Cyber Security Research Paper

Open, View, and/or
Download this Document

Total Length: 1691 words ( 6 double-spaced pages)

Total Sources: 5

Page 1 of 6

Fundamental Challenges

With respect to cybersecurity, there are two fundamental challenges – technological and human. On the technology side, many firms underinvest in cybersecurity, for whatever reason. It can be difficult to keep up with evolving threats, such as new ransomware, and companies that lack modern cybersecurity technology are especially vulnerable. In particular, companies are often keen to adopt new technologies – today cloud computing and the use of personal mobile devices for work purposes – without adequately investing in securing those new technologies. Many companies with in-house teams are ill-equipped and many smaller companies are either unwilling or unable to invest in external security solutions (Security Magazine, 2016).

The other challenge is human in nature. Human beings are typically the weakest link in cybersecurity at the average organization. The weakness often manifests in the form of poor password hygiene (Majumdar, 2017), but it can also manifest in other ways as well. Winnefield et al (2015) point out some other human issues – failing to patch vulnerabilities in legacy systems, executives not making the right decision when hacking is detected, violations of standard procedures and misconfiguring settings are all examples of human errors that can lead to cybersecurity breaches, even when the security stack is sufficient.

Target

The case highlights several errors that Target made when handling this breach. It had set up a sophisticated security network that detected the breach almost immediately. The red flag that Target overlooked was literally a red flag – FireEye flagged the malware when it arrived in Target's system and began collecting data. That first red flag was thrown up on November 30th, and there was another red flag on December 2nd when the malware was installed a second time. The case claims that there were as many as five such red flags that were thrown up. Any one of these red flags should have triggered either an automatic or a manual response from the Target security team.

The first issue is that Target had turned off the automated system that could have deleted the malware upon detection. This was pure hubris on the part of the company's security team. The case frames it thus: "Typically, as a security team, you want to have that last decision point of 'what do I do." The problem with that approach is that it forgoes an automated option, and therefore places the onus on the security team to deal with the problem.

Stuck Writing Your "Cyber Security" Research Paper?

View All Our Example Cyber Security Research Paper

Have A Custom Example Essay Written

And that's when the importance of human decision-making comes more into play.

So the second issue is that human decision-making. The exact nature of the human error is not clear from the case, but there are a couple of options. The first is that the security team simply chose to ignore the alarms. It does not appear that there is any meaningful basis for doing so, but this could have happened. The other is that the security team did not have the authority to act directly on the alarms, but rather had to escalate the alarms up the chain of command, and it is at higher levels that the inaction occurred. That seems like poor organization structure, but could have been the case. The company's CIO at the time, Beth Jacobs, resigned shortly after the incident, suggesting that this might have been the case (Biggs, 2014).

It is my sense that there were organizational structure issues that contributed to the non-reaction to the breach. It is assumed that there was a communication trail proving that people on the security team escalated the issue. It probably escalated to the executive level. At that level, someone either did not understand the threat, or failed to take it seriously. Or possible was concerned with the company's reputation if news of the threat got out, and hoped that it would go away. Whatever the reason, the inaction was inexcusable, and most of the damage could have been prevented.

Reaction

But this also calls into question the security team itself. If the security team in Minneapolis was aware of the hack, and their only response was to escalate, how could that be? Is this is situation where the organizational culture is so conservative that the company could only escalate to a higher level, and when the higher level did nothing that the security team would accept that response. The security team should have been empowered to address the hack themselves – especially if they were going to turn off the FireEye feature that allowed them to delete the malware immediately. Even if they did not have formal authority, they had to know that the right thing to do would be to delete the files manually….....

Show More ⇣

     Open the full completed essay and source list


OR

     Order a one-of-a-kind custom essay on this topic


Related Essays

National Infrastructure Protection Plan NIPP

or restore normal operations; actions taken to train or prepare individuals for cybersecurity incidents; the installation of cyber security systems; the establishment of countermeasures; the hardening of buildings and other infrastructure against threats; and the enhancement of security protocols to ensure safety of facilities. Private actors and entities that own critical infrastructure also are empowered by the NIPP to get fully involved in the protection of critical infrastructure. They are also encouraged to provide recommendations and expert advice to concerned agencies and governments to ensure CIP. According to the NIPP, the full cooperation between the public and the private sectors will play an important role in guaranteeing… Continue Reading...

How to Gather and Analyze Data

from Quantech Services Inc., a small enterprise offering superior quality consulting services and products in the following areas: Cyber Security, Program Management, Financial and Cost Management, and Engineering Services, to governmental clients such as the DoD (defense department).The personnel specifically emanated from the company’s project managers, the human resources division and also individuals constituting a project team. The obtained responses were read and analyzed numerous times to ascertain themes. Subsequently, the themes were reported and discussed as follows. Employee Motivation One of the key objectives of the study was to determine the manner in which employee motivation impacts retention. The responses from the participants indicated that motivational factors,… Continue Reading...

sample essay writing service

Cite This Resource:

Latest APA Format (6th edition)

Copy Reference
"Cyber Security" (2017, November 19) Retrieved April 26, 2024, from
https://www.aceyourpaper.com/essays/cyber-security-2166516

Latest MLA Format (8th edition)

Copy Reference
"Cyber Security" 19 November 2017. Web.26 April. 2024. <
https://www.aceyourpaper.com/essays/cyber-security-2166516>

Latest Chicago Format (16th edition)

Copy Reference
"Cyber Security", 19 November 2017, Accessed.26 April. 2024,
https://www.aceyourpaper.com/essays/cyber-security-2166516
   

Open, View, and/or
Download this Document
order custom essay example