Information System New York Times Report

Question: Describe the Report for Information System of New York Times. Answer: News 1 According to New York Times report dated 22nd September, 2016, Yahoo announced the biggest known intrusion in computer network by stating that account details of at least 500 million people was assessed by hacker. Although Yahoo did not named the country involved in the breach in the initially, however one week later they revealed that a group professional hackers from Eastern Europe are mainly suspected of stealing customer data (Perlroth 2016). The first evidence for hacking came when a Russian hacker revealed stolen Yahoo data in different web forums. A second hacker displayed stolen Yahoo credentials like ZIP codes, email address and other official information. Justify This report has been chosen mainly because it relates to information security breaches as it reports the biggest case of hacking information system data and causing havoc for the company. It is a great cause of concern for the regular users and also the company Verizon Communication which is in the process of acquiring the company. Reasons for the Breaches There are technical reasons for the breaches such as weak security testing by Yahoo. Neither Yahoo nor Verizon carried out security testing to check if any professional hackers can break into the Yahoo network or not. This critical security check was overlooked by the investors although the overall impact of this security breaches are huge. Losses may come in the form of stolen intellectual property and compromised user accounts. Infoarmors report highlighted the manner in which the hacking was done. It reported that the hackers exfiltrated the data in segments and delivered them in different files alphabetically. The exfiltrated data include country code, recovery email, yahoo ID, ZIP code for password recovery and many more. Impact The overall impact of the information system breach will mainly faced by the Yahoo company and other key stakeholders like millions of users and companies in partnership with Yahoo, or those planning to acquire the company. As it is the oldest email service, many people digital information relies on Yahoo, hence the impact cause by this case is significant. The hacking case is a serious issue because the data is not only linked to a single system but also on other details like financial service, banks, users family and social media networks (Vance et al. 2013). However, the overall impact on the sale price of Yahoo is still not clear. Remedies The immediate remedy for solving the problem is to instruct user to changes their passwords. It is also necessary that users avoid keeping similar passwords that they use in other online sites. Consumers should also be careful when giving any information online, as hackers have the trick consumers and breach the information system. Yahoo announced in the news that they are seeking help of law enforcement to investigate more about the reasons for breachese and identify any suspicious activities. News 2 As stated in Infoworld news dated September 26, 2016, Trump Hotel Chain was fined for information system breaches. It leads to the exposure of about 70000 credit card numbers and other personal data. The hotel chain did not report the breach to its customers and so the hotel chain had to pay 50,000 dollars in penalties. The fraud was identified when banks monitored suspicious bank transaction and found that Trump Hotel Chain has been targeted in a cyber attack that led to the exposure of credit card information of different users (Ribeiro 2016). Justify This news has been chosen because it is related to malpractice related to information system. The news report is important as it reported malpractice that skimmed payment card information. Evidence for this was gained by computer networks in different locations such as New York and Chicago hotels. Reasons for the Breaches The information system breach took place mainly because of non-technical reasons. The Hotel Chain was fined mainly because its did not had adequate protection system in place and they did not took responsible action to immediately inform the affected people about the malpractice in information system. Investigations behind the reason of fraud revealed that it could be possible only when a person has access to domain administrators credential. By gaining access to this credential, the hackers gained entry into the payment processing system of Trump Hotel Chain. The hackers installed malware so that they could get access to credit card information on all systems within the hotel premise. Another crucial reason for this information system breach was that the company delayed in placing authentication system in place even for remote access to hotel network. This action was recommended to the hotel earlier too, but still they did not acted responsibly to prevent a second attack. Impact The overall impact of the information system fraud in the hotel chain was huge. It will adversely affect the reputation and sales activities of the company. Such security breaches adversely impact profitability and disrupts the established business of companies. Hotel Trump Chain compromised with the security system and hence they were exposed to litigation and scrutiny by law firm. The company also had to incur extra expenditure on technical and legal reasons. They further deteriorated the situation by not reporting it to the customers for which they were hugely penalized. According to Business law, companies are required to respond quickly in such situation and notify to all customers about hacking customers credential (Berezina et al. 2012). Remedies To avoid such future case of misusing internal control system of companies, it is necessary that competitive companies take all measures to update software and protect their consumer information as far as possible. Even if data breaching takes despite strict security controls, it is the duty of the company to immediately inform it to all stakeholders involved. This is in accordance with the Australian law. Hence, hotel chains or any other companies should also work in compliance with relevant business laws to immediately involve people affected by information system fraud and be accountable enough to minimize all chance of hacking in the hotel system (Eckerd et al. 2013). News 3 Another exclusive report on information system breach was reported by The Register on 20th September, 2016, which state that the point of sale technology of H L Company was hacked. The hackers have claimed that they had got access to customers database. It meant they had got hold into crucial information about business activities at H L Company, credit card data and other personal information (Theregister 2016). Justify This news article has been chosen as it brings into focus the potential losses that companies suffer due to such hacking information technology. It helps to know the manner in which hackers can employ tricks to unfold crucial information about the company and gain control over internal security system in the company. Reasons The news reports the reasons for hacking. It mainly occurred because of open link to a large SQL database. The Hold security company intervened to know the cause and they found access to underground crime forums. A conversation exchanged between two unknown companies was also recovered where they were talking about buying and selling database of H L. The breached local server database was also found which showed screenshots of password, login and mortlock. Impact The person who will be at risk by the hacking of pint of sale technology in H L company are mainly the companies key clients such as different retailers and suppliers. The potential impact for H L Company cannot be determined. It depended on level of information in the database. It might also be possible that the hacker located a file upload that was vulnerable to create entry into the H L system (Lukaszewski et al. 2016). Remedy The remedy for H L Company would be to strictly strenghthen defense system to prevent access to internal information system. It is necessary that organization realize the importance of updating security system and include components of cyber security in daily operations. They should seek help from guidelines on information security control and reduce exposure to important business and customer information. Supply chain system and network segment system should also be protected from hackers by synchronizing database (Ifinedo 2012). Reference Berezina, K., Cobanoglu, C., Miller, B.L. and Kwansa, F.A., 2012. The impact of information security breach on hotel guest perception of service quality, satisfaction, revisit intentions and word-of-mouth.International journal of contemporary hospitality management,24(7), pp.991-1010. Eckerd, S., Hill, J., Boyer, K.K., Donohue, K. and Ward, P.T., 2013. The relative impact of attribute, severity, and timing of psychological contract breach on behavioral and attitudinal outcomes.Journal of Operations Management,31(7), pp.567-578. Ifinedo, P., 2012. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory.Computers Security,31(1), pp.83-95. Lukaszewski, K.M., Stone, D.L. and Johnson, R.D., 2016. Impact of human resource information system policies on privacy.AIS Transactions on Human-Computer Interaction,8(2), pp.58-73. Perlroth, N. (2016).Yahoo Says Hackers Stole Data on 500 Million Users in 2014. [online] Nytimes.com. Available at: https://www.nytimes.com/2016/09/23/technology/yahoo-hackers.html?_r=0 [Accessed 30 Sep. 2016]. Ribeiro, J. (2016).Trump hotel chain fined over data breaches. [online] InfoWorld. Available at: https://www.infoworld.com/article/3123779/security/trump-hotel-chain-fined-over-data-breaches.html [Accessed 30 Sep. 2016]. Theregister (2016).Hackers claim they breached Aussie point-of-sale tech firm, try to sell 'customer DB'. [online] Available at: https://www.theregister.co.uk/2016/09/20/exclusive_hackers_claim_pos_tech_firm_breach/ [Accessed 30 Sep. 2016]. Vance, A., Lowry, P.B. and Eggett, D., 2013. Using accountability to reduce access policy violations in information systems.Journal of Management Information Systems,29(4), pp.263-290.