Wednesday, December 4, 2019
Role of Data Privacy in Marketing - Free Samples to Students
Question: Discuss about the Role of Data Privacy in Marketing. Answer: Introduction: On May 31 2017 around 2 a.m. PST, it was reported that there has been a data breach and the data had been compromised in OneLogin, which is an online service that enables users to login to different websites and apps from single platform. It has headquarters in San Francisco, which provides single identity management and single sign-on for the application, which are based on cloud storage ("OneLogin breached, hacker finds cleartext credential notepads", 2017). It has more than 2000 customer companies in around 44 countries in the globe with more than 300 app vendors and even more than 70 SaaS (Software as a Service) providers that is becoming trend for all new companies and the companies, which wants travel with the technology development. As it provides a single platform for accessing different applications, OneLogin had to save all the credential information related to their identity and the credentials that is needed to access any application ("OneLogin breached, hacker finds cleartext credential notepads", 2017). The intruders or the hackers that hacked the OneLogin server were able to decrypt the encrypted files in which customers very personal credentials and information were saved in those encrypted files. This led the expose of such crucial information which can lead to serious damaging to the customer, which may include the bank account details generally, internet banking. This breach was also given a name, business-existential threat. A personal message was sent to the customers regarding the breach Customer data was compromised, including the ability to decrypt encrypted data including steps that can be taken to ensure that this breach does not affect for later. However, the problem was that the crucial and very personal information were stolen and might be used by the intruders to make intrusion in the other applications. By this intrusion, they were able to manipulate and access those data and information, as the needed credentials were all pre-available to them after the breach. In this case hackers were introduced by threat actors, who have gain access to the database in which information about the apps, users and many other crucial information were being saved including the credentials that will give access to those application ("OneLogin breached, hacker finds cleartext credential notepads", 2017). All the customers among those 2000 companies were affected by this intrusion and thousands of personal account in those companies had to suffer by this data breach. OneLogin was useful application for accessing many application using one credential and single platform but at the cost of the security and privacy (Martin, Borah Palmatier, 2017). Obviously, the information and data that were being saved was for the organizational purpose only and certain specific details of the organization related to the business and transactions made with the contractors and the business partners. This threat caused risks to all the information that were being saved on the cloud using SaaS application. Certain individuals were also affected by this intrusion as many individuals used OneLogin for their personal benefits (Martin Murphy, 2017). This attack was done on the single database but has affected globally to the threats and risks of privacy and security of the organization or the individuals wh o were using OneLogin application. How the attack was carried out? Chief information security officer of OneLogin, Alvaro Hoyos, said that an unknown intruder was able to gain unauthorized access to the server of the OneLogin that was running on the United States database. This attack was started by the attempts made by the intruder to obtain set of AWS keys and used them to get access to AWS API application programming interface through another service provider other than OneLogins server (Spillner, 2017). APIs is a technical term or language for the conversation between the applications to exchange information and APIs allows developer to collect pre-written components of the software, thus both of them need to work together. The hackers get access to this server and found coding to decrypt those data, which were encrypted before for the security of those data. The hackers got access to the database table using these codes, which contains information and data about the users, applications and various other types of keys. Then they use other coding to decode the encrypted files and decrypted many files that were saved on the database. Measure that could have taken by the organization to avoid this breach is that OneLogin service provider should have introduced third party for the external security of the company to make sure that it has adequately mopped up with any of the certain data breach. All the log management system should be restricted to the SAML-based authentication. Password should be set auto reset mode based on auto generation of password (Hossain, Hasan Skjellum, 2017). This was being implemented after the breach already happened, whereas OneLogin should have learnt from the previous attack and should have implemented it before the second intrusion happened. Measures that individual or organization should be taken to keep them safe can be listed as: Monitoring leaked credentials of the customers before and after the breach (Cheng, Liu Yao, 2017). Implementation of multi-factor authentication that does not leverage SMS Deployment of an inline Web Application Firewall Monitoring leaked credentials of the employees working in the organization Monitoring whether the name of the brand and company names are mentioned or not in the crack forums (Hutching Holt, 2017). Gaining awareness about the credential stuffing tools to ensure that none of the data into wrong hands. WannaCry Ransomware Cyber Attack Ransomware cyber-attack was one of the biggest data breaches of this century that causes damages to several computers at global level. Ransomware cyber-attack affected more than 230,000 computers around the, world in between 12th may and 15th may (Collier, 2017). The intruders were asking money in the form of Bit Coin Currency in exchange of the anti-virus, which will decrypt the encrypted files as mentioned in the next paragraph, and thus it was named as WannaCry Ransomware attack (Martin, Krinoss Hankin, 2017). It is being expected that the Ransomware cyber-attack be originated from London when a European accessed a zip file, which activated the malicious virus and spread across other systems by using network as a bridge. There were mainly two software that were used to make this incident happen, one which gave them access to the storage files saved in the system, which was stolen from the U.S. agency and another which was originated by the intruders to encrypt the files. Technically, the virus encrypts all the files so that a user will not be able to open any file without the decryption code or any anti-virus, which can only be proposed by the hackers. Experts in IT found a way to slow down the wrath of this attack but after that, regular updates were started uploading to the systems, which results in wastage of time only by the attempts made by researchers. Virus was attacking the systems based on operating systems like Windows 7, window XP, Server 2003, and Windows 8 (Mohurle Patil, 2017). It was reported that the virus was not much effective on the systems that were being operated at server 2003 or Windows XP, which means hackers were targeting the latest operating systems. It was also noted that this virus mostly affects the software that were being installed from black market. This conclusion was drawn from the measurement of the damage done to the Chinese countries, as almost 70 % of the systems in China are running on the software that are from black market. This was a worldwide cyber-attack, which damages several organization including government federals to various multinational companies. Some of the organization with advanced IT were able to decrypt the files that were encrypted by them and few were saved by using common senses like turning systems offline for further access by the virus but several were affected by this attack (Renaud, 2017). Government, Hospitals, and multinational companies, of Russia, Japan, China, U.S. and several other countries were affected by this wide spread cyber-attack. Multi-national automobile companies like Nissan and Renault had to suffer damages in the production due to this data breach. This virus made several police stations of China and India to shut down their systems and put the station offline in manner to stop the spreading of the virus among different systems. Big Electronic companies and Multinational Courier Companies like Fed Ex and Hitachi reported the intrusion of this attack. Several ho spitals in UK and U.S. reported the same malware affected their systems which results in delay of several operations and surgeries. Nissan was on the list of least affected automobile companies as an individual with common sense put their all systems offline when attack was seems to affecting one system and save the rest of the systems from being corrupted by the malicious virus. This virus affected many areas in Russia and India (Gandhi, 2017). How was the attack carried out? IT researchers and the developers explained that attack was initiated at London on 12th may 2017; virus was injected into the host computer, which is activated after when a European opened a zip file. Many commands were executed automatically after the activation of that virus which was programmed by the hackers. Some commands were being executed in order to deviate the researchers and the experienced IT. After certain hours, it was found that the virus is executing command to system to connect to an unknown server, which does not exist at all. The main intention behind this execution of this code was to distract the researchers for gathering much time to corrupt the files saved in the storage of the system. The encryption was very tough that no one would be able to decrypt the files without any anti-virus or decryption coding (Gandhi Krunal, 2017). Access to the files stored in the storage of the system was gained by using the stolen software, which was in real produced by the U.S. Agency. This software was named EthernalBlue, which was used to push the virus to the storage drive of the system. The hacker named the anti-virus as DoublePulsar and they were offering this anti-virus in exchange of the money in the form of Bit Coin Currency. The preventive measures that could have prevented this ransomware attack can be listed as: First of all the EthernalBlue software should not have gone viral and exposed on the internet, which gave access to the hackers to the storage system of various users. If the files were encrypted and tokenized earlier this breach would not harm those files and data. Original operating system would have provided security patches for the systems (Mattei, 2017). Microsoft should have predetermined about such attack and should have launched the patches much earlier. Anti-malware software was also the option, which will have not allowed the third party to access the storage of the system. References Cheng, L., Liu, F., Yao, D. D. (2017). Enterprise data breach: causes, challenges, prevention, and future directions.Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery,7(5). Collier, R. (2017). NHS ransomware attack spreads worldwide. Gandhi Krunal, A. Year of Publication: 2017. Gandhi, K. A. (2017). Survey on Ransomware: A New Era of Cyber Attack.International Journal of Computer Applications,168(3). Hossain, M., Hasan, R., Skjellum, A. (2017, June). Securing the Internet of Things: A Meta-Study of Challenges, Approaches, and Open Problems. InDistributed Computing Systems Workshops (ICDCSW), 2017 IEEE 37th International Conference on(pp. 220-225). IEEE. Hutchings, A., Holt, T. J. (2017). The online stolen data market: disruption and intervention approaches.Global Crime,18(1), 11-30. Martin, G., Kinross, J., Hankin, C. (2017). Effective cybersecurity is fundamental to patient safety. Martin, K. D., Murphy, P. E. (2017). The role of data privacy in marketing.Journal of the Academy of Marketing Science,45(2), 135-155. Martin, K. D., Borah, A., Palmatier, R. W. (2017). Data privacy: Effects on customer and firm performance.Journal of Marketing,81(1), 36-58. Mattei, T. A. (2017). Privacy, Confidentiality, and Security of Health Care Information: Lessons from the Recent WannaCry Cyberattack.World Neurosurgery,104, 972-974. Mohurle, S., Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017.International Journal,8(5). OneLogin (2017). Retrieved 23 August 2017, from https://oag.ca.gov/system/files/Sample%20Notice_9.pdf Renaud, K. (2017). It makes you Wanna Cry. Spillner, J. (2017). Exploiting the Cloud Control Plane for Fun and Profit.arXiv preprint arXiv:1701.05945.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.