The Key Failure Points in the Tjx System - Case Study Example

The Key Failure Points in Tjx System According to Ivey (2) there was a huge data theft in the storage of retails discount that is also termed as ‘hacking’. This occurred toward the profit-motivated cyber crime and hackers were able to rob TJX most valuable information that had been stored. Having Tjx operating a massive number of retails were highly affected and this intrusion of information made Tjx report lose of customers’ personal data i.e. credit cards, debit cards and the driver’s license data among many others. This incident occurred when outsiders got access to the computer network that stored customers’ credit card and debit card hence were able to check on information. With information the intruder got the chance to manipulate the data according to what the person wished to. This made the work force not easy as the workers could not trace the exact origin of the problem. While else some of the customer’s information had been changed completely from the original one. In this case the cyber thief accessed data during the process of card approval before it was encrypted and had done this using the use of a software that had been planted to Tjx system all day and then did a “Postevent cleanup” to eliminate the trace of the software used. In effect, Tjx was infected by a worm that was placed on its mission-critical system. Without the knowledge of it, the worm is a threat to technology and can stay in the system for even 18 months. Some of the major effects of worm are that, it can install a set of administrative network tools hence taking control of the networks and making each infected system a member of a botnet. Thus there cannot be any central controller except itself by deleting files from the computer and allowing an attacker to remotely control the system. The FBI (Federal Bureau of Investigation) issued a warning to small businesses like those of Tjx, of a new variation attack known as automated clearing house fraud. In this kind of fraud is where the attacker installs a malware on a computer which can be in use in the business and remotely logs in to the business’s bank account illegally. In conclusion some other threats that could have attacked Tjx may have included the following e.g. Espionage i.e. a spy stealing a schedule for production, by extortion i.e. can be black mailing a mail clerk, the hardware failure that can be as a result of the firewalls blocking all the traffic causing errors, human errors, sabotage by the use of a worm to delete files, software attacks, software errors or failure, technical obsolescence, theft and utility interruption among many other factors. Discuss how TJX’s information systems and technology security could be improved or strengthened, distinguishing between short-term versus long-term priorities Some of the short-term security measures that could be improved or strengthened included working with all major credit and debit cards to help investigate some of the potential frauds, directly contacting customers whose information had been exposed in the time of the intrusion process, working with the law including the U.S. secret service, U.S. department of justice and the Royal Canadian mounted police, by offering additional customer support to peoples whose data had been compromised, by Tjx spending $5million in three months time that included the intrusion cost incurred to investigate and put together the intrusion network, harden computer security and system, communicate with customers and technical fees including both technical and legal. The long term can be discussed in details as following -: By increasing the sophistication and effectiveness in botnets: This can be clearly defined by use of the term “storm worm” which has been termed as serious threats to the system. In its subsequent variant has shown in the rise of it spreading within a week and has accounted one out of the twelve infections on the system. While else if a system had been sophisticated will be a long term measure of strengthening the Tjx information systems and security by reducing the chances of having worms that are a threat to the operation system (Ivey, 6). Increasingly sophisticating web site that attacks the vulnerability of the browser especially on trusted websites is a long term measure that Tjx can use to strengthen their information system and security. The website attackers on web browsers target components like quick time and flash disks since they are not patched when the browser is patched hence can disguise destructive payloads. Attackers put a hidden attack tool in form of a popular exploit code on the visitor’s websites that are also termed as trusted websites and without notice appear to be secure giving the attacker a very high achievement (Ivey, 6). Cyber espionage efforts to extract large amount of data and phishing is another issue that Tjx should put into consideration (Ivey, 8). In this method Txj can use it as a long term method to realize that it has come to the attention that there has been disclosure of federal agencies and defense officials to terabyte of data. This is being done so as to economically increase, as a nation steals data. By the use of social engineering method, the attacker uses phishing attachments on which the victims becomes attracted to. Mobile phone threats especially against iphones and VoIP is a long term issue that Tjx should be aware of in strengthening Information system and security. The malware attacks the phones because they are just like computers and act like platform for unseen security risks. This is because the developer of a phone toolkit gives access to hackers. Fortunately the vulnerabilities of the VoIP phones have been published on the internet (Ivey, 4). An Inside attacker is another long term fact that Tjx should put into consideration. By the action of limiting access depending on what kind of task a user is required to. Advanced theft of identity from persistent bots creates long term awareness that the persistent bots can stay three to five months collecting passwords, surfing history, bank account information, frequently used email addresses etc which will be until the criminals have got enough of to accomplish their task (Ivey 2). Tjx should be aware of web site security exploits. An example is web 2.0 where the data supplied by the users have also been supplied by either hackers or others with malicious intention. As stated by Ivey (3), the programs have programming errors and are vulnerable increasing the risk of web attacks. There have also been the increases of malicious spyware whereby criminals are able to detect an investigation and responds with a DoS attack against the person investigating hence complicates the process of investigation. DoS (Denial of service) may be of the following types e.g. ping flood attack that attacker uses the internet control message protocol, SYN flood attack that takes advantage of the initiation session, a DDoS (distributed denial of service) attack where there is the use of many computers in a botnet to fraud a devices with unnecessary requests. The attacker’s uses tools that resist the antivirus, antispyware and antiroot kits eventually having the control of the victim by making the machine much hard to shut down. Supply chain attack infecting devices e.g. Gps and Thumb drives that are being distributed by trusted organization is another long term awareness Tjx should be alert on. Some events happen when devices like UBS connections and CD packaged on them contains malware that eventually attack the victims’ computer and connects them to the botnets. Also the conference attendee is being attacked who are issued with USB thumb and CD that not only contain the conference paper but also has malicious software’s (Ivey, 6). On putting into consideration the above short term versus long term priorities will help TJX come up with a strong information system and will be able to enhance technology security of their software and hardware (Ivey, 6). In addition enhancing technology security may require some of these standards to be set e.g. building and maintaining a secure network by installing and maintaining a firewall configuration, come up with vulnerability management software, keep safe card holder data, regularly monitor and maintain networks, implement strong access control rules and maintain a security policy on customers’ information. It is also important on the security issues some important tasks could be done e.g. layering the security systems to which it is impossible for an attacker to attack all the possible layers, limiting access of information depending on the level of persons, diversifying the layers of security to be different, there should be concealing of information about the running of the security system i.e. cannot be predicted, the security system should be easier on the inside but complex on the outside and the security system should be simple for the insiders to use (Ivey 8). One could contend that TJX was a victim of ingenious cyber crooks. Alternatively, TJX might have created significant risks through its own cost cutting initiatives. Discuss the potential underlying causes of the TJX situation in light of these two rival propositions. The fact that the credit cards were not being processed when their numbers were encrypted the cyber crooks who were smart enough got the chance to get the data during that window period when the data was termed to be “ in the clear” i.e. when decrypted that took place in a period of less than a second. It is noted by the TJX that the intruders had the decryption key to encrypt the data in TJX (Ivey, 5). Wireless attack could also be another possible way of attacking TJX whereby wireless had been recorded to be used to attack retail chains where they put their focus on little hand held price checks and interactions with the data controller eventually were able to capture the IP addresses. It is also recorded that the wireless attackers performed their break-ins during the peak seasons where they were able to capture lot of data and used the data to encrypt the code in use (Ivey, 5). By the use of USB drives used to plug printers in TJX contained a utility program that gave the intruder access to the computer kiosks and hence turned them into remote terminals connecting into TJX’s terminals at ease. This was caused by the fact that the TJX network firewall were not ready to defend against traffic from the kiosks. In the compliant record TJX had not met nine among the dozen requirements covering the process of encryption, firewalls and access controls. With the auditing practices TJX had three problems i.e. the absence of network monitoring, the presence of unencrypted data on the system and the absence of logs. TJX also lacked the logo data needed so as to give information of files on the system that could give evidence of files changed, accessed, added and time and the content formatted. The company also kept too much personal customer information for too long and relied on very weak encryption technology that could put TJX at risk of attacks from the cyber crooks. Unfortunately gave the cyber crooks the chance to interfere with the working system of TJX (Ivey 6). References Ivey, Richard, Ivey management services c/o Richard Ivey School of business, The University of Western Ontario, Canada, N6A 3K7 2008. Read More