Discuss a security breach that occurred in an organization within the past three years and that could have been prevented with better, logical security. 

Answer the following questions:

• Who were the major players in the security breach and what was the breach? 
• What logical security components were in place and which were missing?
• How did the missing features allow the breach and how would you protect it from happening again in the future?
• How did the breach affect data confidentiality, integrity, and availability (CIA)?

 

Discuss a security breach that occurred in an organization within the past three years and that could have been prevented with better, logical security. 

For the problem stated above, I will be using the recent data breach happened to Wawa's Massive Card Breach.

Full article can be found here: https://www.zdnet.com/article/wawa-card-breach-may-rank-as-one-of-the-biggest-of-all-times/

Answers to the questions.

Who were the major players in the security breach and what was the breach?

• Based on the article presented about Wawa's data breach, the source of the attack was found from the card-stealing malware installed on in-store payment processing systems and fuel dispensers. The data breach report stated approximately 30 million payment card records were compromised and are being sold in the black market. As of this writing, the Wawa data breach is considered as the most massive card breach in history. This incident points to the poor security implementations of the company which played a big part in the prolonged infection and stealing of information. It is said that the attack takes its course for 9 long months before its discovery last December 2019. This incident indicates a big warning to all companies to re-assess their current security implementation and risk assessment strategies.

What logical security components were in place and which were missing?

• Lack of EMV Card readers for there stores
• End to end encryption mechanisms for their user data this can be done on the applications/systems used by WAWA
• Multi-factor authentication to the card transactions
• Network intrusion detection systems that will give them real-time monitoring of network activities

How did the missing features allow the breach and how would you protect it from happening again in the future?

Based on the report provided by the authorities about the Wawa case, the source of the breach started from the phishing emails sent to Wawa's employees containing a malicious file attachment. The employee downloaded the attachment and malware have penetrated Wawa's system, which integrated itself to in-store processing systems and fuel dispensers. The attack pointed the weak security implementation inside Wawa's company which explained why the breach took 9 months before discovered. Weak security implementations due to the missing security components mentioned above allowed the hackers to penetrate WAWA's network and remained undetected for almost 9 months. Implementing those recommended security protocols would protect them from future attacks.

How did the breach affect data confidentiality, integrity, and availability (CIA)?

• The breach greatly affected the data confidentiality, integrity and availability since 30 millions financial records were sold in the black market allowing cybercriminals to used this for identify theft, scam and other malicious intents which is a clear indication it has violated the data confidentiality, integrity, and availability (CIA).