1 / 6100%
Runningc Head:c YAHOOc c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c
c c c c c c c c c c c c 1
CIS512c Weekc 2c Assignment
Strayerc University
Aprilc 22,2022
YAHOOc c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c
c c c c c c c c c c c c c c c c c 2
Anc organizationc thatc hasc violatedc U.S.c privacyc lawsc andc regulationsc inc thec recentc pastc isc
Yahoo.c Thec company,c whichc isc ac well-knownc internetc servicec provider,c wasc involvedc inc ac majorc
datac breachc incident.c Thec companyc confirmedc inc thec yearc 2016c thatc thec sensitivec datac ofc
approximatelyc 500c millionc userc accountsc couldc bec exposedc asc ac resultc ofc thec datac breachc
incidentsc thatc hadc takenc placec (BBC,c 2016).c Evenc thoughc thec incidentc tookc placec inc 2014,c thec
companyc revealedc itc toc thec publicc onlyc inc 2016.c Accordingc toc Trautmanc &c Ormerodc (2016),c
hackersc hadc succeededc inc invadingc thec digitalc systemc ofc thec companyc andc stealingc thec sensitivec
informationc ofc usersc thatc usedc Yahooc services.c Thec informationc thatc wasc compromisedc inc thec
attackc includedc names,c birthdays,c emailc addresses,c hashedc passwordsc andc inc certainc instances,c
encryptedc orc decryptedc securityc answersc andc questionsc (Trautmanc &c Ormerod,c 2016).c
Diagnosisc ofc systemc failurec
Thec poorc securityc practicesc thatc werec adoptedc byc thec companyc werec onec ofc thec chiefc
reasonsc thatc ledc toc thec highlyc intensec cybersecurityc attack.c Inc fact,c thec companyc hasc beenc
targetedc byc attackersc onc multiplec occasions,c andc billionsc ofc usersc havec beenc affectedc overc thec
years.c Thec incidentc tookc placec becausec maliciousc actorsc werec ablec toc gainc accessc toc thec system,c
andc theyc compromisedc thec sensitivec informationc ofc millionsc ofc itsc usersc (Chengc etc al.,c 2017).c
Thec companyc hadc weakc andc ineffectivec securityc measuresc andc controls,c whichc increasedc thec
overallc vulnerabilityc ofc thec company,c andc itc ultimatelyc becamec anc easyc targetc forc hackersc andc
cybercriminals.c Itc isc believedc byc Yahooc thatc thec attackc wasc carriedc outc byc state-sponsoredc
hackersc (Williams,c 2017).c Hackersc hadc gainedc unauthorizedc accessc toc thec company’sc digitalc
infrastructure,c whichc gavec themc thec abilityc toc stealc sensitivec userc information.c Accordingc toc thec
investigationc thatc wasc carriedc outc byc thec FBI,c thec hackc beganc withc ac spear-phishingc emailc thatc
YAHOOc c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c
c c c c c c c c c c c c c c c c c 3
wasc sentc toc anc employeec ofc Yahoo.c Oncec thec linkc wasc clicked,c hackersc werec ablec toc invadec thec
networkc andc getc accessc toc Yahoo’sc userc databasec (Williams,c 2017).c
Yahoo’sc reboundingc fromc thec violationc
Afterc beingc involvedc inc ac seriesc ofc majorc cybersecurityc incidentsc inc ac matterc ofc ac fewc
years,c thec companyc hasc triedc toc reboundc byc introducingc ac specificc sectionc onc itsc websitec thatc isc
devotedc toc securityc notices.c Inc suchc notices,c thec companyc hasc basicallyc sentc emailsc toc itsc usersc
whoc havec beenc affectedc byc thec breachc incidents.c Thec objectivec ofc thesec noticesc isc toc advisec thec
usersc toc actc inc ac cautiousc mannerc soc thatc theyc wouldc notc clickc onc anyc strangec links,c whichc couldc
increasec theirc vulnerabilityc inc thec cyberc setting.c Thec companyc hasc beenc criticizedc forc itsc
responsec toc thec incidentc andc thec delayc inc informingc thec publicc aboutc thec majorc breachc
occurrences.c
Recommendedc measuresc toc preventc suchc violationsc
Inc orderc toc preventc cyberc breachc incidentsc fromc takingc place,c itc isc criticalc forc organizationsc toc
havec ac robustc cybersecurityc frameworkc inc place.c c c Thec incidentc involvingc Yahooc showsc thatc ac
poorc cybersecurityc frameworkc canc givec anc upperc handc toc hackersc andc onlinec criminals,c andc theyc
canc easilyc violatec thec ITc securityc systemc ofc anc organization.c Inc orderc toc minimizec thec levelc ofc
riskc thatc arisesc fromc suchc maliciousc actors,c itc isc necessaryc forc organizationsc toc havec ac solidc
understandingc ofc thec latestc informationc securityc standardsc andc adoptc suitablec cybersecurityc
policiesc andc protocols.c Somec ofc thec fundamentalc measuresc thatc mustc bec takenc byc businessc
entitiesc toc preventc violationsc fromc takingc placec include:
YAHOOc c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c
c c c c c c c c c c c c c c c c c 4
Providingc cybersecurityc trainingc toc thec staffc membersc ofc thec organizationsc soc thatc theyc
canc identifyc maliciousc behaviorc andc bec cautiousc whilec readingc emailsc orc clickingc onc
linksc (Alruwaili,c 2019).c
Ac robustc cybersecurityc frameworkc mustc bec designedc byc organizationsc byc integratingc
effectivec securityc toolsc suchc asc intrusionc detectionc andc preventionc techniques,c antivirusc
software,c firewalls,c etc.c (Ionescuc etc al.,c 2019).c
Ac comprehensivec andc thoroughc auditc ofc thec ITc infrastructurec ofc anc organizationc mustc bec
carriedc outc soc thatc anyc kindc ofc suspiciousc orc maliciousc elementsc canc bec identifiedc withinc
thec digitalc networkc ofc thec companyc (Slapničarc etc al.,c 2022).c
Keyc lessonsc learnedc
Thec mainc lessonsc thatc havec beenc learnedc includec thec needc toc havec ac robustc cybersecurityc
frameworkc inc placec thatc canc protectc companiesc fromc onlinec hackersc andc cybercriminals.c
Additionally,c therec isc alsoc ac needc forc organizationsc toc informc diversec stakeholders,c especiallyc
whoc havec beenc impactedc byc breachc incidents,c insteadc ofc hidingc suchc informationc fromc them.c
YAHOOc c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c
c c c c c c c c c c c c c c c c c 5
References
Alruwaili,c A.c (2019).c Ac Reviewc Ofc Thec Impactc Ofc Trainingc Onc Cybersecurityc Awareness.c
Internationalc Journalc ofc Advancedc Researchc inc Computerc Science,c 10(5).
BBC.c (2016,c Septemberc 23).c Yahooc 'state'c hackersc stolec datac fromc 500c millionc users.c BBCc
News.c Retrievedc Aprilc 22,c 2022,c fromc https://www.bbc.com/news/world-us-canada-
37447016c
Cheng,c L.,c Liu,c F.,c &c Yao,c D.c (2017).c Enterprisec datac breach:c causes,c challenges,c prevention,c
andc futurec directions.c Wileyc Interdisciplinaryc Reviews:c Datac Miningc andc Knowledgec
Discovery,c 7(5),c e1211.
Ionescu,c O.,c Dumitru,c V.,c Pricop,c E.,c Buiu,c O.,c Cobianu,c C.,c Raneti,c M.,c ...c &c Marica,c C.c (2019,c
June).c Onc thec developmentc ofc ac robustc cyberc securityc systemc forc Internetc ofc Thingsc
devices.c Inc 2019c 11thc Internationalc Conferencec onc Electronics,c Computersc andc Artificialc
Intelligencec (ECAI)c (pp.c 1-5).c IEEE.
Slapničar,c S.,c Vuko,c T.,c Čular,c M.,c &c Drašček,c M.c (2022).c Effectivenessc ofc cybersecurityc audit.c
Internationalc Journalc ofc Accountingc Informationc Systems,c 100548.
Trautman,c L.c J.,c &c Ormerod,c P.c C.c (2016).c Corporatec directors'c andc officers'c cybersecurityc
standardc ofc care:c Thec Yahooc datac breach.c Am.c ULc Rev.,c 66,c 1231.
YAHOOc c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c
c c c c c c c c c c c c c c c c c 6
Williams,c M.c (2017,c Octoberc 4).c Insidec thec Russianc hackc ofc yahoo:c Howc theyc didc it.c CSOc
Online.c Retrievedc Aprilc 22,c 2022,c fromc https://www.csoonline.com/article/3180762/inside-
the-russian-hack-of-yahoo-how-they-did-it.htmlc
Students also viewed