Question

Case Study
(Hundreds of millions of Instagram, TikTok, YouTuube accounts compromised by data breach) Published on August 18, 2020.
Security researchers have discovered an exposed database online which contains scraped data from the social media profiles of nearly 235m Instagram, TikTok and YouTuube users.
For those unfamiliar with the practice, web scraping is an automated technique used to gather data from websites that is often employed by analytics firms who use it to create large databases of user information. Although the practice is legal, it is strictly prohibited by social media companies as it puts the privacy of their users and their data at risk.
Comparitech's lead researcher Bob Diachenko discovered three identical copies of the exposed database online at the beginning of August. After examining the database, Diachenko and his team learned that it belonged to a company called Deep Social which has shut down its operations.
When the team reached out to the now-defunct company, its request was forwarded to a Hong Kong-based firm called Social Data. While Social Data denied having any connection to Deep Social, the firm did acknowledge the breach and was able to secure the exposed database with a password.

Answer the following question based on case study

Q6. Illustrate the cybersecurity concerns that may affect the businesses in the $1.5 million Click for Vic campaign that was launched on 23 August 2020. Write a thorough description of the descriptive and predictive data analysis importance in cybersecurity field. Cite your sources.
[6 marks + 8 marks + 1 mark for Referencing Style = 15 marks]
Read the Case Studies given carefully to answer the questions corresponding to the case studies.
Q7. While scraping user data from social media sites is not illegal, failing to secure this data after it has been collected poses a serious risk to the affected users as cybercriminals could use the information from the database to target them online. What are your recommendations to the online risk policy makers as you think it is a breach of PII (Personal Identifiable Information). Justify your answer. Explain the need for cybersecurity experts in such a case scenario.

Answer 1

Answer 6: The cybersecurity concerns that may affect the businesses in the $1.5 million Click for Vic campaign that was launched on 23 August 2020 are:

• IT and data policies: It is the part of the cyber security. Where diffrent types IT and Data policies are provide for protecting the threats.

• Social media malware: Companies may prohibit access to personal social media accounts form company server for protecting the indiviusal data of each from threats.An increasing number of companies now have corporate accounts and developing this online presence is becoming more important for a wider spectrum of businesses.

• Hackers: A hacker may be define as someone who attack the server to steal important data.Installing patches and software upgrades as soon as they are available must be a priority for every employee.

• Access to systems: Cyber risks are growing in sophistication, but some are the tools available to mitigate and manage these threats. Only allow those person who has the right to access the data.

• Usernames and Passwords: Username and password generation will prevent employees using the same login details on multiple devices and make them more aware of how to protect these details effectively.

• Tracing the source of data: Tracing schemes help trace the source of leaks when secret or proprietary data is gain by someone.

Descriptive analysis in cybersecurity:

• It is a commonly used form of data analysis.
• It describes historical data and transforms it to a format that is interpretable by humans.
• It enables organizations to learn from past behaviors and understand how they might influence future outcomes.
• It is not used to draw inferences or predictions from its findings.
• It is a foundational starting point used to inform or prepare data for further analysis down the line.
• Descriptive analytics is frequently used in the day-to-day operations of an organisation.
• Descriptive analytics does not, however, attempt to go beyond the surface data and analysis.
• Additional investigation falls outside the domain of descriptive analytics, and insights learned from descriptive analysis are not used for making inferences or predictions.
• Example:Survey results,Social media usage and engagement data such as Instagram or Facebook likes etc.

Predictive analysis in cybersecurity:

• It is used to “predict” what might happen in the future – based on probability.
• Analysing past data patterns and trends by looking at historical data and customer insights can predict what might happen going forward and, in doing so, inform many aspects of a business, including setting realistic goals, effective planning, managing performance expectations and avoiding risks.
• It provides future outcome along with actionable insights.
• Statistical algorithm can not predict the future with 100% certainty.
• It is used to empowers executives and managers to take a more proactive, data-driven approach to business strategy and decision making.
• Example: IT security, E-coomerce etc.

Answer 7: Recommendations to the online risk policy are:

• Anti-malware software: It is a software which are used to reduce the threats probability or used to protect data form attacker.It is used to remove malware like spyware,firmware etc.

• Secured websites: Secured website provide the protection against what kind of content we search. Indicator of security address starts with “https” vs.“http.”

• Using VPN: It stands for "virtual private network". It provide the security over the network.Using VPN from your home keeps you anonymous as well.

• Using cloud services: Online "cloud" services have brought a lot of convenience. Cloud services are simply those that allow you to access or share information online from anywhere and not just one computer. While the convenience is obvious, less obvious are the security risks that come from having all your information in the cloud.

• Findding the weak links: Security risk are associated with the presence of an effective cyber policy and the adherence to that policy, rather than the presence or absence of technical faults.

• Certificate management programs: The failure to effectively manage certificates often is evidence of a failure to implement and maintain best practices more broadly. And research proves that organizations that are not actively and effectively managing certificates are more likely to suffer material breach events or other compromises.

"Yes It is a breach of PII (Personal Identifiable Information) It is any data that could potentially be used to identify a particular person. " becuase when someone attacks to your network, those person have full access of your system. Thats why the person are able to steal the sensitive data and right to manipulate the sensitive data. The person also has the access of your creadentials information".

Need for cybersecurity experts :

• To protect the PII (Personal Identifiable Information).
• To protect sensitive data of person.
• To protect regarding access right.
• To provide various techniques to protect our data.
• To Known the importants of cyber security.
• For encryption method.
• To provide best network server.
• To protect from hackers