Introduction
Cyber vulnerabilities refer to weaknesses in an organization’s system processes, internal controls, or information systems. The weaknesses are targets for prowling cybercrimes and open to manipulation through the areas of vulnerability. While firms form cybersecurity forts for themselves, there are many vulnerabilities at touchpoints with suppliers, global partners, manufacturers, and other service providers to contemplate. Threats are skulking around those parties awaiting to breach security at the first coincident. The introduction of disruptive technologies such as end-to-end digitization, driverless vehicles, and robotic process automation has aided cybersecurity boundaries between firms to get blurrier. Several breach cases occur in supply-chain networks; hence, organizations in the chain are at risk. Some supply-chain threats include data leaks, denial of service, disruption of business, customer data theft, and other malware bouts such as ransomware. In 2018, Facebook Inc. was among the companies that experienced cyber breaches leading to awareness of the importance of cyber defenses.
2018 Facebook Data Breach
The Breach Overview
The year 2018 was a hard-hitting time for Facebook since it experienced many litigation and data privacy issues that cost the organization a substantial fine because of non-compliance with data breaches and information privacy regulations. On 28th September 2018, Facebook Inc announced a vulnerability that resulted in an infiltration or data breach. “View As,” a specification on the Facebook website that allows users to; view their profiles, connections, friends, and friends of friends, became the attack surface that hackers exploited and gained access to fifty million user accounts (Venturini & Rogers, 2019). The feature became exposed because of interaction among multiple bugs. The vulnerability built a security flaw that enabled attackers to steal Facebook access symbols, giving them complete control over user accounts (Venturini & Rogers, 2019). An access token or symbol is a solid digital key that enables users to stay logged in to Facebook without the need to re-login every time they use the app.
After the attackers gained control over the user accounts, they used a programmed system to transverse from one account to another, retrieving those accounts’ profile information. They accessed diverse information, including usernames, addresses, emails, and phone numbers. Facebook developers realized that there was an uncommon rise in the actions on the website and commenced an investigation. After identifying the exploited vulnerability, they alleviated it, stopped the attack, and reset token access of users’ accounts conceded (Venturini & Rogers, 2019). The organization also introduced a “Help Center” service that enabled users to check whether they were affected by the breach or not.
Things that Could Have Been Done Differently
Cybercriminals frequently target most organizations that deal with user information; hence companies should continuously follow paramount security practices at the core of their software development. They should patch all systems, fix bugs, and periodically test for mitigation and vulnerability accordingly (Venturini & Rogers, 2019). Facebook Inc fell short in those strategies as they allowed vulnerability within their software for more than a year. Therefore, cybercriminals took advantage of it and launched an attack.
Importance of Cyber Defenses in Relation to Cyber Breach
Cyber defense is the aptitude to prevent a cyber breach from infecting a computer device or system. All cyber defense tactics and strategies aimed at preventing, disrupting, and responding to cyber threats(Colajanni & Marchetti, 2021). Cyber defense within an organization is essential since it helps to avoid damaging cyber breaches. The breaches lead to not only the taxing of IT resources but also financial taxation, bringing about tarnished brand image hence resulting in legal consequences. Firms that attain a certain threshold with their cyber security can conduct business as usual while facing sophisticated attacks and persistent threats. The continued business functionality improves shareholder value and strengthens customers’ trust. When conveyed to others properly, resilient cyber defense techniques can open up new income opportunities for an organization. In addition, cyber defense tools offer enterprises advanced nimbleness when it comes to cyber threats (Colajanni & Marchetti, 2021). Therefore, the tools can give early warning alerts, helping administrators determine how to curb a cyber-attack.
Cyber defense is also essential because it encompasses everything related to data protection from cyber attackers intending to steal information and use it for their intended purpose. The data can be governmental, industry, sensitive, personal, or personally identifiable information (Corallo et al., 2020). Having advanced cyber defense mechanisms and programs to protect that form of data is crucial since the information is needed for daily society running. Individual-level cyber security attacks can result in identity extortion and theft attempts which can bring severe damage to that person’s life. Therefore, there is a need for cyber defense at the organizational and individual levels. Different sectors, such as businesses and organizations, the military, and governments, store enormous amounts of information in computers, data warehouses, and other devices (Corallo et al., 2020). A variety of that information involves sensitive information; hence exposure of that data can be very harmful; therefore, it is necessary to have cyber defense in all institutions to prevent leakage to cyber-attackers.
Applicable Government Requirements
The government of the United States has established cybersecurity laws and regulations, including cybercrime, litigation, cybersecurity laws, corporate governance, and investigatory and police powers, to prevent cyber breaches.
Cybercrime
The National Computer Fraud and Abuse Act is the crucial constitutional mechanism for indicting cybercrime and covers linked exorbitant crimes, such as ransomware. The act provides both criminal and civil punishments and specially prohibits; unauthorized access to a computer used in foreign or interstate commerce and obtaining information, unsanctioned access to a device, and attaining national security information (Srinivas et al., 2019). In addition to state statutes, several states have passed laws prohibiting hacking and other cyber breaches. For example, New York prohibits knowing a computer to gain access to its data, and penalties of up to four years of custody are imposed on individuals accused of such crimes.
Cybersecurity Laws
The Federal Trade Commission (FTC) Act requires companies to implement security measures regarding cyber vulnerabilities. FTC has brought several enforcement actions against organizations it asserts are abortive in establishing reasonable security measures (Fagan et al., 2021). Conversely, the United States Supreme Court has currently confined the FTC’s capabilities to seek monetary punishments for potential defilements of the FTC Act without first exploiting its administrative procedures (Fagan et al., 2021). Cybersecurity law mostly bans fraud linked with securities, and the Securities and Exchange Commission (SEC) has been harsh in implementing disclosure necessities for adequate public exposure regarding cybersecurity dangers and material incidents.
Conclusion
Cyber vulnerabilities can lead to the leakage of individuals’ or organizations’ information to cyber-attackers. Companies and organizations have valuable information, such as financial data and business insights. They need to ensure they keep their own and customers’ information protected according to the current governmental regulations. A security breach whereby a customer’s information is leaked, such as a Facebook breach, can lead to monetary loss, a decrease in customer trust, loyalty, and brand reputation. All corporations should be clear on using, collecting, and sharing end users’ information. They also need to have the security policies, technology, risk management, and cyber defense mechanisms crucial in protecting data.
References
Colajanni, M., & Marchetti, M. (2021). Cyber attacks and defenses: current capabilities and future trends. In Technology and International Relations. Edward Elgar Publishing.
Corallo, A., Lazoi, M., & Lezzi, M. (2020). Cybersecurity in the context of Industry 4.0: A structured classification of critical assets and business impacts. Computers in industry. Web.
Fagan, M., Marron, J., Brady Jr, K. G., Cuthill, B. B., Megas, K. N., Herold, R.,… & Hoehn, B. (2021). IoT Device Cybersecurity Guidance for the Federal Government. NIST Special Publication.
Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards, and recommendations. Future Generation Computer Systems. Web.
Venturini, T., & Rogers, R. (2019). “API-based research” or how can digital sociology and journalism studies learn from the Facebook and Cambridge Analytica data breach. Digital Journalism, 7(4). Web.