1-5 Security Weaknesses Assessment (Fri Ezinjo) (1)

.docx

School

Prince George's Community College, Largo *

*We aren’t endorsed by this school

Course

610

Subject

Information Systems

Date

May 4, 2024

Type

docx

Pages

5

Uploaded by blingtyra on coursehero.com

1 Step 5- Security Weaknesses Assessment Victory Smith CMP 610 Professor Ferrer
2 Summary of Medibank’s security weaknesses assessment . The Australian government reported the Medibank Private breach in 2022 as one of the worst data breaches in the country’s history (DataBreaches.net, 2024). The attack was speculated to have been implemented by a Russian cybercriminal and led to the compromise of data belonging to four million people and a breach of about 9.7 million company records (McElroy, 2020). It is, therefore, prudent to examine the threats, risks, and vulnerabilities that led to the attack since such knowledge is essential to avert future attacks. Medibank’s Threats One of the threats the company faces is phishing. Phishing can expose the massive health insurance providers' data of more than 3.7 million customers (McElroy, 2020). This can be done when a hacker uses emails similar to the companies to contact employees to share sensitive information with the hacker, subsequently compromising the information. Examples of the tricks used to implement the threat are the use of a suspicious email addresses, an urgent subject line in emails, prizes or money offers in emails, and the use of hyperlinks that can be used to make a hacker engage in phishing. The other threat is malware, which uses malicious software, including worms, viruses, Trojans, and ransom ware that can disrupt the operations of a company, such as what was witnessed at Medibank. Other threats for the company that can lead to a cyberattack are SQL injection, man-in-the-middle attacks, denial-of-service attacks, and distributed denial- of-service attacks. Medibank’s Risks After the cyber-attack that led to the Medibank private breach, it was evident that the organization faced numerous cybersecurity risks, and the information kept in the company was at
3 risk of falling into the wrong hands. The company's principal risk is the risk of data breaches that expose sensitive information to hackers. Another risk the company faces is financial losses that emanate from ransom payments made to attackers and system downtime after the disruption of a company's operations (McElroy, 2020). The other risk the bank is exposed to from cyber-attacks is the disruption of operations that can affect the provision of services and compromise the critical infrastructure of the business, thereby leading to economic instability. Medibank’s Vulnerabilities The vulnerabilities that expose a company such as Medibank to cyberattacks include weak passwords in its IT system, making it easy for a hacker to guess a password and infiltrate the company's systems. The report that examined the events before the cyber-attack at Medibank revealed that employees bring their own devices to work, which is a vulnerability for phishing, primarily when an employee performs certain company activities using their devices. The bank is also vulnerable to attacks since some of the company’s systems use outdated software that may be easily attacked due to poor security issues that outdated software usually faces (McElroy, 2020). The training that employees have at Medibank was also found to be a vulnerability since most employees are not comprehensively trained on cyber security issues and are therefore at risk of clicking hyperlinks or downloading software that attackers can exploit to gain information to infiltrate the company’s systems (Infosec Institute, 2023). The company also faces the vulnerability of poor encryption practices since most of the hacked data was found to have been poorly encrypted and, therefore, could easily have been intercepted and used by attackers to commit a cyber-attack in its IT systems.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help