1 / 6100%
Runningii Head:ii YAHOOii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii
ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii 1
CIS512ii Weekii 2ii Assignment
Strayerii University
Aprilii 22,2022
YAHOOii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii
ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii 2
Anii organizationii thatii hasii violatedii U.S.ii privacyii lawsii andii regulationsii inii theii recentii pastii
isii Yahoo.ii Theii company,ii whichii isii aii well-knownii internetii serviceii provider,ii wasii involvedii inii aii
majorii dataii breachii incident.ii Theii companyii confirmedii inii theii yearii 2016ii thatii theii sensitiveii dataii ofii
approximatelyii 500ii millionii userii accountsii couldii beii exposedii asii aii resultii ofii theii dataii breachii
incidentsii thatii hadii takenii placeii (BBC,ii 2016).ii Evenii thoughii theii incidentii tookii placeii inii 2014,ii theii
companyii revealedii itii toii theii publicii onlyii inii 2016.ii Accordingii toii Trautmanii &ii Ormerodii (2016),ii
hackersii hadii succeededii inii invadingii theii digitalii systemii ofii theii companyii andii stealingii theii
sensitiveii informationii ofii usersii thatii usedii Yahooii services.ii Theii informationii thatii wasii
compromisedii inii theii attackii includedii names,ii birthdays,ii emailii addresses,ii hashedii passwordsii andii
inii certainii instances,ii encryptedii orii decryptedii securityii answersii andii questionsii (Trautmanii &ii
Ormerod,ii 2016).ii
Diagnosisii ofii systemii failureii
Theii poorii securityii practicesii thatii wereii adoptedii byii theii companyii wereii oneii ofii theii chiefii
reasonsii thatii ledii toii theii highlyii intenseii cybersecurityii attack.ii Inii fact,ii theii companyii hasii beenii
targetedii byii attackersii onii multipleii occasions,ii andii billionsii ofii usersii haveii beenii affectedii overii theii
years.ii Theii incidentii tookii placeii becauseii maliciousii actorsii wereii ableii toii gainii accessii toii theii
system,ii andii theyii compromisedii theii sensitiveii informationii ofii millionsii ofii itsii usersii (Chengii etii al.,ii
2017).ii Theii companyii hadii weakii andii ineffectiveii securityii measuresii andii controls,ii whichii
increasedii theii overallii vulnerabilityii ofii theii company,ii andii itii ultimatelyii becameii anii easyii targetii forii
hackersii andii cybercriminals.ii Itii isii believedii byii Yahooii thatii theii attackii wasii carriedii outii byii state-
sponsoredii hackersii (Williams,ii 2017).ii Hackersii hadii gainedii unauthorizedii accessii toii theii
company’sii digitalii infrastructure,ii whichii gaveii themii theii abilityii toii stealii sensitiveii userii
information.ii Accordingii toii theii investigationii thatii wasii carriedii outii byii theii FBI,ii theii hackii beganii
YAHOOii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii
ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii 3
withii aii spear-phishingii emailii thatii wasii sentii toii anii employeeii ofii Yahoo.ii Onceii theii linkii wasii
clicked,ii hackersii wereii ableii toii invadeii theii networkii andii getii accessii toii Yahoo’sii userii databaseii
(Williams,ii 2017).ii
Yahoo’sii reboundingii fromii theii violationii
Afterii beingii involvedii inii aii seriesii ofii majorii cybersecurityii incidentsii inii aii matterii ofii aii fewii
years,ii theii companyii hasii triedii toii reboundii byii introducingii aii specificii sectionii onii itsii websiteii thatii isii
devotedii toii securityii notices.ii Inii suchii notices,ii theii companyii hasii basicallyii sentii emailsii toii itsii usersii
whoii haveii beenii affectedii byii theii breachii incidents.ii Theii objectiveii ofii theseii noticesii isii toii adviseii theii
usersii toii actii inii aii cautiousii mannerii soii thatii theyii wouldii notii clickii onii anyii strangeii links,ii whichii
couldii increaseii theirii vulnerabilityii inii theii cyberii setting.ii Theii companyii hasii beenii criticizedii
forii itsii responseii toii theii incidentii andii theii delayii inii informingii theii publicii aboutii theii majorii breachii
occurrences.ii
Recommendedii measuresii toii preventii suchii violationsii
Inii orderii toii preventii cyberii breachii incidentsii fromii takingii place,ii itii isii criticalii forii organizationsii
toii haveii aii robustii cybersecurityii frameworkii inii place.ii ii ii Theii incidentii involvingii Yahooii showsii thatii
aii poorii cybersecurityii frameworkii canii giveii anii upperii handii toii hackersii andii onlineii criminals,ii andii
theyii canii easilyii violateii theii ITii securityii systemii ofii anii organization.ii Inii orderii toii minimizeii theii
levelii ofii riskii thatii arisesii fromii suchii maliciousii actors,ii itii isii necessaryii forii organizationsii toii haveii aii
solidii understandingii ofii theii latestii informationii securityii standardsii andii adoptii suitableii
cybersecurityii policiesii andii protocols.ii Someii ofii theii fundamentalii measuresii thatii mustii beii takenii byii
businessii entitiesii toii preventii violationsii fromii takingii placeii include:
YAHOOii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii
ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii 4
Providingii cybersecurityii trainingii toii theii staffii membersii ofii theii organizationsii soii thatii theyii
canii identifyii maliciousii behaviorii andii beii cautiousii whileii readingii emailsii orii clickingii onii
linksii (Alruwaili,ii 2019).ii
Aii robustii cybersecurityii frameworkii mustii beii designedii byii organizationsii byii integratingii
effectiveii securityii toolsii suchii asii intrusionii detectionii andii preventionii techniques,ii antivirusii
software,ii firewalls,ii etc.ii (Ionescuii etii al.,ii 2019).ii
Aii comprehensiveii andii thoroughii auditii ofii theii ITii infrastructureii ofii anii organizationii mustii
beii carriedii outii soii thatii anyii kindii ofii suspiciousii orii maliciousii elementsii canii beii identifiedii
withinii theii digitalii networkii ofii theii companyii (Slapničarii etii al.,ii 2022).ii
Keyii lessonsii learnedii
Theii mainii lessonsii thatii haveii beenii learnedii includeii theii needii toii haveii aii robustii
cybersecurityii frameworkii inii placeii thatii canii protectii companiesii fromii onlineii hackersii andii
cybercriminals.ii Additionally,ii thereii isii alsoii aii needii forii organizationsii toii informii diverseii
stakeholders,ii especiallyii whoii haveii beenii impactedii byii breachii incidents,ii insteadii ofii hidingii suchii
informationii fromii them.ii
YAHOOii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii
ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii 5
References
Alruwaili,ii A.ii (2019).ii Aii Reviewii Ofii Theii Impactii Ofii Trainingii Onii Cybersecurityii Awareness.ii
Internationalii Journalii ofii Advancedii Researchii inii Computerii Science,ii 10(5).
BBC.ii (2016,ii Septemberii 23).ii Yahooii 'state'ii hackersii stoleii dataii fromii 500ii millionii users.ii BBCii
News.ii Retrievedii Aprilii 22,ii 2022,ii fromii https://www.bbc.com/news/world-us-canada-
37447016ii
Cheng,ii L.,ii Liu,ii F.,ii &ii Yao,ii D.ii (2017).ii Enterpriseii dataii breach:ii causes,ii challenges,ii prevention,ii
andii futureii directions.ii Wileyii Interdisciplinaryii Reviews:ii Dataii Miningii andii Knowledgeii
Discovery,ii 7(5),ii e1211.
Ionescu,ii O.,ii Dumitru,ii V.,ii Pricop,ii E.,ii Buiu,ii O.,ii Cobianu,ii C.,ii Raneti,ii M.,ii ...ii &ii Marica,ii C.ii
(2019,ii June).ii Onii theii developmentii ofii aii robustii cyberii securityii systemii forii Internetii ofii
Thingsii devices.ii Inii 2019ii 11thii Internationalii Conferenceii onii Electronics,ii Computersii andii
Artificialii Intelligenceii (ECAI)ii (pp.ii 1-5).ii IEEE.
Slapničar,ii S.,ii Vuko,ii T.,ii Čular,ii M.,ii &ii Drašček,ii M.ii (2022).ii Effectivenessii ofii cybersecurityii audit.ii
Internationalii Journalii ofii Accountingii Informationii Systems,ii 100548.
YAHOOii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii
ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii ii 6
Trautman,ii L.ii J.,ii &ii Ormerod,ii P.ii C.ii (2016).ii Corporateii directors'ii andii officers'ii cybersecurityii
standardii ofii care:ii Theii Yahooii dataii breach.ii Am.ii ULii Rev.,ii 66,ii 1231.
Williams,ii M.ii (2017,ii Octoberii 4).ii Insideii theii Russianii hackii ofii yahoo:ii Howii theyii didii it.ii CSOii
Online.ii Retrievedii Aprilii 22,ii 2022,ii fromii
https://www.csoonline.com/article/3180762/inside-the-russian-hack-of-yahoo-how-they-
did-it.htmlii
Students also viewed