Tuesday, May 5, 2020
Big Data Security Breaches
Question: Discuss about the Big Data Security Breaches. Answer: Introduction The year 2015 had been considered as the year of breaches. In 2015, there were numerous large organizations, such as, health-care organizations, financial organizations, higher educational institutes, federal markets, and even security industries, which had suffered a lot with data breaches. While the data breach barrage had proceeded, the solution providers for security breaches said that the awareness of customers about the security issues is required as well as investments are necessary for the data security technologies. The LastPass organization provides the easiest way for online account holders to secure their data accounts because the LastPass is the organization, which generates unique as well as strong security passwords or codes for millions of account holders, which is such a relief, but in September 2015, the password managing organization LastPass itself was smashed by cyber attackers, and the hackers had gained access to all the details of the users accounts (Bellovin, 2015). In September 2015, the password management firm LastPass had announced that the firm is suffering with computer security breach and became the victim of a big cyber-attack, due to which the firm is compromising with its secured data, such as, email addresses, authentication hashes, password reminders as well as with the servers of their users. The company LastPass had disclosed that the servers per user salts, which they are using is not enough to prevent dictionary brute and cyber force attacks. In September 2015, th e LastPass firm also had posted a blog, which indicated that the team of the LastPass has discovered as well as observed that some suspicious activities are happening on their entire network (Ducklin, 2017). During the investigation, the company has discovered that the email addresses of users accounts, authentication hashes, as well as their password reminders were compromised. Why and How It Occurred The firm LastPass had revealed that the cryptographic protection technique in which they use master passwords to protect their users online accounts include hashing as well as salting functions, which are designed to make the basic passwords, which are impossible for the hackers to crack (Paul, 2017). However, the accounts with very simple passwords and those online accounts which are reused by the users on some unauthenticated websites are not completely safe. Therefore, the delicate data of users via their email-ids can be hacked. There are a number of online account holders which are affected by this security breach. The severity of this cyber-attack is very high, which was first discovered in the year 2011. This breach had proved to be very bad for the users who had weak passwords, as it was easily guessed by the hackers. The LastPass in 2015 had disclosed that when they tried to reset their users passwords then they came to know that their entire security accounts have been hack ed. Possible Solutions The cyber-attacks or digital assaults are always developing, so the security experts must remain working in their labs and preparing new plans to keep all such breaches under control. The experts believe that a new technique named as encryption will deflect hackers and cyber attackers by serving fake information for each inaccurate guess for the passwords (Dutt, Kaur, 2013). This kind of approach slows down the activities of the attackers or cyber hackers, as well as conceivably covers the right passwords in a stack of false ones. One other emerging method is there to overcome such cyber-attacks like the LastPass had faced is quantum key dispersion, which shares the passwords integrated in photons over the fiber optic, that may have the viability now as well as for many years in the future also. The LastPass must enable a multi-figure authentication to secure their users accounts. This step is the most essential step which LastPass can take in case they havent already used it. Even in case of the worst cyber-attacks occurring in the organizations like if the hackers get master passwords of customers, then they still require the authentication code so that they can get access to the users of online accounts. If the firm has complete two-factor authentication, then hackers will not be able to access any account. The multi-factor authentication technique is essential for the LastPass and it is also useful for many websites, such as, social networking sites and email account websites. The cryptology technique is the best practice to protect and secure the communication of users in the existence of any third party called adversaries. Usually, cryptography is all about constructing as well as analyzing protocols, which help to prevent users accounts from third parties (Bhandari, 2016). To protect the online accounts of the LastPass customers is necessary so that their private messages cannot be read by the public. The cryptography provides various characteristics in the information security, for instance, data confidentiality, integrity and authentication. Premera BlueCross BlueShield The Premera BlueCross BlueShield is one of the biggest health insurance organizations in Boston. In 2015, numerous data breaches had hit several health insurance organizations and Premera is one of them, the company was smashed by a mega security breach. The health insurance company, the Premera BlueCross BlueShield in December had revealed that they discovered a data breach that had affected almost 11.2 million endorser, and a few individuals who work with the organization. In this data breach, the data of subscribers, such as, their names, bank details, security numbers, birth dates and some other delicate information were compromised. According to some news posted by the CEO of the firm, they had claimed that the health insurers IT systems are vulnerable to overcome the possible attacks but still they faced such issue (Tankard, 2012). The Premera organization did not disclose to its customers that their data has been hacked for the first six months when the cyber-attack has occurr ed to them, therefore, several customers filed lawsuits against them. Numerous lawsuits that were registered against the Premera organization are for being delinquent, breached its promise to customers, profaning of the Washington Clients Protection Act and the failure to discover the breach timely. Some threat related blogs indicated that the domain of the Premera website might have been portrayed to the Healthcare supplier, where the hackers utilized the identical characters replacement method and replaced the characters, like m to n, inside a fake domain. However, the Premera organization did not accumulate or store the credit card data of users, hence, the credit card details were not affected by this attack. Affected and How This cyber-hack enables DNS inquiry logging to recognize the hostname query for known malevolent C2 domains. Identify irregular string entropy, obscure endorsements, files name and so on. Monitor for excessively short endorsements, authentications with missing data, and so on. Disclose and impart information ruptures in a convenient way. The Premera had revealed that about 11 million individuals were affected by this data breach, from which 4.1 million customers belonged to other departments of Blue Cross Premera plans. In 2015, when the attack was first occurred, the organization did not have proper information on how much data breach had impacted their customers, but they were sure that it definitely affected the members from Washington and also from Alaska during that time-period. Since the underlying notice, the CareFirst had been working with Premera to audit and check the quantity of present and previous CareFirst individuals, who were possibly influenced, and also the type of members whose data was accessed throughout the assault (Rubenfire, Conn, 2015). The examination had confirmed that the assailants may have increased unapproved access to data, including name, address, date of birth, Social Security Numbers (SSNs), part ID numbers, claims data and clinical data. Attack carried out The Premera's examination verified that the assailants may have increased unapproved access to data that could incorporate names, birth details, locations, phone numbers, email addresses, Social numbers, recognizable proof numbers, financial balance data, and cases data, including clinical data of Premera subscribers. As of now, there is no sign that the information is expelled from the framework or has been utilized inappropriately (Kolbasuk, 2017). The Premera Blue Cross (Premera), which works in Washington and Alaska, had declared that the digital assailants has executed a refined assault to increase the unapproved access to its Information Technology (IT) frameworks. The Premera is working intimately with Mandiant, one of the world's driving digital security firms, and the FBI to research the assault. To date, specialists have verified that the aggressors may have increased unapproved access to individuals' data, which could incorporate part name, date of birth, email address, re sidential address, telephone number, social number, part distinguishing proof number and claims data, including clinical data. The Skyline BCBSNJ is a different and particular organization from Premera ("Premera Blue Cross Breach Exposes Financial, Medical Records Krebs on Security", 2017). Notwithstanding, a few horizons, BCBSNJ individuals who have gained access to social insurance in Premera's administration regions may have had their data stored in the Premera's information frameworks (Mcpherson, 2004). Prevent the attack The Premera Massachusetts considers security as an important parameter, which is the reason they took several steps to ensure individuals' protection as well as the protection of their data (Kim, 2016). The Premera has consent to stringent principles, including the state and government prerequisites. The Premera has started exhaustive security program addresses and security risks from various points of view, such as: Dedicated security plans Security oversight as well as governance program Various vendor risk appraisals Safety risk assurance The Data encryption is also one of the unique methodology that works with scrambling of data so that the data is unreadable by every unintended parties. Cryptography technique Triple DES was planned to renew the primary Data Cryptography Standard Algorithm, which cyber hackers finally erudite to defeat with relative ease (Greenberg, 2015). The Blowfish is also one of the algorithm designed to secure data and it also helped Premera to secure their data and protect themselves from any type of security breach. Conclusion This study concludes that both of the organizations should utilize good as well as cryptic passwords to secure their users or customers accounts to prevent it from the cyber-attackers and make it difficult for the hackers to crack the passwords. The management team of both the organizations can prepare a well-defined structure as well as execute some strategies to enhance their security systems to maintain the data integrity, availability and confidentiality. Bibliography Bellovin, S. (2015).Password Manager LastPass Warns of Breach Krebs on Security.Krebsonsecurity.com. Retrieved 7 April 2017, from https://krebsonsecurity.com/2015/06/password-manager-lastpass-warns-of-breach/ Bhandari, S. (2016). A New Era of Cryptography : Quantum Cryptography.International Journal On Cryptography And Information Security,6(3/4), 31-37. Chakraborty, H., Axon, R., Brittingham, J., Lyons, G., Cole, L., Turley, C. (2016). Differences in Hospital Readmission Risk across All Payer Groups in South Carolina.Health Services Research. Ducklin, P. (2017).Bad news! LastPass breached. Good news! You should be OK.Naked Security. Retrieved 7 April 2017, from https://nakedsecurity.sophos.com/2015/06/16/bad-news-lastpass-breached-good-news-you-should-be-ok/ Dutt, V., Kaur, A. (2013). Cyber security: testing the effects of attack strategy, similarity, and experience on cyber attack detection.International Journal Of Trust Management In Computing And Communications,1(3/4), 261. GREENBERG, A. (2015).Cite a Website - Cite This For Me.Wired.com. Retrieved 7 April 2017, from https://www.wired.com/2015/06/hack-brief-password-manager-lastpass-got-breached-hard/ Kim, K. (2016). Cryptography: A New Open Access Journal.Cryptography,1(1), 1. Kolbasuk, M. (2017).CareFirst BlueCross BlueShield Hacked.Databreachtoday.com. Retrieved 7 April 2017, from https://www.databreachtoday.com/carefirst-bluecross-blueshield-hacked-a-8248 Mcpherson, B. (2004). The Failed Conversion of CareFirst BlueCross BlueShield to For-Profit Status: Part 1, the Whole Story.INQUIRY: The Journal Of Health Care Organization, Provision, And Financing,41(3), 245-254. Paul, I. (2017).The LastPass security breach: What you need to know, do, and watch out for.PCWorld. Retrieved 7 April 2017, from https://www.pcworld.com/article/2936621/the-lastpass-security-breach-what-you-need-to-know-do-and-watch-out-for.html Premera Blue Cross Breach Exposes Financial, Medical Records Krebs on Security. (2017).Krebsonsecurity.com. Retrieved 7 April 2017, from https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/ Rubenfire, A., Conn, J. (2015).Cyberattack exposes data of 11 million Premera Blue Cross members.Modern Healthcare. Retrieved 7 April 2017, from https://www.modernhealthcare.com/article/20150317/NEWS/150319904 SHAHANI, A. (2015).Premera Blue Cross Cyberattack Exposed Millions Of Customer Records.NPR.org. Retrieved 7 April 2017, from https://www.npr.org/sections/alltechconsidered/2015/03/18/393868160/premera-blue-cross-cyberattack-exposed-millions-of-customer-records Tankard, C. (2012). Big data security.Network Security,2012(7), 5-8.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.