Cyber Attack and Information Security †Free Samples to Students

Question: Discuss about the Cyber Attack and Information Security System Answer: Introduction: One of the recent security breaches that is discussed in this discussion is the security breach at the university of Oklahoma on June 14, 2017 (Gray, 2015). The university has a database regarding the students information which was leaked by chance from 2012. According to the federal law it was an act of serious violation. The campus file sharing system was first affected by the cyber attack. The vice president of the university was informed about the cyber attack by the OU daily which first rectified the security breach (Gao, Zhong Mei, 2015). It is seen that the OU database was hacked and after getting the regarding information about the security breach the information technology department was working on it. The vice president also agreed about the security breach and the acknowledgement of the university information system department about it. The IT team is continuously working on the fact that people are claiming that they have downloaded the content from the universitys websit e. Another important fact regarding the data breaching is that the IT team of the university had not found any particular evidence regarding the data breach. More than 29000 records were disclosed due to the security breach. Among that most of the data was regarding the personal data of the students and also some official information regarding the university (Federgreen Sachs, 2015). Although it was unintentional according to the educational board and for that reason this incident is not considered as the violation of the federal funding of the university. Due to the cyber attack and the security breach the university and its students information was mostly affected. The number of the affected student who loosed their information due to the security breach is more than 29000. Official data of the university as well as personal data of the students both were affected due to the security breach (KuoVarki, 2014). The information contained personal data like personal details, financial status and their accounting details also in some cases. For this reason the level of the security breach was really high and the main website was immediately shut down by the university authority. If there was any violation of law due to the security breach, then the university could be affected in terms of the federal law. According to some specialists who investigated the security breach, said that it was not an external attack. The main source of the cyber attack was initiated from the inside of the university (Young, 2014). The chance for the organisation was created for the regulation of the organisational strength that cannot be hampered for the security breach. The information technology department could not be able to monitor the fact that the organisation is being attacked by such kind of threats (Ablon et al., 2016). Later the information technology department of the organisation monitored that the source of the security breach is from inside and some individual made the files of the university public (Peltier, 2013). It is already informed to the university about the files that was to be opened to the public. It was also very easy for the users to access the files so that the organisations can access those contents easily. Anyone having login id of the university can also make the system more advantageous by accessing the files. What could have been done to prevent the attack? The university can follow the regulations which are discussed following for making the security system of the university stronger and advanced. The files which are being used in the information system of the university should be encrypted. If the files are encrypted then other unauthorised access cannot make the files insecure. The people of the organisation who work in the database system and in the information technology system, should be given proper training so that the organisation can make the people aware of such data breaches (Kwon Han, 2017). Proper training can also decrease the frequency of such incidents related to data breaches and cyber security. Proper antivirus and firewall should be used in order to oppose the possible threats that can harm the universitys security. Regular assessment of the vulnerability of the server should be taken care of. The maintenance and the checking of the system should be done in a frequent and periodic way like once or twice per week. Security patching should be done in a regular basis by the IT team of the university. The backup of the information should be kept with highest priority so that the main functionality of the university is not affected by the data loss. One of the biggest cyber attacks in the recent days that have been going through worldwide is known as the ransomware attack. Most importantly this problem has being reported and has come out with a bigger image as the international Information technology giants and also other big organisations have being affected by the virus. The name of the virus is the wannacry. Ransomware is the particular type of this virus. The main problem is occurred on the computers having the windows platform like windows 10 windows 8 and windows 7. This virus is mainly distributed in the system with the help of the windows and also it uses files like MS word, excel, power point and also the pdf files (Siponen, Mahmood, Pahnila, 2014). This virus does not reveal its identity to the main computing system. Ransom basically finds out the files and the information contained into the files (Wirth, 2017). It does not let the computer system to further access the files so that it can be controlled by the virus. Who were affected and how? Most of the biggest organisations in the world were affected by the ransomware cyber attack. International information technology organisations are affected by this attack and most of the cases have found to be more vulnerable due to the attack of the ransomware virus (Kuner et al., 2017). The list of organisations which were affected by the ransomware organisation is given below. Rosneft: It is one of the biggest Russian oil producing company that is attacked by the ransoware virus. The server of the Rosneft organisation is also affected by the ransomware virus. Ap Moller-Maersk: It is a Danish shipping giant that is also attacked by the ransomware virus. The computer system and the network were totally damaged by te organisation. WPP: It is one of the biggest Britains advertising company which is attacked by the ransomware virus. Merck and CO: It is a pharmaceutical company which informed by a tweet that its computer system was hacked by the ransomware virus also. Russian banks: The Russian banks had a huge database of the information regarding the public data. It is also seen that the organisation has not being able to make the database purely secured. Lots of information is being hacked by the ransomware virus. Ukrainian banks and power grid: It is reported that most of the banks and the power grid of Ukrain are being hacked by the Ransomware virus. Saint Gobain: It is seen that Saint gobain which is one of the biggest material company had been also attacked by the organisations (Renaud, 2017). Deutsche Post: The most important postal and logistic company was also attacked by the ransomware. Metro: The metro of Germany was also affected by the attack of the wannacry virus. TNT Express: It is an organisation which is based on the Netherlands. The virus also attacks the TNT express. Mars INC: It is also an important manufacturer organisation that is attacked by the ransomware virus. Government organisations; Many administrative and government organisations are also affected by the ransomware virus (Mohurle, Patil, 2017). The computing system of the department of police of different countries like China and India, are also affected by the virus. When a ransomware virus was initiated in the computer system, then the virus goes to the main control system of the network. When a unknown link is downloaded into the system, then it is sent to the organisations whole computing platform. The virus initiates its programs into the system. The main feature of the virus is that the virus is not revealed its identity to the computer defence mechanism (Collier, 2017). Then the virus starts to be shared among the main system and it is also not identified until it attacks the main central system of the computer. Normally it uses windows platform to be shared fast. It uses files like MS word and MS exel and also pdf files for quickly being shared in the system (Martin, Kinross Hankin, 2017). The ransomware actually encrypts the files in which it has captured. After the files are encrypted by the ransomware virus, then it is nothing to do with the files (Chakravartula Lakshmi, 2017). Most importantly this problem has being reported and has come out with a bigger image as the international Information technology giants and also other big organisations have being affected by the virus. The name of the virus is the wannacry. Ransomware is the particular type of this virus. The main problem is occurred on the computers having the windows platform like windows 10 windows 8 and windows 7. What could have been done to prevent the attack? To safeguard ones self from such ransom ware virus, one should follow the following steps: The windows operating system should be updated always. The windows update option should be kept on in the main system. Update and use of the ransomware blocker software should be done in a frequent way. To block the port 445 for better security if the OS patches has not been installed in the system (Collier, 2017). The system should be always updated in order to maintain the security. References Ablon, L., Heaton, P., Lavery, D., Romanosky, S. (2016). Data Theft Victims, and Their Response to Breach Notifications. Chakravartula, R. N., Lakshmi, V. N. (2017). Combating Malware with Whitelisting in IoT-based Medical Devices. International Journal of Computer Applications, 167(8). Collier, R. (2017). NHS ransomware attack spreads worldwide. Federgreen, W. R., Sachs, F. E. (2015). U.S. Patent Application No. 14/618,434. Gao, X., Zhong, W., Mei, S. (2015). Security investment and information sharing under an alternative security breach probability function. Information Systems Frontiers, 17(2), 423-438. Gray, M. F. (2015). U.S. Patent No. D746,305. Washington, DC: U.S. Patent and Trademark Office. Kuner, C., Svantesson, D. J. B., H Cate, F., Lynskey, O., Millard, C. (2017). The rise of cybersecurity and its impact on data protection. International Data Privacy Law, 7(2), 73-75. Kuo, H. C., Varki, S. (2014). Are Firms Perceived As Safer After an Information Breach?. ACR North American Advances. Kwon, S. M., Han, C. H. (2017). Empirical Investigation on Information Breach Effect on the Market Value of the Firm: Focused on Source and Long Term Performance. Journal of Society for e-Business Studies, 21(2). Martin, G., Kinross, J., Hankin, C. (2017). Effective cybersecurity is fundamental to patient safety. Mohurle, S., Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5). Peltier, T. R. (2013). Information security fundamentals. CRC Press. Renaud, K. (2017). It makes you Wanna Cry. Siponen, M., Mahmood, M. A., Pahnila, S. (2014). Employees adherence to information security policies: An exploratory field study. Information management, 51(2), 217-224. Wirth, A. (2017). It's Time for Belts and Suspenders. Biomedical Instrumentation Technology, 51(4), 341-345. Young, E. (2014). Educational privacy in the online classroom: FERPA, MOOCs, and the big data conundrum. Harv. JL Tech., 28, 549.