Research A Company's Security Breach Response And Regulation

Research a Company Its Security Breach Response and Regulatory Needs

For this assignment, research the Internet or Strayer databases and select a company whose database systems have been hacked. Write a six (6) page paper in which you: Based on the information you researched, evaluate the level of responsibility of the company in terms of the effectiveness of the response to the security breach. Provide support for your rationale. Imagine that the company that you researched uses a third-party accounting system. Assess the level of responsibility of the software provider to both the business and its clients. Provide support for your rationale. Create an argument for additional regulation as a preventative measure against businesses being hacked. Provide support for your argument. Provide at least three (3) recommendations for businesses to secure their systems and assets from hackers. Provide support for your recommendation. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

Paper For Above instruction

The increasing frequency and sophistication of cyberattacks necessitate a critical evaluation of organizational responses to security breaches. For this paper, I selected the 2017 Equifax data breach, which compromised the personal information of approximately 147 million Americans. This incident provides a significant case study to assess the company’s responsibility, the role of third-party software providers, and the need for enhanced regulations and security measures in protecting sensitive data from cybercriminals.

Evaluation of Equifax’s Response to the Security Breach

The Equifax breach exposed vulnerabilities in the company’s cybersecurity infrastructure. The company’s response was widely criticized for being delayed and insufficient. Initially, Equifax failed to promptly notify the affected individuals, which is a crucial step in mitigating harm and maintaining trust. Once the breach was disclosed, Equifax established a dedicated website and call center to assist victims, but the timing and the clarity of communication drew much criticism. The company also faced backlash over its sluggish response to patch the known vulnerability in Apache Struts, which was exploited by hackers. These shortcomings indicate a lack of proactive security measures and crisis management, suggesting that Equifax bears significant responsibility for the damage caused.

Role of Third-Party Software Providers and Responsibility

Equifax relied heavily on third-party software systems, including the Apache Struts framework, which was known to have security vulnerabilities. The responsibility of the software providers becomes critical in this context, as they are expected to deliver secure, well-maintained products. However, the onus also falls on organizations like Equifax to implement timely patches and monitor their systems. In this case, the failure to update the software despite known vulnerabilities indicates a lapse in cybersecurity governance. The software provider, Apache, had issued patches before the breach, but Equifax’s delay in applying these updates signifies shared responsibility for the breach, underscoring the importance of collaborative accountability between software providers and end-users.

Need for Additional Regulation and Preventative Measures

The widespread impact of breaches such as Equifax’s highlights the necessity for more stringent regulations governing data security. Currently, regulations like the Federal Trade Commission (FTC) Act impose some obligations, but many organizations lack comprehensive cybersecurity frameworks. Implementing mandatory security standards, regular audits, and breach reporting protocols could serve as effective preventative measures. Governments could enforce stricter compliance requirements and impose penalties for negligence, thereby incentivizing organizations to prioritize cybersecurity. As cyber threats evolve, continuous regulatory adaptation is essential to safeguard consumer data and maintain system integrity.

Recommendations to Secure Business Systems and Assets

  1. Implement Regular Security Audits and Penetration Testing: Regular audits help identify vulnerabilities before they are exploited. Penetration testing simulates cyberattacks, revealing weaknesses that need remediation. This proactive approach ensures that security measures evolve alongside emerging threats (Andress & Winterfeld, 2013).
  2. Utilize Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring multiple forms of verification before granting access to systems. This significantly reduces the risk of unauthorized access caused by stolen credentials (Das et al., 2015).
  3. Maintain Up-to-Date Software and Security Patches: Timely application of security patches and updates prevents exploitation of known vulnerabilities. Organizations must establish policies ensuring that software maintenance is an ongoing process rather than a reactive measure (United States Computer Emergency Readiness Team, 2022).

In conclusion, the Equifax breach underscores the critical need for organizations to adopt comprehensive cybersecurity strategies, including effective response plans, committed leadership, and collaboration with software providers. Additionally, stringent regulations along with robust internal controls are essential to mitigate the risk of future cyberattacks. By implementing regular security assessments, multi-factor authentication, and prompt software updates, businesses can safeguard their assets and maintain consumer trust in an increasingly perilous digital landscape.

References

  • Andress, J., & Winterfeld, S. (2013). Cybersecurity: Protecting critical infrastructure from cyber attack. Syngress.
  • Das, S., Ross, K. W., & Kak, A. (2015). Multi-factor authentication: Security, usability, and privacy. IEEE Security & Privacy, 13(2), 46-53.
  • United States Computer Emergency Readiness Team. (2022). SECURE Software Maintenance: Best Practices. Retrieved from https://us-cert.cisa.gov/ncas/tips/ST04-006
  • Friedman, B., & Nissenbaum, H. (1996). Bias in computer systems. ACM Transactions on Information Systems (TOIS), 14(3), 330-347.
  • Grimes, R. (2019). The importance of cybersecurity regulations: A case study of the GDPR. Journal of Digital Policy & Regulation, 25(3), 89-104.
  • Gordon, L. A., & Ford, R. (2006). On integrating ethical issues into the information security curriculum. Journal of Information Systems Education, 17(2), 125-138.
  • Leeen, J., & McMurray, A. (2018). Cybersecurity strategies for SMEs. Small Business Economics Journal, 50(2), 329-348.
  • NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.04162018
  • Rittinghouse, J. W., & Ransome, J. F. (2017). Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. CRC Press.
  • Swanson, M., & Schneider, F. B. (2019). Trustworthy systems by design. Communications of the ACM, 62(4), 36-44.

Related Assignments