VTech is a company that is based out of china and provides its customers with the electronic toys. It manufactures and produces these products. The company had to experience security breach in November’ 2015 and in this attack, a lot of customer information was hacked by the security attackers.
VTech had to face a severe breach of its information security in 2015 that led to the unauthorized acquiring of 4.8 million records associated with its customers. The records that were hacked belonged to the information of the parents and the children with their details such as login information, parent names, children names, respective email addresses, account security questions and likewise. However, the hackers failed to get their hands on the credit card and payment information of the users (Carolina, 2015).
There are numerous security attacks that have been created that lead to the risk to the information and data. In case of VTech, attackers acquired the organization records by making use of SQL injection as the attack type. SQL injection is an information security attack that is performed with the aid of malevolent SQL queries and statements. These statements are written in such a manner that they lead to the extraction of information from a particular database on which these are targeted. The attackers used this attack to extract the information of the records of the parents and the children that had their accounts on the database of VTech. There are numerous operations that can be executed on the database with the help of a query language such as SQL.
SQL injection attack that could successfully be executed violated the confidentiality and integrity of the information that was present in the database of VTech. There are various reasons that are associated with the successful execution of any of the security attacks. One of the major reasons that is normally observed is the presence of loopholes in the security infrastructure of the organization. Due to the inadequate security measures that were associated with VTech, the attackers could succeed in obtaining the unauthorized entry in to the company’s database.
With the invention of numerous security risks, there are various countermeasures that have also been developed in order to put a check on these risks. The case is the same with SQL injection attacks as well as these can also be detected, prevented and controlled with the use of adequate measures.
It is necessary to enhance the basic security of the organization before moving on to the advanced security measures. Some of the basic security measures that could have prevented the attack on VTech include the access control management along with the multi-step authentication. Increased authentication would have led to the verification of the identity of the user at various steps which could have prevented the illegal entry to the database. Dynamic SQL statements also increase the risk of SQL injection attacks and should be avoided to prevent the same. It should be made sure that the queries are often parameterized in nature and there is an increase use of stored procedures (Tajpour, Ibrahim, & Masrom, 2011). Some of the SQL injection attacks can only be applied to certain versions and releases. These specific attacks can be prevented with the use of patches and upgrades. Database administrators should therefore ascertain that timely patching is done to avoid the attacks associated with specific versions. Another significant step that should have been taken is the definition of user roles, user privileges and user access. The database of a particular company is accessible to huge number of users. It is not recommended to make a generalized access for all the users. However, user types shall be defined and the access and privileges should be provided as per the type of the user. Many of the security threats and risks will be avoided with this practice including SQL injection attacks. It is also observed that the employees of an organization pass on the information to the other parties which use the information in an incorrect manner which may cause severe adverse impacts. Defining the user roles will also reduce the frequency of the insider attacks. Another major step that may be taken is reducing the attack window and the attack surface to not leave any scope for the security attack to take place (Dehariya, Kumar, & Ahirwar, 2016). Firewalls can also be installed to avoid the entry of the malicious SQL statements in the database. Installation of firewalls is one of the basic security steps that shall be taken by every organization (Kolhe & Adhikari, 2015).
There are various tools that have been developed by the technocrats to monitor the networks and carry out reviews and audits in an automated manner. These tools record all the activities that take place over the database or a network. The records and the logs can be reviewed by the database administrators and experts to get an idea of the malevolent activities (Zhang, 2011).
Hack cases are common in the world of technology and there have been numerous such cases in history. JPMorgan case is one such case that had an impact on the bank itself along with a total of eleven other entities comprising other American banks and financial corporations. The case took place in 2014 and went on till 2015 and has been recorded as one of the most severe cases in the past.
The hack case that took place at JPMorgan happened in 2014 which had an impact on over 83 million records. These records covered 73 million households along with 8 million small-scale businesses. The case took place in 2014 and went on till 2015 and has been recorded as one of the most severe cases in the past. The information that was hacked comprised of the name of the customers, email addresses of the customers, phone numbers of the customers and many other details. The hackers could not succeed in acquiring login details associated with the users (Leyden, 2014).
The hack case that took place at JPMorgan has an impact on the bank along with eleven other U.S. banks and financial organizations. The information that was hacked comprised of the name of the customers, email addresses of the customers, phone numbers of the customers and many other details. Some of the organizations and parties that were affected included Fidelity Investments group, Citigroup, Regions Financial Corporations, HSBC Holdings and many more (Kitten, 2015).
These parties had many projects and dealings with JPMorgan and there were various information sharing activities that continued between these parties and JPMorgan. Personal details and information of millions of users was impacted in a negative manner because of the hack case that took place.
Multi-step authentication is a necessary step to make sure that the security of the system is maintained. JPMorgan also attempted to enhance their security framework by incorporating multi-step authentication in their security mechanisms. There were certain errors that were associated with the step as the network engineers failed to complete the process and left an open-ended server. It led to the enhancement of security vulnerabilities and acted as a threat agent for the attack. The attackers took advantage of the security loophole and did not go through the latest authentication system that was installed at the organization.
With the invention of numerous security risks, there are various countermeasures that have also been developed in order to put a check on these risks. The case is the same with hack case at JPMorgan as it could also have been detected, prevented and controlled with the use of adequate measures.
The primary cause behind the security attack that took place at JPMorgan was the carelessness and operational error made by the networking team of the project. It should have been made mandatory at the organization to include the auditing processes, review sessions and testing activities in order to validate and verify the errors in the project activities. The network server that was left open-ended by the networking team then would have been identified by the review team and the error in the network server would have been rectified in a timely manner.
It is extremely important to control the user access and privileges that are associated with a particular system. It is not recommended to make a generalized access for all the users. However, user types shall be defined and the access and privileges should be provided as per the type of the user. Many of the security threats and risks will be avoided with this practice including the one that took place at JPMorgan. Firewalls should have also been installed to avoid the entry of the malicious entities in the system of the organization. Installation of firewalls is one of the basic security steps that shall be taken by every organization (Bella, & Bistarelli, 2005).
There are various tools that have been developed by the technocrats to monitor the networks and carry out reviews and audits in an automated manner. These tools record all the activities that take place over the database or a network. The records and the logs can be reviewed by the database administrators and experts to get an idea of the malevolent activities. These network monitoring tools along with Intrusion detection and prevention systems should have been used at JPMorgan as they would have created alerts for the system experts and would have provided them with an idea of the deviations the attackers had attempted on the system to acquire information.
Security of the system along with the associated components such as front end and back end is extremely important. The information that is present in the system of the organization is critical in nature and its exposure to the unauthorized entities can be extremely negative for the organization. Every organization should therefore make sure that the steps are taken to avoid the security risks by enhancing their security architecture.
Bella, G., & Bistarelli, S. (2005). Information Assurance for security protocols. Computers & Security, 24(4), 322-333. https://dx.doi.org/10.1016/j.cose.2004.10.004
Carolina,. (2015). Hackers Steal Parents, Kids Data in a Massive Data Breach on Toy Manufacture. HackRead. Retrieved 03 April 2017, from https://www.hackread.com/hackers-steal-toy-store-parents-kids-data/
Dehariya, H., Kumar, P., & Ahirwar, M. (2016). A Survey on Detection and Prevention Techniques of SQL Injection Attacks. International Journal Of Computer Applications, 137(5), 9-15. https://dx.doi.org/10.5120/ijca2016908672
Kitten, T. (2015). Charges Announced in JPMorgan Chase Hack. Bankinfosecurity.com. Retrieved 03 April 2017, from https://www.bankinfosecurity.com/chase-hackers-indicted-a-8673
Kolhe, A., & Adhikari, P. (2014). Injection, Detection, Prevention of SQL Injection Attacks. International Journal Of Computer Applications, 87(7), 40-43. https://dx.doi.org/10.5120/15224-3739
Leyden, J. (2014). JPMorgan Chase mega-hack was a simple two-factor auth fail. Theregister.co.uk. Retrieved 03 April 2017, from https://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/
Tajpour, A., Ibrahim, S., & Masrom, M. (2011). SQL Injection Detection and Prevention Techniques. International Journal Of Advancements In Computing Technology, 3(7), 82-91. https://dx.doi.org/10.4156/ijact.vol3.issue7.11
Zhang, X. (2011). Discussion on the Detection and Prevention of SQL Injection. Advanced Materials Research, 287-290, 3047-3050. https://dx.doi.org/10.4028/www.scientific.net/amr.287-290.3047
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2018). Computer Security Breaches VTech. Retrieved from https://myassignmenthelp.com/free-samples/computer-security-breaches-vtech.
"Computer Security Breaches VTech." My Assignment Help, 2018, https://myassignmenthelp.com/free-samples/computer-security-breaches-vtech.
My Assignment Help (2018) Computer Security Breaches VTech [Online]. Available from: https://myassignmenthelp.com/free-samples/computer-security-breaches-vtech
[Accessed 02 April 2020].
My Assignment Help. 'Computer Security Breaches VTech' (My Assignment Help, 2018) <https://myassignmenthelp.com/free-samples/computer-security-breaches-vtech> accessed 02 April 2020.
My Assignment Help. Computer Security Breaches VTech [Internet]. My Assignment Help. 2018 [cited 02 April 2020]. Available from: https://myassignmenthelp.com/free-samples/computer-security-breaches-vtech.
MyAssignmenthelp.com strives towards providing exceptional essay help at an affordable price. Students, from various parts of Australia, prefer our servicers because we provide high-quality essay assistance at a pocket-friendly price. We receive numerous requests 'help me do my essay' or 'can someone write my essay' from students every day. We efficiently fulfill those requests and provide students needed essay writing help art an affordable price.
Answer: Introduction: ERP or the Enterprise Resource Planning generally refers to the system which acts as a silver bullet for each and every problem that are faced by various organizations. the implementation of the ERP system is generally associated with providing the organizations with offers related to the chances of re-engineering the business process along with helping in coordination of the systems that are located in different geographi...Read More
Answer: Security Risk Assessment Security Risks, Threats and Vulnerabilities The assessment of security risks would be based on the identification, assessment and implementation of the key controls of security within the various applications used by the industry. With the carrying out of the risk assessment within the organisation, it would be beneficial for performing a risk assessment . This form of risk assessment would be able to supp...Read More
Answer: Introduction: Australian Plastic Fabricators is one of the dynamic plastic fabrication company which is located in Sydney’s city fringe and is one of the Greater West supplying acrylic shop fittings to Sydney retail and shop fitting businesses. The organization is also considered to be the one stop shop for meeting all the needs related to Acrylic. Without any kind of doubt this organization can be considered to be the market le...Read More
Answer: Introduction The main aim of this project to develop the crack some passwords on different levels of a website. The implementing the project we can used for the ten levels that are includes are cryptography, directory traversal, sql injection, malicious redirects, Burp suites, Nmap, session management, information gathering, reporting.Postings are refreshed day by day and are utilized to spread and encourage further web hacking. Pract...Read More
Answer: Task A: The Concept of Business-To-Business (B2B) Model In this assignment, the Business-to-Business (B2B) model of e-commerce have been chosen. The B2B model of e-commerce business can be defined as the collaboration of more than two different business organisations based on performing several forms of business transactions. This scenario also depicts the involvement of businesses based within wholesalers, retailers or different manu...Read More
Just share your requirements and get customized solutions on time.
Our writers make sure that all orders are submitted, prior to the deadline.
Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.
Feel free to contact our assignment writing services any time via phone, email or live chat.
Our writers can provide you professional writing assistance on any subject at any level.
Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.
Get all your documents checked for plagiarism or duplicacy with us.
Get different kinds of essays typed in minutes with clicks.
Calculate your semester grades and cumulative GPa with our GPA Calculator.
Balance any chemical equation in minutes just by entering the formula.
Calculate the number of words and number of pages of all your academic documents.
Our Mission Client Satisfaction
expert working good with ratio analysis i got full marks for ratio but overall good presentation.
excellent work by tutor and quality of good work excellent work by tutor and quality of good work excellent work by tutor and quality of good work excellent work by tutor and quality of good work excellent work by tutor and quality of good work
Brilliant work, paid attention to every details, And submitted on time for review.
The report was exceptional. Thank you for helping me with this assignment, and I am very satisfied with the result. The content was exceptional and my grade was exactly what I needed, the writer was very on point and finished my report in a timely ma...