Key Business Processes of the Companies
Cybersecurity issues can have a direct influence on both business sakes as well as on the reputation of the business (Chhetri, Canedo and Al Faruque 2016). There are numerous Information Systems (IS) which are deployed across commercial establishments to optimize their business operations (Perlroth, Scott and Frenkel 2017). The role of the accountants of the system development projects is very much crucial to maintain the security challenges confronted by the users of the ISs (Novaes Neto et al. 2020). There are numerous risks associated to the computer-based systems as well in terms of the cybersecurity challenges.
The notable objective of this report is to focus on the latest cybersecurity issues which occurred between 2014 to 2019. The influence of the cybersecurity challenges on the business operations shall be discussed in this report as well.
Description of each company shall be provided in this report. The report shall also list the actions taken the infected organizations and shall also recommend some of the necessary security covers which can help to address similar cybersecurity issues in the future.
Overview of case 1: This cyber attack occurred in Capital One between March 22nd to March 23rd 2019 and more than 100 million users from USA and 6 million users from Canada was affected by it.
Overview of case 2: In the year 2019, a data breaching incident occurred in State Farm which is an insurance organization. Login credentials of the consumers of this business was compromised due to this cyber attack. This cyber attack is also called the credential stuffing attack.
Overview of case 3: In the year 2018, there was a credential stuffing attack in Dunkin Donuts, the social engineers got the access of the private information of the consumers. The entire security performance of the company was affected by the cyber attack. More than 20000 accounts of this business was affected due to this attack.
Information about the company
Case study 1: Capital One (2019)
Capital One is one of the most reputed American bank specialized in providing credit cards, auto loans, and savings accounts (Capital One 2020). Headquartered in Mclean Virginia, this banking organization makes the most out of the emerging technologies to optimize the business operations. There are more than 755 branches including 30 café style locations allover United States and Canada, this public company was founded in the year 1994 and the net revenue of this organization is $28.076 billion at the end of 2018. The total equity of this organization is $51.668 billion.
Actions Taken in Response to Cybersecurity Issues
Case study 2: Insurance provider State Farm (July 2019)
State firm is one of the biggest insurance organizations in Canada which was founded in the year 1922 by George J. Mecherle. Headquartered in United States, this insurance organization had over 18000 agent working across United States and Canada (State Farm 2020). There are more than 30 operational centres linked to this insurance organization. The net revenue of this organization is $81.732 billion USD, the net income of this organization is $8.788 billion USD, assets $272.52 billion USD and the total equity of this organization is $100.88 billion USD. More than 57000 employees are working in this organization and they are making the most out of emerging technologies like virtual reality and augmented reality to optimize the business operations. There are numerous divisions related to this insurance organization like insurance, and mutual funds. There are numerous subsidiary organizations which work for this insurance organization like Dover Bay Specialty Insurance Company and Amberjack Ltd.
Case study 3: Dunkin’ Donuts (November 2018)
Established in the year 1950, this food and beverage organization has more than 12871 points of distribution all around the globe. Headquartered in Massachusetts, this commercial establishment provides a wide range of products like baked goods, hot beverages, ice beverages, frozen beverages, sandwiches and soft drinks (Dunkindonuts.co.uk. 2020). The total revenue of this organization is $1.32 billion USD. This organization operates from over 12000 locations across 36 countries. This commercial establishment works very closely to other business organizations like Boston Red Sox and New England Patriots.
Case study 1
Acquiring credit card customers is one of the prime intentions of this public service organization (Vitunskaite et al. 2019). Credit card operating model is created by the strategic planners and the IT team of this public service organization. Emerging technologies like artificial intelligence address all the queries coming from the workers and the consumers of this business. This organization invests heavily on data structure, business analysis and business operations. All the services provided by this organization are digitalized and new and innovative services are provided to the consumers to maintain a competitive edge.
Case study 2
The key business process of this organization revolves around three diverse categories of industries like investing organization, insurance organization, and banking organization (Butler 2018). Being the largest property and casualty insurance provider, the farm agents of this organizations play the most vital role to meet the strategic objectives of the organization. All the regular banking services are provided from this organization, apart from that, this organization looks forward to manage the savings accounts of its consumers. Managing the services of the deposit services falls under the responsibility of the employees working in this organization. Managing the money market accounts is also one of the key business operations of this organization.
Direct Influence of Cybersecurity Challenges on Business
Case study 3: Dunkin’ Donuts
Exploring new options and the creation of innovative services is one of the prime business functions which are linked to this organization (Singh 2016). Managing the existing consumers and the potential consumers are the prime target of this commercial organization. The in-house dining spaces of each of the organizations provide high-quality services to the consumers of this business. The organization focuses mainly on on-site selection, franchisee training, supply chain management, brand and marketing management. Low-cost quality products are provided to the consumers of this organization. Enhancing franchisee revenue is one of the prime business processes of this organization. There are numerous training and development programs which fall under the business processes of this company. Managing the budget accounts and financial planning also falls under the operations of this business.
Key cyber security issues
Case study 1
On July 19th, 2019, a cybercriminal who operated from outside the private network of this organization got the access of the personal information of the credit card consumers who applied for the credit card customers in this organization (Lamba 2019). The social security numbers of the consumers of this organization were compromised as a result of the cyber attack. This cyberattack affected more than 100 million consumers from the United States and 6 million consumers from Canada. Loss of data is one of the most significant issues which was linked to this cybersecurity incident, essential data like credit scores, credit limits, the balance of each consumer accounts, payment history and contact information was compromised as a result of this cyber attack. Most of the fragments of the transaction data was compromised as a result of this cyber attack. Hence, it can be understood that the compromise of the consumer data is one of the prime cybersecurity issues which is linked to this cyber attack.
Case study 2
The most significant cybersecurity issue which is linked to this cyber attack is data breaching (Govindan and Chaudhuri 2016). As a result of this stuffing attack, user ID and passwords of the online account of the stakeholders of this business was compromised as a result of the data beaching which occurred in this organization. As a result of this issue, insurance data of this business was compromised. The other cybersecurity issues which is related to thus cyber attack is the vulnerabilities related to software which was deployed across the business units of State Firm. As a result of this issue, most of the insurance claims of the consumers of the business were affected.
Overview of Case Studies
Case study 3
The most significant cybersecurity issue which is associated to this cyber attack incident are the involvement of the third parties involved in the business (Ng 2020). Shortage of cybersecurity principles is one of the other issues which were linked to this cyber attack. These two issues are directly linked to this cyber attack.
Case study 1
The cyberattack has resulted in compromise of the consumer data of this business. There are numerous risks which are linked to this issue like as loss of business sales and loss of business reputation (Hunt, Clarke and Lencucha 2019). There were diverse categories of legal liabilities which are related to consumer data of this commercial establishment. Identity theft was one of the major risks which were linked to this issue. Numerous business decisions are taken by the strategic planners of this organization based on the consumer data analysis, and it was severely affected due to the cyber attack which occurred in this business. Identification of the target market became much more difficult due to the lack of customer data analysis. The other risk associated to this issue is the inability to track the customer behaviour. Maintaining the delivery of services was affected as a result of the identified issue. Predictive analysis procedure of the business was also affected due to the loss of consumer data.
Case study 2
The most significant risk which are linked to the data breaching is the loss of revenue, at the same time, the functionalities of a website can get affected due to data breaching activities (Uys, Meyer and Niemann 2019). The vulnerabilities of business software have numerous business risks like financial loss and loss of privacy of information which is transported from one business unit to another. Apart from this, the entire organizational network can get affected due to the vulnerabilities of business software. Full system failure is the other security risk which is linked to this issue.
Case study 3
Compromise of the services provided by this food and beverage organization, and compromise of the traditional security model of the business are the two most devastating effect linked to the involvement of the third parties of the business (Upguard.com 2020). The risks coming from the third party contractors of the business include the legal and regulatory violations of the business. The intellectual properties of the business usually get affected if work ethics is not followed by any of the third-party contractors of the business. Data breaching activities are also directly linked to this issue, as a result all the sensitive information of the business might get compromised if the third parties of the business are affected. Reputational damage of the business is another major risk which is linked to this issue as well, and any sort of damage to the reputation of the company may result in poor environmental and labour practices. The entire cost structure of the suppliers of this business was revised as a result of the reputational damage of the business, the geopolitical events of the business is also directly related to the reputational damage of the business. There are diverse categories of risks linked to the lack of cybersecurity principles like the exposure of digital information and the services provided by the business. The major risk related to the lack of security principles is the decreased productivity of the workforces. Maintaining corporate cybersecurity is much difficult for commercial establishments which do not have cybersecurity principles.
Case Study 1: Capital One (2019)
Case study 1
As a result of the discussed issues, the consumer data of Capital One was compromised which resulted in a severe business loss for the organization (van Driel et al. 2016). This commercial establishment suffered a loss of $125 million due to this cyber attack. The market share of this commercial establishment reduced to more than 5.9% in the global market. At the same time, the subsidiary organizations like Amazon also suffered huge financial loss due to this cyberattack as a result, 0.5% of their market shared was reduced. Identities of the consumers of this organization was lost due to this cyberattack as well. The decision making capability of this business was also affected as a result of this cyber attack. Performance of the strategic planners of this commercial establishment was also affected due to the legal liabilities which was faced. This commercial establishment suffered heavily as they failed to track the behaviour of the consumers. The future predicting ability of this commercial establishment was also affected due to the loss suffered by the organization due to loss of consumer data.
Case study 2
The discussed issues suggested had a huge influence on the business sales of this commercial establishment lost more than $9.3 million USD (Sadgrove 2016). This cyberattacks also compromised the user name and the passwords of online consumers. Most of the software which were deployed across the business unit of this commercial establishment was very much vulnerable to security breaches after this cyberattack as the data access point of this organization was exposed. The entire private network which was deployed across the commercial units of this organization was affected due to this cyber attack.
Case study 3
The discussed issues had a huge influence on the consumer information of the business, as a result, the loyalty program of the business was severely affected (Cimpanu 2020). However, after this cyberattack, the entire private network of the organization was exposed and an average of 3.75 billion malicious login attempts every month. 2% market share of this organization was affected due to this cyber attack.
Actions reported in each case
Case study 1
After the cyber attacking incident, the strategic planners of this commercial organization enhanced the security covers of the Personally Identifiable Information (PII). Each PII is now checked and secured in regular intervals. The commercial establishment decided to check the credit limits of each consumer accounts. Security of the fragments of the transaction data was enhanced by the IT team of this commercial establishment.
Case Study 2: Insurance provider State Farm (July 2019)
Case study 2
New guidelines are provided by this commercial establishment after the cyber attack, which occurred in July 2019 (Securitymagazine.com 2020). The IT team of this organization identified the most vulnerable data access points of their private network and enhanced its security covers. Multifactor authentication techniques were introduced in each of the business units of this organization as a precautionary step to restrict future data breaching incidents. This organization installed a fraudulent monitoring systems across its private network to ensure fraud alerts.
Case study 3
The IT team of this commercial establishment notified the users of the compromised accounts to change their credentials and set complex alphanumeric passwords (Costantin, Sansurooah and Williams 2017). Hardware-based two-factor authentication was recommended to enhance the security of the information which travels from one unit of the organization to another. The privacy policies of this network was revised after this security breach.
Outcome of the reported actions
Case study 1
Security of the consumer information of this organization was enhanced to a significant extent after the security covers of PII was enhanced to a significant extent. Checking the credit card limits of the consumers was much beneficial to address the threat coming from inside the organization. Security of the transaction of this commercial establishment was enhanced to a huge extent as the security of each fragment of the transaction data was enhanced.
Case study 2
As a result of the introduction of new guidelines, the employees of this organization understood the significance of the intellectual properties of the business which are often compromised by the social engineers (Moorcraft 2020). The decision making ability of the business was restored after the introduction of new guidelines from the management team of this organization. Securing the data access points was much beneficial to restrict the access of individuals in the private network of State Farm. The file-sharing and the information sharing procedure of this commercial establishment were enhanced after the security covers of the data access points was enhanced. Security of the information which are accessed from one unit of the organization to another was enhanced after the introduction of multifactor authentication technique. The incorporation of the fraudulent monitoring systems helped this commercial establishment to monitor most of the fraudulent activities across the private network of State Firm.
Case study 3
As a result of the reported actions, the security covers of the user accounts of stakeholders of this business was enhanced to a huge extent (Security Affairs 2020). The change in credentials is much significant to reduce the risk of loss of essential information. The risk of exposure can also be avoided in this commercial establishment after the account credentials are altered. The introduction of the two-factor authentication was much beneficial to enhance the flexibility of the private network, this technique also helped this organization to reduce the helpdesk costs of this commercial establishment. Security from most of the fraudulent activities was enhanced after the introduction of this technique. Changing the privacy policy was much beneficial for the workers and the third parties to understand the techniques deployed by the social engineers to compromise a private network. The diverse categories of procedures which can help this food and beverage organization to minimize the chances of loss of essential business documents were identified after the privacy policies were revised.
Case Study 3: Dunkin’ Donuts (November 2018)
Proposed actions
Case study 1
Limiting access to customer databases is much beneficial to protection the consumer information from the threats coming from both inside and outside the business environment (Vanhoef et al. 2018). The deployment of the password management application can also be much beneficial to enhance the security covers of this commercial establishment. At the same time, the business and the legal risks of business risk has to be addressed so the existing security covers.
Case study 2
Protecting Service Set Identifier (SSID) is could have been much beneficial in State Firm to address the data breaching activities across the private network of State Firm (Security Boulevard 2020). Securing SISD can allow State Firm to prevent outsiders from getting access to the private network. Publicizing of the network can be avoided if the security cover of SSID is enhanced in the first place. Securing the basic SSID can be much helpful to secure the private network of this commercial establishment, it shall prevent the social engineers from finding any private network. Most of the fraudulent online activities can also be minimized using anti-spyware software.
Case study 3
The proposed actions to address the concerns of risk coming from the involvement of the third parties include the conduction of the third party screening, starting the practice of due diligence (Web.mit.edu 2020). This food and beverage organization must be focusing on the IT vendor risks as well, as the risk coming from the vendors falls under the category of third party risks as well. The risks coming from the involvement of the third parties can also be addressed using third party management programs. The other proposed action which can help to address the security challenges which are confronted by the stakeholders of this commercial establishment is the introduction of the principles of cybersecurity like advanced access management, data encryption and compliance business framework.
Suggestions for preventing issues in the future
Case study 1
The working habits each and every stakeholder of this commercial establishment has to be revised in the first place so that the security covers of the consumer data is enhanced (Cipher 2020). Diversifying the backups is also much recommended to enhance the security of the consumer data of this business. Most of the sensitive data of these commercial establishments can be encrypted to secure them from getting compromised from social engineers. Capital One can also be revising its privacy policy to protect the integrity of the consumer information. Providing multiple layers of security covers can also help Capital One to address future cybersecurity threats. Conduction of employee training programs can also be much beneficial to address the threat coming from future cyber threats.
Cybersecurity Issues Associated with Each Case Study
Case study 2
The security of the private network of State Firm can be enhanced using strengthened Wi-Fi connection (Patel and Palomar 2016). The remote management of this commercial establishment has to be switched off so that the remote access to the network is restricted. This commercial establishment might also limit their Wi-Fi Protected Setup so that the network security of this commercial establishment is restored. Examining the vulnerable codes of the software which are deployed in this commercial establishments can help State Farm to address the security risks coming from the vulnerable software.
Case study 3
The incorporation of the third-party risk management process can be much beneficial to enhance the security covers of this food and beverage organization as this organization faces risks from their service providers. Awareness about the cyber attacks is one of the common challenges which are confronted by the workforces of this commercial establishment; hence they can conduct effective training sessions to make them aware of the significance of the cybersecurity principles (Pappas 2017). The desired ethical behaviour from the workforces to address the security challenges can also be identified fro the training sessions.
Conclusion
Social security numbers of the consumers of this organization were compromised in Capital One, the fragments of consumer data were also destroyed due to the cyber attack. Security of the consumer information was the main risk linked to this cyberattack; however, limiting the access of the customer database can help this organization to minimize the chances of future security risks. Breaching of the organizations information like the insurance information and the software vulnerabilities are the prime issues faced during the cyber attack which occurred in State Farm. Wi-Fi Protected Setup can be incorporated to secure the private network of State Farm from the security challenges. The prime reason behind the occurrence of the cyber attack in Dunkin Donuts is the involvement of the third-party contractors; however, it can be said that the incorporation of the third-party risk management process and effective training session can be much beneficial to address the future cyber attacks in this commercial establishment.
References
Butler, L., 2018. Coffee’s Dark Secrets: Linguistic Variation in Starbucks and Dunkin Donuts. Lingua Frankly, 4.
Capital One. 2020. Capital One Credit Cards, Bank, And Loans – Personal And Business. [online] Available at: <https://www.capitalone.com/> [Accessed 25 May 2020].
Chhetri, S.R., Canedo, A. and Al Faruque, M.A., 2016, November. Kcad: kinetic cyber-attack detection method for cyber-physical additive manufacturing systems. In 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD) (pp. 1-8). IEEE.
Impact of Cybersecurity Issues on Business Operations
Cimpanu, C., 2020. Dunkin’ Donuts Accounts Compromised In Second Credential Stuffing Attack In Three Months | Zdnet. [online] ZDNet. Available at: <https://www.zdnet.com/article/dunkin-donuts-accounts-compromised-in-second-credential-stuffing-attack-in-three-months/> [Accessed 25 May 2020].
Cipher. 2020. Analysis Of A Cyber Attack: Capital One – Cipher. [online] Available at: <https://cipher.com/blog/analysis-cyber-attack-capital-one/> [Accessed 25 May 2020].
Costantin, D., Sansurooah, K. and Williams, P.A., 2017, January. Vulnerabilities associated with wi-fi protected setup in a medical environment. In Proceedings of the Australasian Computer Science Week Multiconference (pp. 1-12).
Dunkindonuts.co.uk. 2020. Home | Dunkin’ Donuts. [online] Available at: <https://www.dunkindonuts.co.uk/> [Accessed 25 May 2020].
Govindan, K. and Chaudhuri, A., 2016. Interrelationships of risks faced by third party logistics service providers: A DEMATEL based approach. Transportation Research Part E: Logistics and Transportation Review, 90, pp.177-195.
Hunt, M., Clarke, S. and Lencucha, R., 2019. When a patient’s choices entail risks for others: third-party risks, relational ethics, and responsibilities of rehabilitation professionals. Disability and rehabilitation, pp.1-7.
Lamba, A., 2019. 8 Steps to Protect against Rising Third Party Cyber Risks. CYBERNOMICS, 1(5), pp.29-31.
Moorcraft, B., 2020. State Farm Hit By Data Breach. [online] Insurancebusinessmag.com. Available at: <https://www.insurancebusinessmag.com/us/news/cyber/state-farm-hit-by-data-breach-174829.aspx> [Accessed 25 May 2020].
Ng, A., 2020. New York Sues Dunkin’ Donuts Over Hack Affecting Thousands Of People. [online] CNET. Available at: <https://www.cnet.com/news/new-york-sues-dunkin-donuts-over-hack-affecting-thousands-of-people/> [Accessed 25 May 2020].
Novaes Neto, N., Madnick, S., de Paula, M.G. and Malara Borges, N., 2020. A Case Study of the Capital One Data Breach (Revised).
Pappas, N., 2017. Risks and marketing in online transactions: a qualitative comparative analysis. Current Issues in Tourism, 20(8), pp.852-868.
Patel, A. and Palomar, E., 2016, July. Protecting Smartphone Users’ Private Locations Through Caching. In International Conference on E-Business and Telecommunications (pp. 316-337). Springer, Cham.
Perlroth, N., Scott, M. and Frenkel, S., 2017. Cyberattack hits Ukraine then spreads internationally. The New York Times, 27, p.2017.
Sadgrove, K., 2016. The complete guide to business risk management. Routledge.
Security Affairs. 2020. American Insurance Firm State Farm Victim Of Credential Stuffing Attacks. [online] Available at: <https://securityaffairs.co/wordpress/89601/data-breach/state-farm-credential-stuffing.html> [Accessed 25 May 2020].
Security Boulevard. 2020. Capital One Data Breach: A Reminder To Lock Your Back Door – Security Boulevard. [online] Available at: <https://securityboulevard.com/2019/08/capital-one-data-breach-a-reminder-to-lock-your-back-door/> [Accessed 25 May 2020].
Securitymagazine.com. 2020. [online] Available at: <https://www.securitymagazine.com/articles/90689-state-farm-suffers-data-breach> [Accessed 25 May 2020].
Singh, D., 2016. Using convolutional neural networks to perform classification on state farm insurance driver images. Technical report, Stanford University, 650 Serra Mall, CA.
State Farm. 2020. Auto, Life Insurance, Banking, & More. Get A Free Quote – State Farm®. [online] Available at: <https://www.statefarm.com/> [Accessed 25 May 2020].
Upguard.com. 2020. Dunkin’ Donuts Data Breaches And Security Report. [online] Available at: <https://www.upguard.com/security-report/dunkindonuts> [Accessed 25 May 2020].
Uys, G., Meyer, A. and Niemann, W., 2019. Taxonomies of trust in supply chain risk management in the South African third party logistics industry. Acta Commercii, 19(1), p.14.
van Driel, W., Ganán, C., Lobbezoo, M. and van Eeten, M., 2016. Risk Management for Third Party Payment Networks. In Workshop of Economics of Information Security.
Vanhoef, M., Bhandaru, N., Derham, T., Ouzieli, I. and Piessens, F., 2018, June. Operating channel validation: Preventing multi-channel man-in-the-middle attacks against protected Wi-Fi networks. In Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks (pp. 34-39).
Vitunskaite, M., He, Y., Brandstetter, T. and Janicke, H., 2019. Smart cities and cyber security: Are we there yet? A comparative study on the role of standards, third party risk management and security ownership. Computers & Security, 83, pp.313-331.
Web.mit.edu. 2020. [online] Available at: <https://web.mit.edu/smadnick/www/wp/2020-07.pdf> [Accessed 25 May 2020].
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
