Nabob Kurdish, as Mizzen Investors Security analyst maintained that a complete and thorough assessment of potential impact on Sonny’s future business would be ore difficult to quantify (as cited in Osaka, 2011). The analyst argued that if data security concerns damage Sony brand Image, this could undermine the company’s efforts to establish a business model that links gadgets to an online network of games, movies and music. Therefore, according to the author “… It could take months for the security woes to settle, and how this may affect consumer confidence in Sonny’s online services in a long run is harder to assess… (p. 1). Monetary Impacts of breach. According to Kurdish ” … The data breach will cost compensation costs and new Investments-?assuming that no additional security robbers emerge… ” (as cited in Osaka, 2011, p. 2). Barclay Capital analyst Yuk Fusion (as cited in Osaka, 2011) differed with this estimate and considered it as being somewhat low. Yuk suggested that the overall impact of the data breach could be upwards to 220 billion yen, or about $2. 74 billion. The cyber attacks on Sony included the theft of personal data.
This personal data included names, passwords, and addresses from accounts associated with Its Palpitation Network and Sony Online Entertainment gaming services. Osaka (2011) maintained that Sony conceded that more than 10 million credit-card numbers may have been compromised. The author pointed that Sony made the assessment that personal information for approximately 77 million customers of the network had been stolen. Sony said that the hackers of their Palpitation Network, Sony Online Entertainment gaming services, and another online service may have very well obtained personal data for customers, (Osaka, 2011).
Direct impact on market shares. According to Osaka (201 1), the 2011 data breach involving Sony Corp.. ‘s online videotape services has caused the organization to lose more than 6% of the Japanese electronics maker’ shares. Sony shares, according to holidays in 2011, dropped 2. 3% to 2,262 yen. Since April 27, when Sony first announced the data breach, the stock has fallen 6. 3%, while the Nikkei 225 Stock Average has gained 3. 1% over the same period and shares of Panasonic Corp.. , another Japanese electronics giant, have risen 2. %. Other impacts. Additional costs incurred by Sony resulting from the breach consist of actions such as covering the costs of reissuing credit cards, reinforcing security systems and offering complimentary access to premium services. Sony is also projected to incur costs associated with the plan to provide its customers with free identity theft prevention services for 12 months. Sony has teamed with an IT security company named Debit Inc. To build it an early detection/alert system.
Sony maintained that the major security feature in its new breach prevention service, will be designed to alert Sony customers to unauthorized use of their personal information and a $1 million insurance policy if they become the victims of identity theft. In short, expected impacts on Sonny’s earnings will consist of several cost factors: (a) the costs of investigating; (b) compensation for any misused data, including the insurance policy; (c) the complimentary access to premium services; and (d) additional measures to boost data security.
Such other risks and costs drivers as: the possibility of lawsuits and additional cyber attacks from hackers could potentially drive up costs for Sony. Customers to leave Sony because of the incident and reports of fraudulent use of identities obtained from the hack. While there have been no reports to date of the Sony hacker(s) using the stolen identities of Sonny’s customers, the breach to Sonny’s Palpitation Network involved millions of people around the world who used Sonny’s Palpitation video game system and who may have had their credit card information toluene in the 2011 hacking incident (PBS, 2012).
This hacking incident against Sony could have potentially included over seventy-seven million user accounts that were disconnected worldwide. The hacker obtained information to include players’ names, addresses, birth dates, email addresses, passwords and log-in names. According to Kevin Paulsen, senior editor at wired. Com (as cited in PBS Newshound, 2012), its going to cost Sony a lot of money and a lot of fan loyalty. Some of the people leaving Sony are not going to care about the breach itself. They are Just going to be extremely angry that they were denied access to the Palpitation Network for so long.
Additionally, according to Denoted (2012), the 2011 hacker gained access to a database dating back to 2007. Within this database there were information which included bank account information on approximately 12,000 debit and credit card holders in Austria, Germany, the Netherlands and Spain. Sony claimed that no US bank account information was exposed. The affected customers in the aforementioned countries could leave Sony. Breach that exposed over 100 million user accounts, Sony has been hacked more than 10 times.
Sony Pictures, Sony Europe, Sony BMW Greece, Sony Thailand, Sony Music Japan, Sony Ericson Canada, and others, have all been the target of attacks (ASS, 2012). Protecting Private Information of Customers over the Internet Personal/longitudinal Responsibilities In today’s society, instruments such as desktops, laptops, cell phones, I-pods, Smart Phones, and Blackberries have become as essential to daily operations and lifestyles as microwaves and televisions did 20-50 years ago (The White House, 2009). Vulnerabilities such as cyber crimes exist that Jeopardizes both the availability and reliability of this technology.
Because of the vast interconnectivity of the Internet to things that we, as a society uses, a person is no less safe doing things online than they are conducting transactions in real life. The first line of defense to protecting personal information on line and if one is a Palpitation Network user and one uses your password anywhere else, the person should change those passwords. The person should also be alert to unauthorized charges on their credit cards. The Palpitation Network user should check their statements frequently online in near to real time for a while, in case there are fraudulent charges.
The person should specially be alert to scams that are targeting the use of information that may have been lost in the breach. Sony has teamed with an IT security company named Debit Inc. To build it an early detection/alert system. Sony maintained that the major security feature in its new breach prevention service, will be designed to alert Sony customers to unauthorized use of their personal information and a $1 million insurance policy if they become the victims of identity theft (Osaka, 2011).
Organizations’ Responsibilities in Protecting Customers’ Data Data security standards are a critical part of enabling personal information and orientations to travel over electronic media. Companies need to focus on protecting their customers’ sensitive data and identities. Compliance, therefore with reliable compliance management solutions are very important and something that organizations have to take seriously Radon, 2013).
The author pointed out that compliance with the Payment Card Industry Data Security Standard (PC ADS), an information security standard of which organizations must show compliance in handling cardholder information for debit, credit, ATM, and prepaid cards, is a template for organization in protecting their customers’ data. The PC Security Standards Council are a well-established set of standards designed to prevent credit card fraud Radon, 2013). Organizations must also ensure that customers data is in secure environments where data can be exchanged without risk.
Reasonableness to Stop the World’s Best Hackers. Hacking at right now. Governments, corporations, law enforcement, and even innocent citizens are playing defense. Several reasons persist causing this dilemma. First, the defenders are trying to defend against attacks that haven’t been invented yet, so they’re kind of playing catch-up. Secondly, hacking has a lot of built in pacification and protecting IT systems from being hacked is also seemingly complicated. Proportionate Legal Actions Against Hackers The legal fallout from breaches like Sony experienced, continue.
There are several levels of investigations that take place resulting from such a breach. At the federal level, the US Attorney has launched an investigation and the FBI has been called in to investigate the hacking incident (Computer Security Institute, 2003). Sony also had to respond to questions from a Congressional committee that held hearings on the security breach (Computer Security Institute, 2003). Computer (2003) pointed out that t the state level, the NY State Attorney General has issued subpoenas to three separate Sony entities.
These subpoenas are seeking information on what Sony told customers about the security of their networks, as part of a consumer protection inquiry (Computer Security Institute, 2003). It remains to be seen what will happen once the dust settles. However, this incident underscores the fact that Just about any company, no matter the size and sophistication, is vulnerable to a cyber intrusion. While it may be impossible to repel all determined attackers, steps can be taken to protect network infrastructure ND data on servers to help limit the effects of an intrusion.
This includes removing old data that is no longer needed, encrypting sensitive information, and keeping software patched and up to date. Current Federal Acts such as (a) Federal Wiretap Act, 18 U. S. C. 2510; (b) Stored Communications Act, 18 U. S. C. 270; (c) Computer Fraud and Abuse Act, 18 U. S. C. S 1030 and; (d) Electronic Communications Privacy Act of 1986 are federal approaches applicable to computer crimes. These Acts could be relevant to the problems associated with computer hacking. Many states, however have their own laws tailored towards various computer crimes.
One major issue, however in the states’ approaches and applying states’ law to computer hacking in that of Jurisdiction. Many computer crimes/hackings are not limited to state borders and therefore, state jurisdiction becomes an issue. The Computer Fraud and Abuse Act (SOFA) is by far the most comprehensive and targeted Federal law focused on curbing computer- related criminal conduct. The aim behind the act is to deter and punish those who intentionally access computer files and systems with authority and cause harm (Doe v.
Dartmouth-Hitchcock, 2001) The Electronic Communications Privacy Act (CPA) is a Congressional patchwork attempt to fit new crimes into the existing laws (Snoop v. Rehabilitative Actions for Hackers As cited above, it is a violation of law and therefore illegal to enter into a computer network in which you are not authorized, and to interrupt the operation of the system or alter, damage or destroy all or any part of data or a computer program. Illegally entering a computer system is a felony at the federal level and in some states a misdemeanors.
Individuals convicted of violating these federal acts and state laws and if convicted could be subjected to imprisonment and fines or both. The law is very clear on this. I believe, however that kids with the as’. N. Y to hack into a computer system are smart on some level. Where their ethics could be called into question, sending these kids to Jail could be counterproductive. The courts clearly ruled in Doe v. Dartmouth that the aim behind the act was to deter and punish those who intentionally access computer files and systems with authority and cause harm.
Notwithstanding this and other similar rulings, I believe that a more productive measure would be to sentence the kids who commit computer crimes/hackings to many, many hours of community service. One function that they could perform would be to help kids in less privileged areas learn how to use computers, and/or fix computers if they have the expertise, and/or be required to take on fund-raising efforts to bring computers to schools where they are none. Reluctance of Businesses to report data breaches. Although hacking is common, it’s rare for companies to talk about it.
Simple collaboration could warn customers about compromised data, or alert other businesses to a particular threat. Agleam (2013) maintained that “… Sharing the technical details of breaches helps other companies and organizations learn from he incident, and perhaps even thwart an attack… ” (p. 1). The author further maintained that “… Because attackers sometimes exploit vulnerabilities in widely used software that’s known only to the hackers, it’s important for victims to share the details of the intrusion… (p. 1). Most victimized companies of cyber crimes regrettably choose to hide the problem from the public due in part to negative publicity concerns (Denoted, 2012). According to surveys foredoom to 2003, only about 30% of hacking intrusions are ever reported (Computer Security Institute, 2003). This lack of reporting hacking intrusions are complicated by the fact that current Internet technology presents high hurdles for law enforcement to trace the hacking intrusions back to the hacker.
Both conditions are combined to make it very difficult for the vast majority of hackers to be caught and prosecuted. Ethical Issue. While Sony is taking criticism for the week or so that it took to notify provide accurate information after a breach. In fact, a rushed and ineffective investigation may only lead to additional breach response costs or further regulatory and legal ramifications down the road. There is no incentive for any individual company to report that they were attacked.
Despite the rash of disclosures over the past few weeks, the fact remains that most companies are more concerned about the impact of disclosure on their image and market value than on the benefit such information would provide to the security community as a whole. Legal Issue. According to Tine (2013) since 2005, the nonprofit data privacy group Privacy Rights Clearinghouse has counted more than 3,000 separate incidents resulting in the exposure of more than 600 million records containing Social Security embers, bank account numbers, or credit card numbers.
Companies and government agencies often do not report the seriousness of these breaches. The companies seem to think that they are harmless if they do not actually harm people. A 2009 Javelin Research & Strategy study showed that a person is four times more likely to be the victim of identity theft in the year after receiving a data breach notification letter (as cited in Tine, 2013). State Requirements. Many of these breaches become public only because most states require disclosure of breaches to affected persons. Tine (2013) maintained that before the state laws were created, the companies often concealed the very fact of a breach.
Many states now require that affected persons be notified of breaches and where the requirements are far from perfect, they provide a way for affected individuals to learn that their privacy was compromised so they can be alert to signs of identity theft. Additionally, disclosure laws hold businesses that accountable for securing our personal data. Making public breaches afford society a better picture of the overall computer and network security problem. Federal Government Requirements. Congress is currently discussing how to address America’s information security needs.
This discussion includes legislative proposals that will have major ramifications for online privacy. The need for robust data breach notification rules are being proposed as a commonsense first step to improve digital privacy and security (Tine, 2013). Tine argued that regulation is appropriate because security breaches are not Just apparent and impact the companies targeted, but rather they pose a collective action problem. Currently, however, there is no incentive for any individual company to report that they were attacked.
Despite the rash of disclosures over the past few weeks, the fact remains that most companies are more concerned about the impact of disclosure on their image and market value than on the benefit such information would provide to the security community as a whole. The intervention of the Federal to force companies to disclose breaches reintroduces the publics collective interest. Standardized processes and programs will develop to assist companies who suffer a security breach, similar to those that have developed in the wake of the passage of Californians breach notification law (Tine, 2013).
Smaller companies without large in- closing breaches if they are not terrified by the potential downside. In summary, closely governed data bases containing security breached organizations and methods used to compromise these organizations’ security need to be established and providing ready access to affordable and accessible security resources that quickly incorporate and disseminate knowledge of evolving threats and the tools that could stop them. This information can only be gathered through organizations’ information sharing about cyber breach incidents.
Finally, we need to increase our investment in research and development, focusing on more secure amputees and networks, especially in critical emerging fields like usable security. Personal Identity theft story Credit card & frequent credit card checks. About a 3 years ago, I received a collection letter about a past due credit card account that had been assigned to a collection agency. I was confused. I always pay my bills on time. I have only one credit card a Master Card card that I pay in full every month. I also have a Visa Debit Card. This card does not incur a monthly bill.
The letter referred too Visa card with a $10,000 balance. I immediately called both the collection agency and the original redirector. After hours of due diligence, I realized that an identity thief had forged a credit card application sent to me at my old P. O. Box. I called my bank and explained this situation to them. They confirmed that they did not send the correspondence. I then called the collection company as well as the Visa card representatives. One main issue was that the creditors had no way of knowing whether I was telling the truth.
About a year later, I was still answering calls from creditors trying to collect the debt. Though my husband and I wanted to buy a house, the collection account wreaked havoc on our credit score. We wondered whether we should keep fighting to have the collection account removed from our credit report; at one point we almost conceded that we should pay the entire $5,000 bill and be done with it. Either way, we knew we had to delay the purchase of a home for our family because our credit score was too low to receive the best interest rates.