Academic journal article ASBBS E - Journal

Online Privacy and Security at the Fortune 500: An Empirical Examination of Practices

Academic journal article ASBBS E - Journal

Online Privacy and Security at the Fortune 500: An Empirical Examination of Practices

Article excerpt

INTRODUCTION

Recently, there has been a flood of online data breaches. In October of 2013, federal prosecutors stated that an identity theft service in Vietnam managed to obtain as many as 200 million personal records, including Social Security numbers, credit card data, and bank account information from Court Ventures, a company now owned by the data brokerage firm Experian (Perlroth & Gelles, 2014). In December of 2013, 40 million credit card numbers and 70 million addresses, phone numbers and additional pieces of personal information were stolen from the retail giant Target by hackers in Eastern Europe. Overall, in 2013, there were 619 data security breaches in the U.S., nearly a 300% increase from 2005 (Chatzky, 2014). This resulted in one-third of data breach victims becoming identity theft victims and the compromise of over 250 million individual records (The Privacy Clearinghouse, 2014). In 2014, a Russian crime ring was found to have amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses. The records, discovered by Hold Security in Milwaukee, include confidential material gathered from 420,000 websites, ranging from Fortune 500 companies to small websites. An SQL injection, in which a hacker enters commands that cause a database to produce its contents, was utilized even though injection was named as one of the top ten web application vulnerabilities in 2013 (OWASP, 2013).

The primary cause of security incidents, according to Verizon's 2014 Data Breach Investigations Report, are web application attacks. These attacks more than doubled in 2013 (Qualys, 2014). An international survey of nearly 700 individuals from all sizes of companies also found that the leading source of risk to companies (52%) is the customer-facing web applications (Bird and Kim, 2012). While 33% have had a formal application security program in place for 1 to 5 years, 34% of respondents indicated that their firm had no program. The application security programs were driven primarily by external factors such as regulatory requirements, requirements from customers, and security incidents, particularly security incidents at other companies within their industry.

Moreover, a WhiteHat (2013) survey of 76 organizations found that 86% had at least one serious vulnerability. The most prevalent vulnerability class was information leakage, identified in 56% of websites. Information leakage is defined as a vulnerability in which the website reveals sensitive data. Exposure to sensitive data such as credit cards, tax IDs, and authentication credentials has been identified one of the top 10 web application vulnerabilities (OWASP, 2013). A 2014 InformationWeek survey of 536 individuals from organizations with at least 100 employees found that 56% of respondents indicate that cyber-criminals pose the greatest threat to their organizations in 2014, ahead of authorized users and employees (49% of respondents) (Davis, 2014). Of note, 23% have experienced a security breach or espionage in the past year. Even social networking site usage has the unintended user consequence of providing private information for "like farming" (Sharifrazi, & McCabe, 2014). This results when users click like, share, or comment.

The costs from breaches include expenses for investigating and repairing the breach, notification of affected stakeholders, managing public relations, lawsuits from stakeholders, governmental fines, and damage to the business's brands, relationships with partners, and reputation (Cox and Singh, 2014). The Center for Strategic and International Studies, a Washington think tank, has estimated that the annual cost of cybercrime and economic espionage to the world economy is more than $445 billion (Nakashima & Peterson, 2014). The United States, Germany and China together accounted for about $200 billion of the total in 2013. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.