CS ASSIGNMENT 4 CASE STUDY

CS 391 Assignment 4 Case Study Evaluation Paper

Brianna Goodson
CS 391-909
University of Alabama

CS ASSIGNMENT 4 CASE STUDY

Module 4 Case Study Evaluation Paper

Many businesses have reported security breaches in the last few years all over the world.
Computer security breaches have become quite a big problem throughout the world with
technology growing every year. Cyber attacks and social engineering attacks have become ways
of stealing peoples personal information and gaining access to their private personal
information. Many large cyber-attacks have occurred in the last few years on very large
companies. Target and Home Depot were two of the larger companies that had data security
breaches.
Home Depots security breach affected up to 56 million customers in September of 2014.
According to the report, the hackers installed malware on the computers at over 2,200 stores and
got the credit card information of the customers from the computers (Krebs, 2014). There are
signs that the hackers seem to be from the same group of Russian and Ukrainian hackers that
were responsible for the data breaches at Target, Sally Beauty, P.F. Changs and many other
companies (Krebs, 2014). Targets security breach affected up to 40 million customers at first
and then rose to 70 million less than a month later in late November and early December of
2013. According to this report, investigators believe that it isnt a new breach and that the theft
used compromised point-of-sale terminals to get at customer data during the busiest shopping
day of the year (Perez, 2014).
They believe that the perpetrators are the same for both of the breaches which seem to be
an insider and a cybercriminal. An insider is somebody thats objective is to get a financial gain
or disrupt companys information systems and both happened to be the objective of the Target
and Home Depot data security breaches. The resources that are available to the perpetrators are
the knowledge of systems and passwords. While the level of risk is moderate it seems to be

CS ASSIGNMENT 4 CASE STUDY

growing rapidly throughout the years. A cybercriminals objective is purely just to get a financial
gain and their resources are well funded and definitely well trained. Their level of risk is also
moderate but their frequency of attack is unknown which is how the security breaches are with
Target and Home Depot.
Both of the data security breaches could have been prevented but even if the companies
have above average security systems it still doesnt prevent security breaches from happening
and doesnt necessarily guarantee safety for the companies. CIOs and CISOs need to start
focusing their attention on how they can detect current threats rather than relying solely on
defenses designed to prevent attacks happening in the first place (Nielson, 2014). Different
questions come from that statement where as prevention isnt enough anymore and its even
easier for hackers to take control of systems and extract information from the systems. The
hackers have found ways to get deep into systems to get everything that they need out of them
and have affected many different people just because of their own selfishness.
Many future ways for better security have become available over the last few years since
the security breaches have occurred. Such as having chips on your cards that have an embedded
security chip and even Apple Pay where you have a virtual wallet on your smartphone or any
apple device that contains your card information and protect it. Target and Home Depot both
took steps after the security breach to insure safety for the future. They informed customers
about the possible breach and even helped them get new cards and put the Chip on the cards and
the chip card readers on all of their card machines. These steps can hopefully going to be the way
to help these companies recover from the breaches and help everybody feel more secure for the
future of the businesses.

CS ASSIGNMENT 4 CASE STUDY

The conclusion from this paper is the the Target and Home Depot data security breach
could have been prevented and helps other companies with how it can be prevented in the future.
While Target was one of the first to get hacked many of the other companies could have looked
at that as a warning to help prevent themselves from getting hacked also. The preventative
measures that they can take and use to help themselves could have prevent both of these breaches
and future ones from happening. Its all in the companies to see whether they would like to
prevent this from happening to their companies.

CS ASSIGNMENT 4 CASE STUDY

5
REFERENCES

Nielson, P. (2014, November 10). How Home Depot and JP Morgan could have avoided the
worst | Information Age. Retrieved December 31, 2015, from http://www.informationage.com/technology/security/123458616/how-home-depot-and-jp-morgan-could-have-avoidedworst
Krebs, B. (2014, September 14). Banks: Credit Card Breach at Home Depot. Retrieved
December 31, 2015, from http://krebsonsecurity.com/2014/09/banks-credit-card-breachat-home-depot/
Perez, S. (2014, January 10).
Targets Data Breach Gets Worse: 70 Million Customers Had Info Stolen, Including
Names, Emails And Phones. Retrieved December 31, 2015, from
http://techcrunch.com/2014/01/10/targetsdata-breach-gets-worse-70-million-customers-had-info-stolen-including-names-emails-andphones/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed: Techcrunch
(TechCrunch)&utm_content=Netvibes
Ideas, issues, knowledge, data - visualized! (n.d.). Worlds Biggest Data Breaches. Retrieved
December 31, 2015, from http://www.informationisbeautiful.net/visualizations/worldsbiggest-data-breaches-hacks/