The evolving technologies provided all sectors with opportunities with innovations such as cloud computing, mobile, and computer devices, social media, and big data analytic enhancing the exploitation of opportunities. The embracement of such technologies enabled businesses and government corporations to enhance their size, market, reduce expenses by maximizing efficiency and maximize profits. However, these opportunities come at a cost of cyber criminals who aim to exploit the weaknesses in infrastructures and frameworks to engage in criminal activities. The cybercriminals tend to diversify their creativity in exploiting every loophole available to perpetrate cyber fraud, sabotage, identity theft, hacking, and espionage, among other cybercrimes (ACS, 2018). Cybersecurity is complex and changes with each innovation. Therefore, this paper focuses on determining the privacy and cybersecurity in the health, financial, and retail sectors in the first part analysis. The second section focuses on data breaches whereas the third part entails safe computing. The three parts of the paper demonstrate the problems and strategies used to solve the cyber threats.
What are Privacy and Cybersecurity?
According to Australian Computer Society (ACS) (2016), the growth and embracement of the internet with over 46% of the world population connected to the internet makes it a target for the cybercriminals. The criminals target breaching the security and privacy of the users in all sectors, hence, the need to invest in a multi-disciplinary affair that collaborates, people, hardware and software policies in preventing and mitigating cybercrimes and cost respectively. ACS term this process as one of the many definitions of cybersecurity because it protects the privacy of data against breaches by cybercriminals (ACS), 2016). According to European Union Agency for Network and Information Security (ENISA) (2017), cybersecurity entails all activities vital in protecting the cyberspace, the users, and victims of cyber threats. ENISA (2017) argues that all activities have similar benefits thus failure to reinforce one activity diminishes the cybersecurity of the system because it provides loopholes exploited by cybercriminals.
Delegate your assignment to our experts and they will do the rest.
Part One: Privacy and Cybersecurity
Privacy and Cybersecurity in HealthCare
The efficiency in data storage and productivity in other sectors led to the healthcare systems in the world embracing digital technology to facilitate clinical outcomes, change and transform the healthcare provisions. Systems such as EMH and EHR in most healthcare systems contain the health records of the population. According to Martin, Martin, Hankin, Darzi & Kinross (2017), the healthcare systems are soft targets and contain valuable data due to the low-security measures and sensitivity of the information respectively. These factors have led to healthcare becoming a major target for cybercriminals with over 81% of 223 organizations surveyed by the authors and the compromise of about 110 million patients' data in the U.S. in 2015 alone demonstrating the cyber threats in the healthcare sector (Martin, Martin, Hankin, Darzi & Kinross, 2017).
The essence that healthcare data contain valuable information means that hackers can easily sell the data in the dark web for $50, which is about ten times more than credit cards prices increased cyberattacks by 300% in the healthcare sector in the past three years (Martin, Martin, Hankin, Darzi & Kinross, 2017). The study argued that the healthcare systems cybersecurity investments aim to improve confidentiality, integrity and protect valuable healthcare data fail due to the fragmented governance, limited resources, infrastructure, and cultural behaviors. The healthcare sector investment in information technology infrastructure ranges between 1 and 2% whereas other sectors invest between 4 and 10% (Martin, Martin, Hankin, Darzi & Kinross, 2017). The use of run-on legacy systems that other companies stopped using over five years ago makes it easier for hackers to steal data from these systems.
The WannaCry ransomware attack affected over 200,000 systems in 150 countries (Martin, Martin, Hankin, Darzi & Kinross, 2017). This ransomware attack in May 2017 led to the shutdown in over 50 hospitals in the U.K., thus affecting the healthcare delivery, eroding trust and compromising the safety of the patients. The WannaCry attack used the ransomware, a type of malware that encrypts or block access of data and demanding ransom with threats of exposing the data in social media or other avenues if the individuals or companies do not meet the demands (Martin, Martin, Hankin, Darzi & Kinross, 2017). Other major breaches in the past five years include the Anthem breach where criminals stole over 80 million records from the health insurance company in the U.S., the Presbyterian Medical Center that had to shut down its network before paying 40 Bitcoins, and the World Anti-Doping Agency (Martin, Martin, Hankin, Darzi & Kinross, 2017). The recent task force established by the U.S. Congress will help assess and develop strategies and streamlining needed in the healthcare system to enhance privacy and cybersecurity. However, the task force will not end the cyber-attacks. Therefore, taking initiative and owning the program to ensure though security and maintenance technologies change the healthcare systems from being soft targets to potential hackers.
Privacy and Cybersecurity in Finance
Money is the many causes of most hacks thus making the financial sector among the top three leading targets of cyberattacks. According to Schaffer et al. (2018), statistics and surveys in the past few years depict that distributed denial of services (DDoS), payment card skimming, and web application attacks dominate most security breaches and incidents. The surveys and statistics also demonstrated that financial gain was the cause of most hackings thus leading to an increase of 44.7% targeting the financial sector from 2016 to 2017. Following these increase, the breaches in the financial sector faced 8.5% of all breaches in 2017. The use of DDoS attacks aimed at financial institution comprised of over 60%. Cybercriminals used multiple compromised computers system to target servers, websites, and networks (Schaffer et al., 2018). DDoS also involves flooding malformed packets, requests or messages to slow down the system and has the potential to shut down the systems and causing the denial of services to legitimate users. Failure to detect such attacks results in hackers controlling and retrieving vital data and using it to either engage in frauds, identity theft or blackmail the financial companies. Social engineering is also becoming a major source of security breaches (Schaffer et al., 2018). The cybercriminals target a person in the inside such as an employee by sending a designed data that seems to be from the company top positions to allow the data access. If the employee complies with the requests, the hackers gain access to the system.
The Tesco Bank attack in 2016 exposed the credentials of approximately 9,000 customers that allowed the hackers steal from the customers' online banking accounts. The attack on JPMorgan Chase discovered by the security team in July 2014 and disclosed in September 2014 compromised data of over 83 million accounts ("2018 Data Breach Investigations Report", 2018). Online banking provides loopholes for hackers to intrude and breach the systems. The essence that not all customers are conversant with the phishing attacks means that hackers target individual customers through emails that require them to change their passwords because there was an intrusion. Once the customer clicks the links provided, the hackers gain access to the individual's account and can then send malware to the entire system. Therefore, the financial sector needs to include customers in securing their systems.
Privacy and Cybersecurity in Retail
The embracement of e-commerce means that businesses that do not provide online sales and services are at risk of collapse. The brick and mortar style of retail is declining with the preference of online shopping thus leading to the increased use of apps and websites to advertise and sell products. Large-scale retailers such as Amazon provide the essence of adopting e-commerce among retailers due to the expansion of the market for their products. However, small-scale retailers lack the financial power and expertise to facilitate the smooth transition from brick and mortar to e-commerce. The loopholes of large companies and the naivety of retailers to focus on market expansion rather than security combined with the limited IT financial power and expertise makes retailers soft targets for hackers (Symantec White Paper, n.d.). The hackers use these failures to access customer data.
Retailers such as Neiman Marcus, Michaels Arts, and Crafts, and P.F. Chang's China Bistro breaches of 350,000 payment cards, 2.6 million payment cards and customer data exposure in 33 restaurants respectively (Symantec White Paper, n.d.). The use of malware and PoS systems intrusions were evident with the exact costs undocumented. However, retailers, unlike big brands, do not enjoy brand royalty with 77% of customers arguing that privacy and cybersecurity is the third most important factor when purchasing online. The essence that customers value privacy and data security over brand reputation and discounts means that retailers must address the multiple issues that make them soft targets.
Part 2: Data Breaches
Data breaches are incidents or attacks that confirm the disclosure of data to an unauthorized party. It differs from an incident in that an incident does not confirm disclosure although it confirms exposure of confidential and integrity compromise. As earlier stated, every innovation increases the threat of cyberattacks. Hackers are technical experts but use their skills and knowledge in IT to explore loopholes of any system via the cyberspace (Raich, Ganguly & Jaiswal, 2015). The use of malware through social engineering that entails sending emails to unsuspecting users to gain access to the system is one of the various ways that data breaches occur. Attaching virus to programs in most pirated sites exposes the computer or device to the virus once the individual executes the program. The program execution results in activating the virus to replicate itself in the system leading to data loss or clashes of the systems. Worms, on the other hand, replicate from the pirated programs, replicate automatically to take control of the software programs, and can pass through networks. Trojan horse creates backdoors for data breaches whereas botnet, zombie, the man in the middle and IP spoofing are international message floods, viruses in free video downloaded, misleading access-points and impersonating trusted resources respectively (Raich, Ganguly & Jaiswal, 2015). Most of these malware exposures is entire the system by exploiting the cyberspace users preference of free programs or videos or ignorance in the important policies such as banking policies.
A data breach is difficult to fix due to the hackers intentions for instance; ransomware attacks encrypt data and deny access of the legitimate users. The hackers threaten the victims of either deleting or exposing sensitive information to the public, which can be catastrophic for the image, or competitive advantage of a company. Ransomware attacks result in payment of the ransom demanded by the hackers whereas anti-viruses can fix the loopholes in other attacks. Combining antiviruses and safe computing can help diminish the costs and risks. The wide cyberspace, legal complications in different countries and support by powerful agencies such as government agencies makes it difficult to recover the data stolen by hackers (Thole, Solms & Moll, 2015). Cybercrimes investigations have also yielded minimal results due to the above inhibitors thus minimizing the retrieval of lost data. Hence, the need for safe computing or cybersecurity measures to prevent the risks of exposure, which is cheaper and more convenient than trying to fix an exposed system.
Cyberattacks leading to data breaches affect all cyberspace users either as individuals, businesses or as the government. For example, the Tesla attack on the company affected the individual online banking accounts because the hackers stole from the 9,000 individual accounts ("2018 Data Breach Investigations Report", 2018). The WannaCry attack, on the other hand, affected the private and public hospitals thus affecting the healthcare system, patients and their families, financial and insurance companies. The World Anti-Doping Agency cyberattack targeted the famous athletes thus having individual impacts on the athletes.
The end-result of data breaches includes the loss of reputation and mistrust among the consumers of e-commerce and embracement of technology in the health sector. Following a breach, the company should employ professional IT experts and seek guidance from different governmental agencies to determine the source of the breach before writing a report that entails the details concerning the intrusion, data breach, and costs of the breaches (Thole, Solms & Moll, 2015). The fixing and installing cybersecurity as needed to enhance privacy and prevent future similar and different attacks is then addressed. It is vital for the system analytics to analyze the entire system rather than focus on a single breach because a breach caused by Trojan horse or other similar viruses creates backdoors that if not fixed exposes the system for future exposures.
Part 3: Safe Computing
The tendency to fall for phishing emails, download pirated emails, and curiosity of opening links that are too good to be true are the cause of most exposures at the individual level. In the healthcare sector, the use of traditional and out of market software programs such as Windows XP increases their venerability whereas failure to address and invest in cybersecurity infrastructure mainly affect healthcare systems and retailers. Therefore, safe computing practices include investing in IT knowledge, cautioning against phishing emails, updating software, installing anti-virus, purchasing original software, smart browsing and strong passwords (Raich, Ganguly & Jaiswal, 2015). Safe computing entails the execution of the above practices because they prevent or block malware from replicating or infecting the system.
Anti-virus, Spyware, and firewalls are software programs that protect machines such as computers, smartphone, hard drives, and servers from malware intrusions. Antivirus software purchased or downloaded in trusted sites and installed in the devices detects and respond by either warning or blocking malicious software (SinghArneja & Sachdev, 2015). Some of the most popular antivirus vendors are McAfee, Symantec, Avast, and AVG. Updating the antivirus software enables it to remain vigilant and detect new threats. Spyware is malicious programs that monitor the users' activities without being detected and relies on the information gathered to unauthorized parties. Installing anti-spyware enables the user to detect and respond to spyware (SinghArneja & Sachdev, 2015). Lastly, the firewall protects systems against network attacks such as public wireless networks that expose the device.
As earlier stated, phishing emails are common strategies used by hackers to gain access to the system. The emails may include threats such as potential attacks of an individual's banking account that requires the user to click the link to change the password. Once the individual complies the hacker gains control. In other cases, the phishing email may contain attached programs that ask the user to open but once opened the hacker gains access of the device (Raich, Ganguly & Jaiswal, 2015). Phishing emails tend to exploit the user's naivety and trust to gain to execute the request and in clicking or opening the attachment, the hacker is able to access personal information.
Most people tend to ignore the requirements of strong passwords, while others use the same password for all their accounts. It is essential to note that using one's birthday or passwords that are easy for someone to guess increases the chances of cyberattacks. It is important to formulate complex passwords that include capital letters, small letters, numbers, and symbols to diminish the chances of cyberattacks.
Lastly, smart web browsing entails the use of current and update web browsers and refraining from login into one's account while using public networks. Updating the web browser and add-ins is important in reducing malware (SinghArneja & Sachdev, 2015). The paper depicted that most malware gain access of the device due to unsafe web use, therefore, smart web browsing must entail repressing the urge to click or download software or videos or music in pages that contain ads and pop-ups that require answering ‘Yes' or ‘No' or ‘Cancel'. Clicking any of these three commands exposes the user to malware, therefore, it is wise to close such pop-ups from the cancel symbol ‘X' above the pop-up. Pop up blockers and maintaining browsing to pages one trusts is fundamental in safe computing.
Conclusion
Privacy and cybersecurity are important in preventing cybercrimes. However, the rapid innovation and embracement of the internet and the evolving technology expose individuals and all sectors to potential data breaches. The paper demonstrated that lapse, long chains, poor maintenance, and naivety provide loopholes for hackers to acquire and control systems. The costs of a data breach are too high to ignore, hence the need for safe computing.
References
2018 Data Breach Investigations Report. (2018). Retrieved December 18, 2018, from http://www.documentwereld.nl/files/2018/Verizon-DBIR_2018-Main_report.pdf
Australian Computer Society (ACS). (2016). Cybersecurity Threats Challenges Opportunities. Retrieved December 18, 2018, from https://www.acs.org.au/content/dam/acs/acs-publications/ACS_Cybersecurity_Guide.pdf
ENISA. (2018). ENISA Threat Landscape Report 2017. Retrieved December 18, 2018, from https://www.scribd.com/document/395568912/CyberAttacksPreventionandProactiveResponses-pdf
Martin, G., Martin, P., Hankin, C., Darzi, A., & Kinross, J. (2017). Cybersecurity and healthcare: how safe are we?. BMJ , j3179.
Raich, D., Ganguly, B., & Jaiswal, A. (2015). Cyber Security: A Step towards Safe Computing. International Journal Of Advanced Engineering And Global Technology , 3 (6), 736-741. Retrieved December 18, 2018, from http://www.ijaegt.com
Schaffer, P., Velasquez, E., Fiorentino, N., Dwyer, K., Hamilton, A., & Barney, K. et al. (2018). The Impact of Cybersecurity Incidents On Financial Institutions. Retrieved December 18, 2018, from https://static1.squarespace.com/static/555f9696e4b0767a7f0769b3/t/5ab1ae2d8a922dca86e30ee8/1521593911874/The+Impact+of+Cybersecurity+Incidents+on+Financial+Institutions+WHITE+PAPER.pdf
SinghArneja, P., & Sachdev, S. (2015). Detailed Analysis of Antivirus based Firewall and Concept of Private Cloud Antivirus based Firewall. International Journal Of Computer Applications , 111 (4), 16-23.
Symantec White Paper. (n.d.). Cyber Security for Retail Services: Strategies that Empower your Business, Drive Innovation and Build Customer Trust. Retrieved December 18, 2018, from https://www.symantec.com/content/dam/symantec/docs/white-papers/cybersecurity-retail-en.pdf
Thole, E., Solms, C., & Moll, C. (2015). Cyber Security: How to DealWith (Cross Border) Data Breaches?. Computer Law Review International , 16 (5).
