Essay Example on Cyber Attacks

Main facts of the case: Why the firm should be held liable

With no doubts, cyber attacks have become one of the most dangerous and critical attacks companies security breach leaving them high and dry with multiple losses. In the recent past, Home Depot, one of the dominant American retailer in home improvement industry was attacked where its financial and personal data were compromised leading to a drop in the industry in terms of finances and clients as well.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Target stores have also become victims of the hackers where their financial data has also been compromised. Despite the firms attempt to prevent and cease these attacks, they have not been successful. When Target executives were summoned before the congressional panel to answer questions on the security breach, they admitted that they had missed warning signs on security gap. Also, experts say that Target left itself vulnerable to the attack by ignoring several federal warnings that Target was being targeted by hackers. I believe that the firms are to be held responsible for these attacks, as they could have taken more drastic measures to curb the attacks.

Home Depot claimed was attacked for five months by hackers on its payment terminals that lead to the highest breach than even Target Corp. Although the Firm did not lose its business, there has been a loss of legal help and credit card fraud. An unnamed employee said that the firm had had issues with old software and high turnover. They could have avoided the attack if they were more careful. According to Randall (2014), the effects of cyber attacks cause havoc to a nation and destruction of the industry leading to severe and permanent damage.

U.S Portal Service has also been victims of cyber attack where highly profiled personal data has been exposed. 800,000 personal data was compromised where information such as personal addresses, telephone numbers, social security numbers and names were exposed, and others swept clean. After the attack, the government just said that the exposed credit cards had not been used for malicious purposes yet and that it was working on the way forward to recover the lost data. The government also said that it would come up with measures to ensure that such an incident never happens.

Staples a U.S company retail store also faced cyber attack where 1.16 million credit cards were exposed to the attack. In this company 115 of its U.S retail stores were attacked where credit and debit card details were exposed, codes and expiration dates also revealed. The hackers and the cyber attacks have highly increased, and firms should do enough to stop it.

A firm should be held liable for any losses incurred by a client, supplier or employee in an event of a cyber attack. Most companies do not want to incur and invest in cybersecurity insurance as it can be very expensive. Cybersecurity insurance is where a firm transfers some of its risk of financial of a security breach to an insurer. The risk-management strategy that most organizations ignore is the reason that they should be held liable for all losses to customers and employees.

It is a firms responsibility to ensure that all its computer systems are well designed and implemented. Cyber attacks can be caused by poor design of the operating systems or a mistake made in its implementation. These are the firms major roles to ensure that the security of the clients is maintained. Also, in every Organization there is an I.T department that ensures that there are regular basic checks and tests to ensure that the systems are working as expected. Therefore, if these firms regularly checked the systems, such incidences could not happen, and the firms incur any cost as damages to employees.

When a client decides to work or join a certain firm as its partners, they have total trust and confidence in the firm. It is the firms duty to make sure that the trust is not broken by protecting the clients personal information. Once the trust is broken, the customer will not hear of any explanation as they had trusted the firm. The firm should, therefore, protect this trust with all that it has got.

Main facts of the case: Facts and Responses

The target was hacked on January and announced that hackers had stolen their personal data that caused a huge damage to the firms reputation as well as the resignation of their Senior Technology Officer. Why did the officer resign if not because of the discrepancies in their systems or irregular checking their systems? Experts also said that Target exposed itself to the threat by ignoring several warning signs concerning security gaps and circulated memos from federal government suggesting that Target was being targeted by hackers.

Home Depot confirmed its attack in September 2015 from April putting to risk 56 Million accounts. The firm accepted to pay $62millionto cover attack cost and the legal fee. Why did the firm agree to this if not because they were aware that they were reckless to let this attack to happen under their watch? Other than their recklessness, there were claims from an unknown employee that they experienced high turnover and old software. The old software could not detect any suspicious activities and this highly contributed to the attack.

Staples revealed that the malware responsible for the attack got its way into the terminals and cash registers that dealt with credit and debit cards. This software exposed all crucial and confidential information that was on the card including, name card number and expiry date on the card. Later on, they released a statement saying that the malware may have had access to data for orders made from 10th August 2014 to 16th September 2014. In their statement, Staples were not apologetic to their clients or employees.

There have been passed cyber attacks in the U.S. I believe that this could have been a warning sign to other firms that cyber attacks can happen to any firm. Sony was attacked in 2014 which could have given Target Corp enough time to put in necessary measures to prevent this attack or put in measures in place just in case the an attack took place. As if Target did not learn the hard lesson from Sony, it was attacked on January 2015 exposing 110 million accounts. J.P Morgan Chase accounts were next in line for the attack on August as they also did not learn of J.P. Morgans attack. After all this attacks following in line any other firm out there that valued their reputation and cared about the privacy of their clients could have taken action to prevent the same occurrences. Home Depot also was attacked on September compromising 56 million accounts.

Main facts of the case: Additional Measures

Firms should regularly update and check their software to see if there are any discrepancies in the system. As a result, any irregularities can be detected and adequate measures taken to halt the attack.

Investing in cyber security is one of the best ways to avoid high losses in case an attack happens. Most organizations fail to invest in cyber security as they have focused their minds on profitability, and cyber security is an expensive endeavor.

Have a team to respond to the crisis. There should be a team ready to take immediate action when there is a security breach. The team should organize themselves on how to minimize the damage of lost data, who to contact the stakeholders and how to reach the law enforcement.

Raising of employees awareness. Firms should train their employees on cyber security issues and teach them the crucial details of cyber security. Through this, the employees can realize the dangers of leaving a computer on and passwords visible. Most organizations do not educate their employees on cyber security as they find it quite expensive. They tend to look at the cost rather than the vulnerability of security and the costs the firm can incur once there is a security breach. This awareness can be done through office bulletin, weekly emails to remind the employees of the importance of maintaining security precautions.

Use of the latest security protection. Regular updating of the systems helps detect any unusual URL, and latest versions have new features that can greatly help.

Involvement of the C- suite. Most private companies operate lean I.T shops, with one security. Most of them lack Chief Information Officer, which endangers the security of the company. Instead, the companies should appoint top leaders to oversee the IT activities or select an IT committee to solve any securities issues in the firm. Directing one person; IT director to manage networks and security is of an advantage as he/she can point up critical issues in security. The director of the IT can organize his team on the cyber security goals and also update the management on the recent happenings on security. Protecting national property and its infrastructure can be achieved if a nation is under good security especially if there is no breach in security; cyber attacks (Amoroso, 2012)

Have hands-linking across departments. Unity and communication between different departments is a crucial security strategy. Meetings between human resource, finance, IT, risk and legal department to discuss security matters are integral to cyber security.

References

Amoroso, E. G. (2012). Cyber Attacks: Protecting National Infrastructure. Oxford: Butterworth-Heinemann.

Knight, Randall. (2014). The Effects of Cybercrime in the U.s. and Abroad. Authorhouse.