981158#instructions 3/5
All charts, graphs, pictures are to go in the appendix (not a substitute for content).
Resources and citations are formatted according to APA (6th edition) style and formatting.
Refrain from excessive use of quotes in your response (less than 5%).
Once you submit your document to the assignment folder it will automatically be loaded to TURNITIN.COM
within the course. Your similarity scan score must be 20% or less (the following will be excluded: headers,
bibliography, etc.) prior to instructor grading paper—focus on the content of scan percentage
Plagiarism will result in an automatic zero for this assignment.
There are no late assignments accepted after the last day of the course.

 

Sample Solution

The Equifax Breach: A Case Study in Supply Chain Cybersecurity

  1. Introduction

Cybersecurity threats are a constant reality for businesses of all sizes. In today’s interconnected world, organizations are increasingly vulnerable to attacks that exploit weaknesses not just within their own systems, but also within their supply chains. This paper examines the case of the Equifax data breach of 2017, a stark example of how a compromised vendor can leave a major corporation exposed. ​

  1. The Equifax Data Breach: A Cascade of Vulnerabilities

In July 2017, credit reporting agency Equifax announced a data breach that exposed the personal information of an estimated 147 million Americans, including Social Security numbers, birth dates, and addresses. The attack exploited a vulnerability in a web application used by Equifax’s vendor, Trusted Identity Party (TIP) Inc. Hackers gained access to the system and were able to move laterally within Equifax’s network, ultimately accessing sensitive consumer data [1].

The breach exposed Equifax’s reliance on a third-party vendor with inadequate security practices. The vulnerability had been patched months prior to the attack, but Equifax had failed to apply the update, leaving a critical gap in their defenses [2]. This incident highlights the importance of a holistic approach to cybersecurity, where security measures extend beyond a company’s internal systems to encompass its entire network of partners and vendors.

III. The Importance of Cyber Defenses in Supply Chains

The Equifax breach underscores the critical role of robust cyber defenses within an organization’s supply chain. Here’s how stronger defenses could have mitigated the attack:

  • Vendor Risk Management: Equifax could have implemented a robust vendor risk management program that would have assessed TIP’s security posture before onboarding them and conducted regular security audits to ensure ongoing adherence to best practices.
  • Contractual Obligations: Equifax’s contract with TIP could have stipulated specific cybersecurity requirements, including vulnerability management procedures and breach notification protocols.
  • Data Minimization: Limiting the amount of sensitive data shared with vendors can minimize the potential damage if a breach occurs.

By implementing these measures, Equifax could have significantly reduced the risk of a successful attack originating from a vendor vulnerability.

  1. Government Regulations and their Applicability to Commercial Organizations

While there are currently no overarching federal regulations mandating specific cybersecurity controls for commercial organizations in the United States, several government entities play a role in promoting cybersecurity best practices. Here’s a breakdown of some relevant guidelines:

  • National Institute of Standards and Technology (NIST) Cybersecurity Framework: This voluntary framework provides a set of recommendations for managing cybersecurity risks. Organizations across various sectors can leverage the framework to tailor a cybersecurity program to their specific needs [3].
  • Sector-Specific Regulations: Certain industries like healthcare (HIPAA) and finance (FISMA) have specific regulations that outline cybersecurity requirements for data protection. While these regulations might not directly apply to all commercial organizations, they offer best practices that can be adopted by companies operating outside these sectors.

The increasing prevalence of cyberattacks emphasizes the growing need for stricter regulations. Several proposed bills address supply chain security concerns, including the “Securing American Federal Networks Act of 2023”, which would require federal contractors to implement specific cybersecurity controls [4]. While such legislation is not yet in place, it highlights the potential for future regulations that could mandate a more proactive approach to supply chain cybersecurity.

  1. Conclusion

The Equifax data breach serves as a cautionary tale for businesses of all sizes. Cybersecurity threats are evolving rapidly, and traditional security perimeters are no longer sufficient. Organizations need to adopt a comprehensive approach to cybersecurity that extends beyond their internal systems and encompasses their entire supply chain. Implementing vendor risk management practices, establishing contractual security requirements, and adopting best practices like data minimization can significantly reduce the risk of attacks that exploit vulnerabilities within a partner or vendor network. While government regulations in the US are currently voluntary, future legislation is likely to focus on supply chain security. By proactively adopting robust cybersecurity measures across their supply chains, organizations can protect themselves from costly breaches and safeguard sensitive consumer data.

 

This question has been answered.

Get Answer