cyber security Data breach

I choose AMAZON as a case study- This is a cyber security class. we have to write about data breaches at amazon.

APA and with A LOT OF REFERENCE PAGE. 

ITS MY END OF THE SEMESTER PAPER- AND ITS VERY IMPORTANT.

1

Part2: Final Case: Cybersecurity Data Breach the Case of Amazon

Joseph Joshua

Stevenson University

CDF 281

Stuart Denrich

04/05/2021

Part 2: Final Case: Cybersecurity Data Breach the Case of Amazon

Introduction

In the first part of the case study of the Amazon.com data breach, the company was introduced to the audience providing the details of the company origin, the founder, and how it has grown to the current state. The company’s mission focuses on uses technology and the internet to connect people. Its business structure also exposes it to cybersecurity issues since it facilitates extensive control of global e-commerce operations (Ritala et al., 2014). Similarly, the paper focused on explaining the organizational structure of the company and it was noted that the company is organized with many different business segments but are all managed by one brand, Amazon.com. The company’s critical infrastructures which include Amazon Web Services (AWS) were explained in detail. The paper also analyzed the Amazon Web Services (AWS) data breach detailing what happened, how it happened, why it happened, and provided an overview of the financial implications of the breach (Ritala et al., 2014). In the current part two of the case study, the recommendations to combat the occurrence of data breach and how the solutions recommended will reduce business risks and financial damages.

Amazon Web Services Data Breach Case

Before embarking on providing the recommendations and providing an explanation of how the solutions recommended will help reduce the risks and financial damages, it is important to relook at the data breach at Amazon through its Amazon Web Services and what caused the breach (Ritala et al., 2014). Several incidences of a data breach in Amazon Inc. have been reported in the recent past, the latest one being the issue of the customer service team receiving emails explaining that customer’s email addresses had been disclosed by an Amazon third party employee to a third party (Soltys, 2020). Passing emails to a third party was a very concerning issue as it involved a breach of customer data and privacy of information. Leaking information of this nature mostly finds its way into databases, which are used by cyber hackers in performing phishing activities; hence leading to a cyber-breach. Ideally, other data breach incidences that have been reported in Amazon have occurred mostly due to unauthorized access to their cloud-based servers hosted at Amazon Web Services (AWS) as well as their networking devices (Soltys, 2020). In March July 2019, which culminated in a data breach that affected 8 million records collected online via marketplace and payment systems belonging to Amazon as well as other e-commerce systems.

Additionally, another key issue raised was based on misconfigurations that had not been detected and prevented by the security controls put in place at Amazon, which led to the discussion where it is believed that human error might have been one of the major causes that led to the data breach. Before this incident, some of the employees from Amazon had raised concerns regarding employee morale (Islam, 2020). In particular, employees had raised concerns about the high turnover from its cybersecurity unit (Novaes et al., 2020). The data breach issue that occurred is believed as a result of the failure to promptly installing some key software to help in spotting and defending against the hacking activity. With the misconfigurations and management issues that led to the data breach, the company adopted some key strategies geared towards ensuring that this cybersecurity issue has been resolved swiftly.

Recommendations to Mitigate Cybersecurity Data Breach at Amazon

Today, it is a holistiCyber best practices for any organization using cloud-based storage and computing services to assess its servers and technologies for any form forms of vulnerabilities that may be the target of the hackers (Wang & Johnson, 2018). This is important as the organization will be able to identify points of weaknesses in the system that may allow a successful compromise. Similarly, understanding how hackers operate and the areas in the system that they target is important to develop priorities and strategies to protect critical technologies and infrastructures by identifying the risks that matter the most. Before outlining the recommendations to Amazon to safeguard its Amazon Web Services (AWS) critical assets, it is important to highlight some of the lessons that the organization should learn from the compromise (Wang & Johnson, 2018). It is said that no attack targeted Amazon AWS since it was not vulnerable. However, AWS models are very complex and are very sophisticated by design. It is made up of many layers and different components which each requires its security strategy. Using the shared security model place a heavy burden on any organization like Amazon that uses cloud computing. Considering the complexity of the system or model, it is important to have highly experts to help the organization configure, test, design, and monitor the many layers and security controls that make up the model. Comment by Stuart Denrich: What is this? Comment by Stuart Denrich: paragraph Comment by Stuart Denrich: who said it? Comment by Stuart Denrich: Watch your tenses here ‘they’ ‘it’ etc Comment by Stuart Denrich: ????

Secondly, studies and research that have been done indicate that AWS can only be well secured by managing identities, access policies, and roles. If access controls to resources are enforced by adequately restricted roles and IAM policies then the attacker’s access is limited, regardless of how he or she initially penetrated the environment (Wang & Johnson, 2018). Therefore, it very clear that IAM is a central component involved in security control to safeguard the system from different attack vectors including attacks from inside the system. It is therefore important for organizations to implement fine-grained IAM security policies to safeguard the systems. Comment by Stuart Denrich: Spell this out

After looking at some of the lessons that may have sprouted from the data breach at Amazon.com on their AWS critical system, the following recommendations are suggested to the company to combat data breach in the future

· Firstly, the company should implement a high-level multi-factor authentication with each account and use SSL/ TLS for communication with AWS resources using TLS 1.2 or later. This is important as it will limit both inside and hacker targeted attacks

· Secondly, the company should set up an API and end-user activity for logging with AWS cloud trail and applied AWS encryption solutions together with default security controls within Services.

· Thirdly, the company should implement applied advanced managed security services, which include Amazon Macie that is important in helping Amazon to discover and secure personal data stored in Amazon S3.

· Fourthly, it has been mentioned in the current case that IAM is important in AWS security. For this reason, it is recommended that Amazon should do a manual review of its IAM policies, identities, and roles. This should be done using experts who understand the application framework and use cases.

· Fifthly, the company should do a review of the utilized IAM policies and roles periodically using automated tools for checking to unearth any form of deviations from the original baselines. Similarly, the company should implement automated acquiescence scans to distinguish any conformation changes of cloud resources.

· Finally, Amazon should encrypt S3 buckets by utilizing customer-managed keys (CMK) with a highly preventive IAM key policy. It is also important that the company does not forget to monitor cloud logs (AWS CloudTrail) centrally to identify any distrustful behavior.

(These measures should have in-text citation and sources in the Reference section)

How the Proposed Solutions Will Reduce Business Risks and Financial Damages

Studies have shown that any successful cyber-attack poses many business and financial risks to an organization. It is in many cases likely to impact the bottom-line of an organization, business standing, and consumer trust (Agrafiotis et al., 2018). The impacts of a successful cyber-attack on a business can be divided into three categories and they include legal, financial, and reputational.

Concerning the reputational impacts, a successful data breach will dent the trust consumers have in the business. , resulting in a loss of reputation. As already noted in the literature, trust is a central component of any good relationship between organizations are and consumers. In many cases, customers tend to lose trust with organizations that have experienced cyber-attacks. This in turn results in loss of consumers, reduced sales financial losses through reduced revenues to the organization. This is no different organizations like Amazon given the fact that it is present is largely online (Agrafiotis et al., 2018). Cyber breaches reduce the reputation of an organization results in the loss of customers. However, if the above-listed recommendations are implemented, it will help the company maintain strong cybersecurity and avoid any forms of attacks and enhance consumer confidence in the company. It is worth noting that Amazon is a big company with many investors, suppliers, partners, and other people who have invested in the business or have vested interest. Reputational damage will therefore erode the relationship between the company and the stakeholders. Comment by Stuart Denrich: Where? Earlier? Comment by Stuart Denrich: rephrase Comment by Stuart Denrich: redundant

Apart from the reputational impacts of cyber-attacks, data breaches have in many cases subjected companies to legal consequences. The Data protection and privacy laws require companies to protect all personal data in their systems. This includes the privacy of the staff and the consumers. In many cases, data breaches have resulted in the accidental compromise of the data in the system like was the case of Yahoo (Agrafiotis et al., 2018). If this is the case, the people, persons whose data was compromised. may take the organization to court where they may have to pay a large amount of money in form of fines and regulatory sanctions if it is proved that enough measures were not taken to protect data in the system. Therefore by implementing the above recommendations, the company will have enough proof that it had taken all the measures in the event of an attack and avoid fines and regulatory sanctions. Comment by Stuart Denrich: what laws? Comment by Stuart Denrich: intentional Comment by Stuart Denrich: details required. If you are going to cite an example, you must explain it. Comment by Stuart Denrich: Run on sentence rework this Comment by Stuart Denrich: You need to prove this statement.

There is no doubt that cyber-attacks result in huge financial losses to organizations. These are also called economic impacts they range from the theft of corporate information which the hackers may use to damage the reputation of the organization or ask for ransom and loss money in the process. The other impact that relates to financial risk is the stealing of financial information or money from the company accounts. Corruption of trade for instance by hacking systems that are used to make online transactions and stealing of business contracts (Agrafiotis et al., 2018). Based on the nature of the Amazon business structure, it does most of its transactions online. It, therefore, means that it has most of the transactions done online, most of the contracts are electronic and depend on the internet to complete its business dealing. Any form of hacking of its systems will not only interrupt its business activities but may result in loss of money and exposure of customer data something that may hurt the company economically. However, by implementing the above-proposed recommendations, the company will be able to reduce the financial and business risks because no one will be able to infiltrate its systems and breach the company data. Comment by Stuart Denrich: Financial loses are economic impacts Comment by Stuart Denrich: This makes no sense. Is this paragraph about financial issues or reputational issues? Comment by Stuart Denrich: ????? Comment by Stuart Denrich: redundant Comment by Stuart Denrich: this is redundant

Conclusion

The currentThis case study has focused on providing recommendations to Amazon which can be implemented to combat future data breaches.
Due to technological advancements, cybersecurity data breach issues are reported by most companies, which tends to affect their business operations. This paper has keenly looked at data breaches that affected Amazon Inc., which outsourced had outsourced its services from Amazon. This data breach occurred as a result of not having proper security controls and failure to adhere to cybersecurity governance. With several other cybersecurity and data breach issues that affected more than eight million customers, Amazon provided recommended data protection and data encryption mechanism for AWS to provide secure and private connectivity between EC2 instances. The case concluded by explaining how implementing the recommendations will positively impact the company in the long run. Comment by Stuart Denrich: No

Restate your conclusion using these guidelines;

A good conclusion should do a few things:

· Restate your thesis

· Synthesize or summarize your major points

· Make the context of your argument clear

(link : https://www.umgc.edu/current-students/learning-resources/writing-center/writing-resources/parts-of-an-essay/conclusions.cfm)

References

Agrafiotis, I., Nurse, J. R., Goldsmith, M., Creese, S., & Upton, D. (2018). A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity, 4(1), tyy006.

Antonescu, M., & Birău, R. (2015). Financial and non-financial implications of cybercrimes in emerging countries. Procedia Economics and Finance, 32, 618-621.

Islam, R. (2020). The Impact of Data Breaches on Stock Performance.

Novaes Neto, N., Madnick, S., de Paula, M. G., & Malara Borges, N. (2020). A Case Study of the Amazon Data Breach. Stuart E. and Moraes G. de Paula, Anchises and Malara Borges, Natasha, A Case Study of the Amazon Data Breach (January 1, 2020).

Ritala, P., Golnam, A., & Wegmann, A. (2014). Coopetition-based business models: The case of Amazon. com. Industrial marketing management, 43(2), 236-249.

Salah, K., Hammoud, M., & Zeadally, S. (2015). Teaching cybersecurity using the cloud. IEEE Transactions on Learning Technologies, 8(4), 383-392.

Soltys, M. (2020). Cybersecurity in the AWS Cloud. arXiv preprint arXiv:2003.12905.

Wang, P., & Johnson, C. (2018). Cybersecurity Incident Handling: A Case Study of the Equifax Data Breach. Issues in Information Systems, 19(3).