Information Breach in Acer

Question: Discuss about theInformation Breach in Acer. Answer: The Issue: The problem that occurred in the system of the Acer is the theft of the consumer information. The authorities of the organization on the month of May revealed the incident. The customers who used of the e-Commerce site of Acer from 12th May of 2015 to 28th April of 206 became the victim of the attack ("Acer Online Store Flaw Leads to Data Breach - Security News - Trend Micro USA", 2016). The attack only occurred in the office located in California. It indicates that the security measures of the organization were not up to the current requirements that allowed the attacker to be within the system for such as long time, eleven months. According to the information provided by the organization, approximately thirty four thousand and five hundred consumers information was stolen due to the attack. In addition to that, the attackers specifically stole the personal information and credit card associated payment information such as the CVV number. On the other hand, the authorities of Acer c onfirmed that login credentials were not affected. Organizational background: Acer is one of the biggest names in the computer hardware electronics manufacturing industry. The organization is headquartered in the Xizhi,New Taipei,Taiwan ("Acer | explore beyond limits", 2016). Process of Attack: The system of the Acer made the attacker easy for getting hands on their consumers information. The gaps in the security measures are one of the biggest flaws that the Acer should had looked upon and fixed before the attack began. As the organization used to carry out business in the conventional way rather than using an e-Commerce site, they did not recognize the significance of making their system strong enough to prevent hacking activities ("Acer Online Store Flaw Leads to Data Breach - Security News - Trend Micro USA", 2016). Through utilizing the gaps in the system, the hackers got into the system at first and collected the sensitive information slowly. They did not attempt to hamper the activity of the system so that their existence does not get revealed. Though the authorities of Acer did not reveal the true process of the attack, there are sufficient information to tell that the lack of security policies and unstructured process of storing data became the cause of the losing the customer information. Moreover, the attacker may have used the phishing attack for hacking the system (Meena Kanti, 2014). The Reason: The primary reason for stealing the information of the consumer could be stealing money. As Acer assured their consumer that their bank accounts were not compromised due to that attack, the theft of money cannot be considered as the reason. Another reason behind the attack can be hampering the brand name of the organization. Another reason behind the attack, which makes the previous reason, hampering the brand name of the organization stronger, is personal hate to the organization. Mitigation Process: First of all the encryption techniques should be considered as one of the major solutions for protecting sensitive data of the organization. The encryption can be started as the most efficient and effective process or technique for securing the data. Without the right decryption key the encrypted data cannot be read. It implies that, if somehow the data gets stolen, the attacker cannot utilize the data to hamper the organization as the data is unreadable. It can be suggested to Acer to make use of NIST SP 800-57, one of the strongest encryption algorithms (Barker Barker, 2012). Another way the organization could have avoided attack is storing the information in the most structural way. In addition to that, through storing the data in database in the structural way will allow the site to store, alter and delete the information efficiently and effectively. As the attackers were within the system for eleven months and their presence was revealed after the survey, it can be stated that the organization carries out system survey once in a year ("Acer Online Store Flaw Leads to Data Breach - Security News - Trend Micro USA", 2016). It is highly recommended to Acers technical department to survey the system 4 times a year with two random surveys. This will allow the origination to detect the anomalies in the system at any part of it within much less time. The employees of the organization should also maintain some regulations so that the attack cannot be initiated internally. The workers must not access any malicious and spam website. The system will check the content of any mail which will get in and out of the system (Shcheglov Shcheglov, 2015). References: Acer | explore beyond limits. (2016).Acer.com. Retrieved 10 September 2016, from https://www.acer.com/worldwide/selection.html Acer Online Store Flaw Leads to Data Breach - Security News - Trend Micro USA. (2016).Trendmicro.com. Retrieved 10 September 2016, from https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/acer-online-store-flaw-leads-to-data-breach Barker, W. C., Barker, E. B. (2012). SP 800-67 Rev. 1. Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher. Meena, K. Kanti, T. (2014). A Review of Exposure and Avoidance Techniques for Phishing Attack.International Journal Of Computer Applications,107(5), 27-31. https://dx.doi.org/10.5120/18748-0003 Shcheglov, K. Shcheglov, A. (2015). New Approach to Data Securing in Information System.Izvesti Vysih UÄ ebnyh Zavedenij. Priborostroenie, 157-166. https://dx.doi.org/10.17586/0021-3454-2015-58-3-157-166