Analyzes Incident Of A Security Breach †MyAssignmenthelp.com

Question: Discuss about the Analyzes Incident Of A Security Breach Ransomware Attack. Answer: Introduction Information Security is one of the most critical aspects for the organizations in the current times. The information that is associated with the users and the business organizations may fall into different information categories such as sensitive, private, public and so on. All the information categories must be protected and it shall be ensured that there are no security risks and attacks that may take place on the information sets. In spite of several efforts and mechanisms, there have been cases of information security breaches and attacks that have been recorded. The report covers the details of a recent incident of a security breach and also analyzes the May, 2017 ransomware attack. Computer Security Breach OSHA Occupational Safety and Health Administration (OSHA) is a Government agency of United States in the department of labor. There is a lot of sensitive and critical health information of the patients that is associated with OSHA. With the transformations in the field of technology, OSHA decided to migrate all of its information in the electronic form. A massive security breach took place in OSHA in August, 2017, which led to the shutting down of the electronic reporting application. OSHA had implemented a system which comprised of a web-based form in order to allow the employees to submit the injury and illness information because of a security breach. OSHA had launched an application on August 1, 2017, to keep a track of the injuries that were reported. However, it was reported that some of the pages were not available to be accessed. As a result, an emailed statement was sent to the agency by United States Computer Emergency Readiness Team in the Department of Homeland Security. The security of the data that was present in the injury tracking application was adversely impacted due to the security breach that took place (Gonzalez, 2017). There were a number of entities that were affected because of the security breach at OSHA. The first and the foremost were the employees and the patients that were associated with the agency. There private and sensitive information was exposed in front of the attackers and malevolent entities. OSHA, as an agency was also affected by the security breach. It is because of the reason that such occurrences lead to deterioration of the customer trust and also has a bad impact on the brand reputation and brand value in the market (Tornone, 2017). The customers do not feel secure to form a connection with any of the organizations that have experienced some form of a security attack or a security breach. The attack that took place in OSHA was in the form of a security breach that took place because of a weak access point. The injury tracking application that was launched by OSHA had numerous access points to allow the end-users to access the same with ease and convenience. However, since such an application was being implemented for the first time in the agency, there were certain security loopholes that were observed. These security loopholes allowed the attackers to take advantage of the security vulnerabilities and led to the occurrence of the security breach in the agency (Golla, 2017). There are many solutions that could have been used in the injury tracking application at OSHA. Security attacks are a common occurrence in the present times. However, there are countermeasures to the same that have been created to make sure that such occurrences do not take place on a repeated basis. There are many automated network security tools and applications that have been created and are available easily in the market. These tools and applications should have been used and implemented in the tracking application to keep a view of all the activities being executed in the networks associated with the application (Bertino, 2015). There are many advanced network based intrusion detection systems that have been developed which should have been used to make sure that the security breach was avoided. The attackers might have monitored the activity on the network through network eavesdropping and man in the middle attacks. These attacks would have been avoided with the use of the netw ork based security tools. Access control is one of the prime reasons that are involved in the security breach that took place at OSHA. There are various advancements that have been done in the area of access control to make sure that only the authorized users get the access to the application. In case of OSHA, the developers and the implementation team should have used role-based access control. It would have prevented the security breach from taking place in the internal as well as the external networks. There are also enhancements that have been done in the field of authentication and authorization. Two-fold authentication system along with the use of biometrics should have been done to grant the access to the authenticated users only (Wangen, 2017). There are many anti-malware and anti-denial tools that have also been developed by the technocrats. There are a number of malicious codes that are launched on the web to look for potential security vulnerabilities which often results in a security attack. However, anti-malware tools keep a track of such attempts and report them immediately to allow the security team to take a required action. Injury tracking application and the other web-based applications at OSHA should have been protected with the same. It is also necessary to ensure that in-depth planning and analysis is involved in all of the activities. OSHA is a Government agency and it is certain that the launch of the application must have been done after completion of all of the project activities. However, steps such as planning, reviews and inspections are often missed out by the business units which lead to the occurrence of a security event. All of the project phases and stages must have been covered at OSHA in order to avoid and prevent the security breach that took place. Ransomware Attack May 2017 There have been many security breaches and attacks that have taken place in the past. However, there are certain security attacks that lead to a lot of devastation and damage to the parties affected. One such attack that took place in May, 2017, was the ransomware attack which was termed as WannaCry. Ransomware attacks are defined as the attacks in which the attackers block the access to a particular system or an application and a ransom is demanded from the user to allow the access again. WannaCry was a worldwide ransomware attack that impacted over one hundred fifty countries and made use of ransomware cryptoworm to block the access of the users on the Microsoft Windows platform. The attackers executed the task of the encryption of the data present in the systems and demanded the payments in the form of Bitcoin cryptocurrency as ransom (Wong Solon, 2017). The security attack began on Friday, May 12, 2017 when National Health Staff (NHS) in UK reported of the shutting down of the systems on a gradual basis. The unlocking of the files was possible only after the payment of $300 (230) as ransom. Soon after, a number of other European countries also reported of the same incident. In Russia, there were a number of business units and organizations that were impacted. There are certain reports that have been published which state that Russia was the worst hit. There were domestic bank, health ministries and organization, the railway department along with the mobile phone companies that were impacted in the ransomware attack that took place (Hern Gibbs, 2017). Similar cases were also witnessed in other countries such as Spain, Germany, Italy, Egypt, Taiwan, France, Sweden, Portugal, Singapore, India and many others. There are many malicious codes and software that have been created to cause damage to the data and information that is present in the computer systems and on the web. One such code is a worm that is a malware and it spreads on its own in the computer systems. The other malicious codes require human intervention for triggering; however, worms are the only malevolent codes that have the ability to be launched without any human involvement (Bbc, 2017). WannaCry is a ransomware that was launched as a worm to look for the security vulnerabilities that were present in the Microsoft Windows based computer systems and had the ability to launch and multiply itself. There was a security vulnerability that was identified in association with the Microsoft systems and it was termed as EternalBlue. The cyber-security experts stated that the malware was for real and the required security patches were released to avoid any of the security breaches and attacks. The group of attackers called The Shadow Brokers made used of the same and made it publically available in April, 2017. It was being assumed as a protest to current US president, Donald Trump. However, the similar vulnerability was used to give rise to WannaCry. WannaCry gained entry to the NHS systems and other system due to the security vulnerabilities that were present. These vulnerabilities were identified a long back and some of these were not fixed. It should have been made sure that the security fixes were implemented in all the systems which would have prevented the attackers from making use of the security vulnerability for the execution of the ransomware (Palmer, 2017). Microsoft should have released emails and authentic public releases to inform the users regarding the security vulnerability and the potential security attacks that may have taken place. The users would have ensured that they took proper measures such as backing up of the information along with the encryption of the data and information so that the attacks could have been avoided and the damage control was done with ease (Erlich Zviran, 2010). Malware can spread rapidly from one system to the other. Once there are a lot many systems and applications that are impacted by a malware of any category, then it becomes extremely challenging to prevent the damage. Also, the spreading of these codes continues till a long period of time which may impact numerous systems and services. The same event occurred in case of WannaCry as the malware spread across hundreds of countries. There are many anti-malware and anti-denial tools that have also been developed by the technocrats. There are a number of malicious codes that are launched on the web to look for potential security vulnerabilities which often results in a security attack. However, anti-malware tools keep a track of such attempts and report them immediately to allow the security team to take a required action (Al-Hamdani, 2009). It is necessary to promote user awareness in association with the security risks and attacks. Many of the users are not aware of the basic security practices that they must follow to avoid the web-based attacks. The attackers take advantage of such users and cause occurrence of security breach. The similar case took place with the release of WannaCry as it could easily spread to the systems and applications. The users should, therefore, have been aware of the advancements that have been done for the prevention, detection and control of the security attacks. Conclusion Security breaches and attacks are common in the present times. It is necessary for the organizations and the end-users to make sure that they follow the correct security policies and protocols to avoid the security attacks and breaches. It must also be ensured that the security attacks that have already taken place must be made known to the users in terms of the information regarding the type of the attacks, causes, prevention measures and likewise. References Al-Hamdani, W. (2009). Three Models to Measure Information Security Compliance. International Journal Of Information Security And Privacy, 3(4), 43-67. https://dx.doi.org/10.4018/jisp.2009100104 Bbc. (2017). Massive ransomware infection hits computers in 99 countries - BBC News. BBC News. Retrieved 22 August 2017, from https://www.bbc.com/news/technology-39901382 Bertino, E. (2015). Security and privacy of electronic health information systems. International Journal Of Information Security, 14(6), 485-486. https://dx.doi.org/10.1007/s10207-015-0303-z Erlich, Z., Zviran, M. (2010). Goals and Practices in Maintaining Information Systems Security. International Journal Of Information Security And Privacy, 4(3), 40-50. https://dx.doi.org/10.4018/jisp.2010070103 Gollan, J. (2017). Labor Department blames data breach for injury reporting sites shutdown. Reveal. Retrieved 22 August 2017, from https://www.revealnews.org/blog/labor-department-blames-data-breach-for-shutdown-of-employee-injury-reporting-site/ Gonzalez, G. (2017). Security breach shuts down OSHA electronic reporting application - Business Insurance. Business Insurance. Retrieved 22 August 2017, from https://www.businessinsurance.com/article/20170816/NEWS08/912315224/Security-breach-shuts-down-OSHA-electronic-reporting-application Hern, A., Gibbs, S. (2017). What is WannaCry ransomware and why is it attacking global computers?. the Guardian. Retrieved 22 August 2017, from https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20 Palmer, D. (2017). Your failure to apply critical cybersecurity updates is putting your company at risk from the next WannaCry or Petya | ZDNet. ZDNet. Retrieved 22 August 2017, from https://www.zdnet.com/article/your-failure-to-apply-critical-cyber-security-updates-puts-your-company-at-risk-from-the-next/ Tornone, K. (2017). OSHA halts new online reporting following security breach. HR Dive. Retrieved 22 August 2017, from https://www.hrdive.com/news/osha-halts-new-online-reporting-following-security-breach/449551/ Wangen, G. (2017). A framework for estimating information security risk assessment method completeness. International Journal Of Information Security. https://dx.doi.org/10.1007/s10207-017-0382-0 Wong, J., Solon, O. (2017). Massive ransomware cyber-attack hits nearly 100 countries around the world. the Guardian. Retrieved 22 August 2017, from https://www.theguardian.com/technology/2017/may/12/global-cyber-attack-ransomware-nsa-uk-nhs