Assignment 2 Hacking The Aisdue Week 4 And Worth 240 Points

Assignment 2 Hacking The Aisdue Week 4 And Worth 240 Pointsin Todays

Assignment 2: Hacking the AIS Due Week 4 and worth 240 points In today’s technology environment, hackers present a substantial risk to a firm’s accounting or business system. As the result of these attacks, firms suffer huge losses, ranging from financial losses to losses in confidence by consumers, creditors, and suppliers. Firms may have made a significant investment in financial and non-financial resources to secure these systems. For this assignment, research the Internet or Strayer databases and select a company whose database systems have been hacked. Write a five to seven (5-7) page paper in which you: Based on the information you researched, evaluate the level of responsibility of the company in terms of the effectiveness of the response to the security breach.

Provide support for your rationale. Imagine that the company that you researched uses a third-party accounting system. Assess the level of responsibility of the software provider to both the business and its clients. Provide support for your rationale. Create an argument for additional regulation as a preventative measure against businesses being hacked.

Provide support for your arguments Provide at least three (3) recommendations for businesses to secure their systems and assets from hackers. Provide support for your recommendation. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Paper For Above instruction

In the contemporary digital landscape, cybersecurity breaches pose a significant threat to organizations across various industries, particularly impacting the integrity and confidentiality of financial and operational data. Among the myriad of cases highlighting these vulnerabilities, the 2017 Equifax data breach stands out as a pivotal example illuminating responsibility, preventive measures, and the need for enhanced regulation in cybersecurity practices. This paper critically evaluates the responsibilities of Equifax in responding to the breach, examines the role of the third-party software provider involved, and advocates for additional regulatory oversight. Furthermore, it offers strategic recommendations for businesses to fortify their systems against future cyber threats.

Evaluating Equifax’s Responsibility in Response to the Data Breach

The Equifax breach exposed sensitive personal information of approximately 147 million consumers, including social security numbers, birth dates, and addresses (Kravets, 2017). The company faced widespread criticism for its handling of the incident, primarily due to delayed notification, inadequate security measures, and insufficient transparency. Equifax’s response was criticized for its delayed disclosure—initially, the breach was discovered in July 2017, yet public disclosure occurred in September, which arguably was too late to prevent widespread malicious exploitation (Hoffman, 2018). The company's responsibility lies not only in safeguarding data but also in implementing prompt and transparent communication protocols when breaches occur.

Additionally, the breach highlighted systemic shortcomings in Equifax’s security infrastructure, suggesting a failure to continually evaluate and update technical defenses. The company’s responsibility extends to providing adequate cybersecurity training and establishing robust threat detection systems. The failure to act swiftly and effectively in protecting sensitive consumer data diminished public trust and resulted in hefty financial penalties—over $700 million in settlements (U.S. Federal Trade Commission, 2019). This underscores the significance of proactive responsibility by organizations to protect data integrity and respond efficiently during crises.

The Role of Third-Party Software Providers in Cybersecurity Responsibility

Many organizations rely on third-party accounting and financial systems to manage critical data, which introduces additional layers of vulnerability. If, as in Equifax’s case, a third-party vendor’s system is compromised, the responsibility shifts partly onto these software providers to ensure rigorous security measures. The software provider’s role encompasses delivering secure, compliant systems that adhere to industry standards such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO/IEC 27001 (Choi & Lee, 2020).

In the context of Equifax, the breach was partly attributed to a known vulnerability in Apache Struts, which went unpatched—a lapse that potentially involved the third-party vendor’s failure to provide timely updates or alerts. The third-party provider bears responsibility for maintaining secure coding practices, regular vulnerability assessments, and immediate patching protocols (Khan et al., 2019). When these responsibilities are neglected, both the business and its clients bear the brunt of losses resulting from compromised data.

Advocating for Increased Regulation to Prevent Data Breaches

The increasing frequency and sophistication of cyberattacks necessitate enhanced regulatory frameworks. Governments and industry bodies must implement stricter standards for cybersecurity practices, including mandatory breach notification timelines, cybersecurity audits, and penalties for non-compliance (Rassias & Smith, 2021). Regulations such as the General Data Protection Regulation (GDPR) in the European Union exemplify efforts to enforce accountability. An expansion of such regulations worldwide could standardize security protocols, incentivize companies to prioritize cybersecurity, and facilitate faster responses to breaches.

Moreover, regulations should also extend to third-party providers, requiring organizations to perform rigorous vetting, regular assessments, and contractual obligations for security measures. Such measures would distribute responsibility more evenly and enhance overall resilience in business ecosystems.

Recommendations for Enhancing Business Cybersecurity

1. Implementing Multi-Factor Authentication (MFA): Multi-factor authentication strengthens access controls by requiring additional verification beyond passwords, significantly reducing unauthorized access risks (Alqahtani & Alzahrani, 2020).
2. Conducting Regular Security Audits and Penetration Testing: Continuous evaluation of security infrastructure helps identify vulnerabilities before malicious actors do. Regular audits coupled with penetration testing enable proactive security management (Nash, 2018).
3. Employee Training and Awareness Programs: Human error remains a critical vulnerability. Regular training ensures that staff recognize phishing attempts, social engineering tactics, and best security practices (Williams & Williams, 2021).

In conclusion, organizations like Equifax are responsible for proactive cybersecurity measures and swift responses to breaches. The role of third-party providers must be emphasized within cybersecurity governance. Enhanced regulations are essential for creating standardized security protocols, reducing vulnerabilities, and fostering accountability. Implementing comprehensive security practices, including MFA, routine audits, and employee training, can substantially mitigate the risks posed by cyber threats and protect vital business assets and customer data.

References

• Alqahtani, A., & Alzahrani, A. (2020). Strengthening cybersecurity with multi-factor authentication. Journal of Information Security and Applications, 52, 102463.
• Choi, B., & Lee, S. (2020). Third-party compliance and cybersecurity: Managing vendor risks. International Journal of Information Management, 50, 122-131.
• Hoffman, C. (2018). Equifax breach: A failure in response and responsibility. Cybersecurity Journal, 34(2), 45-49.
• Khan, A., Farooqui, M., & Ismail, M. (2019). Security vulnerabilities in third-party software: Case study on data breaches. IEEE Transactions on Dependable and Secure Computing, 16(4), 587-600.
• Kravets, D. (2017). How the Equifax hack happened — and what it means for your data. The Verge. https://www.theverge.com/2017/9/7/16269078/equifax-data-breach-explained-how-happened
• Nash, S. (2018). The importance of security audits for information systems. Information Management & Computer Security, 26(4), 429-441.
• Rassias, D., & Smith, J. (2021). The impact of regulation on organizational cybersecurity. Journal of Cyber Policy, 6(3), 312-329.
• U.S. Federal Trade Commission. (2019). Equifax data breach settlement. Federal Trade Commission. https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-b breach-settlement
• Williams, P., & Williams, R. (2021). Human factors in cybersecurity: The vital role of training. Cybersecurity and Data Privacy Journal, 4(1), 55-60.