Methodologies to Minimize the Chances of Database Breach Recurrence - Case Study Example

?Chief Information Security Officer (Section) Due) Close to 160 data breaches has been experienced by higher education institutions since the year 2008 without over close to 2.5 million records reported compromised exclusive of the unreported statistics. A lower number of breaches: 57 was reported in 2009. These are some of the pitfalls of the increased dependency and adoption of information technology by the higher education institutions. The over reliance on information technology presents great threats to private and confidential data besides the possible damages to the physical properties such as the computer systems and applications. The repercussions of these breaches are felt by multiple parties including the administrative staff, the university itself, the IT department and the student body. It is therefore, imperative for higher education institutions to familiarize themselves with the constantly changing threats besides the high cost associated with leaving data and systems unprotected. Introduction Computer system hacks and data breaches with higher education institutions as the main target are constantly dominating the headlines. The higher education institutions are increasingly at high risk having their information and data compromised by malicious activities and hackers beside insider mistakes. The considerable number of system hacks and data breaches experienced by higher educational institutions can be attributed to such factors as resource plague issues experienced by IT department within the institutions, budgetary constraints and desperate database systems among other factors (Gahm, 2010). Higher educational institutions posses a considerable amount of data and distinct data type which make them a potential target by malicious attackers and hackers. A wealth of personally identifiable information is mostly stored by these institutions thus the high risk of data breaches and system hacks. A health record of students, employees and parents together with their names, social security numbers and credit card numbers are among the sensitive information that subject these institutions to potential threats and makes them a valuable target to the hackers. (Gahm, 2010) According to Gahm, Higher educational institutions should learn to take actions besides implementing proactive security to their database infrastructure in order to protect the critical information contained in their database systems. These database systems house a variety of information that can be exploited for financial gain. Given that the institution’s databases are the most critical repository of confidential and sensitive information at these institutions, safeguarding the database is of the essence (2010). Recent hack attacks against higher educational institutions Some of the top and best universities around the world had recently been reported to have fallen victim of computer system hack and data breaches. Team GhostShell, a hacking group claimed to have hacked into the servers of close to a hundred universities across the globe including Harvard, University of Pennsylvania, Stanford and University of Michigan. Close to 120,000 records were accessed from the breached universities’ servers and publicly posted. Critical and confidential information such as the names, phone numbers, log in details and email addresses were among the records exposed in the event of the breaches. The reports further showed that the hackers used malware injection into the servers in order to compromise their security and gain access to the records. The log-in credentials exposed were further used to improperly access some of the universities’ websites including Stanford University. Another data breach incident involving Western Connecticut State University was reported and blamed on the vulnerabilities existing on their computer systems. The breach utilized the existing vulnerabilities in the system and inappropriately accessed and exposed confidential information and records such as the financial account numbers and social security numbers which were supplied by the student during their admission. Preventing data breaches and system hacks The costs associated with data breaches and computer system hacks are exorbitant thus ensuring proactive security to sensitive information has proven to be less exponentially costly all-round. Besides the cost associate with data breaches, the repercussion are way too great to sit back and allow a second and subsequent attack and attempts thus high educational institution are researching on effective ways and measures that will ensure the security of sensitive and confidential data (Thomson, 2011). The forensic analysis done after the breaches by most of the higher educational institutions revealed the most widespread ways of accessing administrative privileges were achieved on the databases systems. Among the top methods were; system vulnerability exploitation, the use of brute force and Trojan in finding valid login and password combinations, Operating system and application vulnerability exploitations and the utilization of blank, weak and default access controls (Kipper, 2007). The analysis was used to develop measures that will ensure data breaches and hacks together with the risks are mitigated. Given that most of the breaches occurred due to vulnerabilities existing on the system, higher educational institutions embarked on ensuring water-tight systems with minimal vulnerabilities. Data base management applications were upgraded to those that are more secure against SQL injections and such like attacks. Web applications for accessing database systems that automatically clear browser cookies were installed to minimize and eliminate such attacks as phishing. Automatic system log outs were implemented in order to reduce the chances of hackers taking advantage of such vulnerabilities. Encryption of critical data and records before storage and during transfer and access was adopted in order to slow down the use of such files in case of a data breach. Data base management systems were also installed with high bit password encryption that ensures a close to impossible password cracking chance by hackers and malicious attackers (Thomson, 2011). In addition to the above mention methodologies, the following were and can be utilized to minimize the chances of data base breach reoccurrence. Discovery of all the databases within the institution’s network, performing assessment on all databases for institution wide policies compliance, elimination and replacement of systems that are no longer supported or patched by vendors, application of all the latest and up to date security patches to all the database within the institution, monitoring of all the activities on all the databases containing personal information (Kipper, 2007). Institution and enforcement of secure coding practices for custom applications such as WebPages and user entry forms used for communication by middleware will ensure minimized vulnerability. Recommend processes There are several processes, practices and methodologies alongside technologies that can be adopted by higher educational institutions in order to mitigate the risks and threats associated with data breaches and computer hacks. Database Discovery: Conducting database discovery is one of the best processes among the six practices that ensures reduced data breach threats and risks face by higher educational institutions. An automated database scanning facilitates data base discovery and allows the higher educational institutions to launch an absolute inventory of its data base assets. Data discovery helps in creating awareness of possible rogue databases that maybe vulnerable due to given the belief of their non existence thus poorly secured (Gahm, 2010). Data base discovery plays a vital role in proactive protection of data from threats and risk through the creation of data security plans based on the information regarding the location of every database especially those that house sensitive and confidential information. Database Classification: the databases should be classified according to their business value after they have been discovered. Data base classification helps institutions to better understand the information that need to be secured. The databases that house critical and confidential information such as payroll information need be heavily secured using high tech software with high bit encryption technology in order to avoid data breaches and vulnerability exploration by malicious perpetrators. Even though, the level of security should be maintained across all the databases, the data bases that house critical and personal information that puts the institution at data breach threats should be prioritized (Parker, 2008). Database Assessment: Through effective database assessment activities and scans, the vulnerabilities, miss-configurations in addition to access control violations existing within an institution’s database system and network can easily be detected. The use of software that analyze database and networks for vulnerabilities and highlight potential sources of threats can be used and installed after assessment in order to strengthen database security and mitigate the risks associated with data breaches. Prioritization of assessment results: Database assessment results into a list of issues to remediate. The assessment outcome should be prioritized in according threat levels they posses. The classification of the database in addition to the risk of the vulnerability should be determined by the issues that need to be solved (Gahm, 2010). Remediation: The remediation process begins after the list of vulnerabilities to fix has been prioritized. Despite the daunting task in implementation and testing of the fixes, the fixes with high priority should be fixed first given the sensitivity of the data housed in such databases and the potential threat presented by such vulnerability. Database and network activities should always be monitored in order to ensure vulnerabilities are not exploited during the patch period. Monitor: Monitoring database and network activities after all the fixes have been applied is a crucial step of ensuring a secured database and network against data breaches and network intrusions. It allows for an institution to monitor gaps and loop holes in protection that can be potentially exploited. User activity on the databases housing confidential information should be put under constant monitor in order to detect then varying attack types besides keeping attack evidence far from the attackers reach (Parker, 2008). Institutions can install and adopt the use of enterprise-base activity monitoring application in order to receive the real time alert in case a suspicious activity is detected and immediate termination of the activity follows automatically. Existing laws on computer cyber crimes Several laws that forbids computer hacking and data breaches exist in most of the states with the U.S. Computer Fraud and Abuse Act 18 U.S.C. 1029 Prohibits the creation and utilization of programs and devices to get unauthorized access to secure computer systems with intent to defraud. This law may be effective, but it leaves a loop hole that hackers can utilize in their defense in case they are caught trespassing. Given that the law specifies that there must be fraud intentions, hacker can argue that they gain access harmless personal research and intentions. Another law that tends to fight computer crimes is 18 U.S.C. 1030 which proscribes access to government computers to anyone lacking authorization which can be detrimental to the security of the U.S or the target institution. The law further disallows the delivery, communication or the transfer of the unlawfully attained information to unauthorized individuals. One is considered to have broken the above stated laws if he or she attains access to unauthorized database thereby obtaining financial information of an institution. Individuals convicted for these types of transgressions on computer hacking face a maximum jail term of up to 10 years in federal prison. Digital Millennium Copyright Act These are a set of protective laws on institutions that hire external companies or organizations to conduct their network and database security audits. The Digital Millennium Copyright Act protects a system’s contents while prohibiting the security auditors from the distribution of the information accessed during the security audit process. It requires the security auditor to inform the database or network owner of all the vulnerabilities and issues that could be detrimental to the owner’s computer systems, networks and database. It further prohibits the security auditor from utilizing the vulnerabilities assessed during the security audit in order to gain access to unauthorized information after the security audit is complete. Government Programs The U.S government has programs in place to ensure the fight against cyber crimes, hacking and data breaches are minimized if not entirely eliminated. The Comprehensive National Cybersecurity Initiative is a program developed by the U. S government through the FBI aimed at protecting digital infrastructure as a form of national security. The FBI in collaboration with other departments, gain visibility on the hackers, gathers information and assists the distribution of critical information to decision makers. The government has developed a Computer Emergency Response Team, a program that will ensure that breached and compromised databases are rectified as soon as possible and the dissemination of the breached data is hindered. The development and adoption of the National Online Reporting Portal that aids in information gathering on the attacks which is to be used for analysis and research for prevention of reoccurrences of data breaches. Computer forensic technology A number of computer forensic technologies that can be used to gather electronic evidence from hardware, firewalls or cell phone exits. For higher educational institution, a myriad of forensic technologies are at their disposal, however, the effectiveness of such technology and the pricing hinders their access. ProDiscover, however, is easily available at an affordable price and is highly effective given the wide area of computer forensic it covers including, system audits, incident response, digital discovery and internal investigations. The technology thoroughly examines all the data stored on a computer system while locating and preserving any evidence within the system for use in court of law. Through digital discovery, the technology provides evidentiary quality documents used for a court proceeding in case of a breach. References Gahm, J. (2010). An examination of Database breaches at Higher educational institutions. Application security Inc, 08(10), 16-20. Kipper, G. (2007). Wireless crime and forensic investigation. Boca Raton, FL: Auerbach Publications. Parker, D. B. (2008). Fighting computer crime. New York: Scribner. Thomson, L. L. (2011). Data breach and encryption handbook. Chicago: American Bar Association. Vijayan, J. (2012, October 3). Group says it hacked systems at 100 major universities – Computerworld. Computerworld - IT news, features, blogs, tech reviews, career advice. Retrieved December 11, 2012, from http://www.computerworld.com/s/article/9231994/Group_says_it_hacked_systems_at_100_ Top of Form Bottom of Form Read More