Cybercrime Impact and Prevention Strategies

School: Colorado State University, Global Campus - Course: ACT 465 - Subject: Accounting

Module 5 Option 2 Student Colorado State University Global ACT465:Forensic Accounting and Business Valuation Professor February 19, 20231

2 Deloitte Consumer Review A vast majority of the public community and law enforcement professionals are familiar with cybercrime. The escalating number of cyber-attacks shows no signs of subsiding, and it does not appear that cyber crime can be completely eliminated. According to Check Point Research (2020), the supply chain, cloud environments, and Internet-of-Things devices will continue to present issues for the cyber landscape. Particularly in the wake of the COVID-19 outbreak, ransomware and phishing attempts are still widespread. Additionally, it is significantly more difficult to stop and limit cyberattacks because of their global nature. The effects are broad and without limits, and frequently have devastating impacts on victims. Many people have been impacted by cybercrime, which has become a growing problem in the US and around the world. This includes cybercriminals seizing control of networks, breaching security barriers, and obtaining user login information to gain access to various business and government networks. The assigned article outlined the top cybercrimes from 2019 and the author's opinions on how businesses can better protect themselves. The specific incident that will be examined is the data breach that occurred at Capital One. Capital One The most common reason for cloud assaults is improper configuration and administration of cloud resources (CPR, 2020). However, there has also been an increase in attacks that are specifically directed against cloud service providers. According to the CPR (2020), sixty-seven percent of security teams voiced concerns about the lack of insight they had into their cloud infrastructure, compliance, and security. As the public cloud market expanded in 2019, so did the number and size of cloud assaults and breaches. One example of this is the Capital One breach.

Why is this page out of focus?

Because this is a Premium document. Subscribe to unlock this document and more.

3 Paige Thompson, a former employee for Amazon Web Services (AWS) cloud environment, orchestrated a massive data breach exposing personal and financial data spanning across millions of Capital One customers' personal and small business accounts (Newman, 2019). Thompson was found to have committed wire fraud and computer fraud and abuse against Capital One and thirty other entities (Avery, 2022). Thompson developed a program that checked cloud users for a certain web application firewall error, which allowed account information for victim databases and other web applications to be extracted (Newman, 2019). These actions went undiscovered for four months, during which time Thompson accessed and exfiltrated data, and among other occurrences, set up cryptocurrency mining operations using victims' cloud computing power, a practice known as "crypto-jacking" (Newman, 2019). According to plaintiffs in a class action lawsuit, if sufficient cybersecurity safeguards had been in place, the hacker would not have been able to access Capital One's cloud computing infrastructure. According to the lawsuit, the bank "knew of the precise security flaws that facilitated the data breach" but did nothing to address them (Avery, 2022). Under the terms of the settlement, Capital One was to pay $190 million to compensate members of the settlement class for several issues, among which are lost time spent addressing issues related to the breach, out-of-pocket losses associated with the breach, and identity theft prevention and resolution services for at least three years.Also, for a minimum of two years, Capital One was to make major adjustments to its business procedures to enhance its cybersecurity, which is in addition to the $80 million fine Capital One was to pay in 2020 to resolve regulatory claims. The regulators stated Capital One used risky or improper procedures while migrating its client data to the AWS cloud (Avery, 2022).