Students will assess actual security breaches and think critically about the cause, impact, continuity, and prevention of these malicious attacks.
In Target’s 2013 holiday data breach and cyber-attack, data belonging to millions of customers was disclosed. The hackers in the Target attack used legitimate credentials to initially enter the system. In 500 words or more, address social engineering the most likely way the attackers used valid credentials to achieve their hack, and how the rather significant planning failed to protect the company. What elements of a detailed strategic operational plan were missed by Target? This assignment requires the use of at least two additional scholarly research sources published within the last 5 years. Include at least one in-text citation from each cited source.
Strategic Operational Plan
Social engineering refers to the process of manipulating people so that they may end up providing their confidential information and database for misuse. It may vary what information the attackers or hackers are trying to steal. However, mostly it had seen that hackers trick individuals to steal their crucial passwords and banking information. They may also try to access the computer system through software that allows these people to have confidential passwords and files, and even control the computer systems. Hackers try to use the techniques of social engineering to exploit human-collected data and hack computer systems (Petit, 2022). One way or another, crucial credentials are always in the news, if the password is too simple then the computer systems will not accept it. On the other hand, during data breaches. The passwords had been stolen with other data and information. Therefore, no matter whether the password gets stolen or is too simple, people have been using it for many years to protect their crucial data and will keep using it forever. However, touch and facial recognition can not be used as passwords even though they are the safest option. It is because they are cheap, while simple typed passwords are cheap to implement and easy to use. Moreover, to safeguard data, passwords, and other crucial information, organizations need to know how to achieve their information and know how hackers might use the credentials for achieving their hacks (Sentinel One, 2022).
The wide availability and the use of cryptography and biometrics techniques have demonstrated various flaws in the simple method of authentication. However, as both of the technologies are very expensive, many SMEs and mid-sized businesses are unable to protect their data viability. Through research by NCSC, it had been found that around six people out of 10 user names and their surnames as their passwords for various platforms, therefore, it is very easy for a hacker to determine the password and hack its system (Walker, 2022). In this technological world, hackers are also using various advanced-level techniques to determine the passwords of organizations and individuals and leak their private information. Hackers or attackers tend to use phishing, malware, social engineering, dictionary attacks, brute force attacks, rainbow table attacks, and mask attacks amongst various others to achieve their targets of hacking the system and leaking one’s private data and information.
It’s a very serious issue that instead of knowing about cyber security and other suspicious activities, an organization fails to protect its data. Instead, they know the value of data and information. With accurate data on the wrong hand, an organization needs to suffer various financial losses, lost brand loyalty, and lost goodwill. Even if the organizations had planned well to protect their data and are taking every possible measure, they fail in data protection (Security Magazine, 2022). Many organizations tend to use several additional security measures such as format-preserving encryption and tokenization to meet the requirement of cyber security for data protection. However, still fails in doing so. Furthermore, it’s a very harsh reality that in this digital landscape, there is no possible solution that claims to be the surefire to stop the data breaches that have been happening in the corporate world for a long time.
The elements of the strategic operational plan that was missed by Target resulting in the 2013 case of data breach and cyber attack are that the employees of the company are not educated and trained enough to deal with the cyber security threats, and the company does not follow the latest security norms and software such as biometric technology for authentication, Target uses only single authentication for safeguarding their data instead of protecting it with double factor authentication, the security systems of the company was very outdated (Shu, Tian, Ciambrone & Yao, 2017). Moreover, the company also failed in data safeguarding because senior or top-level management does not cooperate with mid and lower-level managerial systems, does not invest much time in knowing about the different security systems, and also the company focuses only on increasing profits and maximizing customer satisfaction and neglecting its privacy and data.
Petit, J. (2022). 5 Social Engineering Attacks to Watch Out For. Retrieved on 27th August 2022, from: https://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/
Sentinel One (2022). 7 Ways Hackers Steal Your Passwords. Retrieved on 27th August 2022, from: https://www.sentinelone.com/blog/7-ways-hackers-steal-your-passwords/
Walker, D. (2022). The top 12 password-cracking techniques used by hackers. Retrieved on 27th August 2022, from: https://www.itpro.co.uk/security/34616/the-top-password-cracking-techniques-used-by-hackers
Security magazine (2022). Why are companies failing at data protection? Retrieved on 27th August 2022, from: https://www.securitymagazine.com/articles/95893-why-are-companies-failing-at-data-protection
Shu, X., Tian, K., Ciambrone, A., & Yao, D. (2017). Breaking the target: An analysis of target data breach and lessons learned. arXiv preprint arXiv:1701.04940. Retrieved on 27th August 2022, from: https://arxiv.org/abs/1701.04940