Module 11 Journal 1

Posted by achon001 on

Read the three case studies and identify at least one thing each company could have done to reduce the risk of experiencing cybersecurity incidents.  Also, explain whether doing a risk assessment ahead of time would have helped each company.

               For the 3 cybersecurity incident cases, I decide to study viz 1. Yahoo data breach 2013 case 2. LinkedIn data leak 2021 case, and 3. Facebook data breach 2019 case. So, first, in the Yahoo case, it happens when the hacker or the intruder can steal the name, birth dates, phone numbers, passwords, and also security questions and answers of the account user even though all of that information was encrypted with Yahoo security because of poor security practices (phishing). It impacts 3 billion user accounts that make high damage to Yahoo. Second, in the LinkedIn case, it found the hacker that use the username “TomLiner” declares to sell information of 700 million LinkedIn users such as email addresses, full names, phone numbers, etc. on the dark web that he got by using LinkedIn’s API (Application Programming Interface) which has a potential security risk. It makes LinkedIn lose its reputation and money. Lastly, in the Facebook case, it found the personal information of Facebook users’ 533 million accounts such as user ID, address, phone number, etc. leaked on the dark web. Facebook said the hacker uses data scraping, the process that import data from a website to a local file in the computer, to get the user’s information. It is like the 2 previous cases that make Facebook lose its reputation and money.

All 3 cases are similar and relate to a data breach or data leak if you ask me how to reduce the risk to each company. I will suggest to these 3 companies recruit more cybersecurity expertise to monitor or set up the network and system, moreover, they should have more training in cybersecurity in their company because we can see in Yahoo’s case it happens from the inner person from the company that responds to the phishing email and other 2 cases it happens from the vulnerable of the system itself. And if you ask me how risk assessments ahead of time will help these 3 companies. I think it may help these 3 companies don’t have a data breach or data leak happening or can quickly recover and mitigate the problem faster than the actual case because the risk assessment makes them prepared to cope with the cybersecurity incident that may happen in the future.

Leave a Reply

Your email address will not be published. Required fields are marked *