MIS2101 Section 702 – Amy Lavin – Spring 2014

Hackers Lurking in Vents and Soda Machines

Screen Shot 2014-04-17 at 10.02.51 PM

http://www.nytimes.com/2014/04/08/technology/the-spy-in-the-soda-machine.html?ref=computersecurity&_r=0

How might this example of IS security breach affect your decision to purchase new devices that allow its users constant connection through their phone or internet?

How much fault should be placed on the company who falls victim to security breaches?

Sarbanes-Oxley Act of 2002 and subsequent government Acts require companies to implement a “reasonable” level of security. The lack of specific guidelines and its vague language leaves room for interpretation allowing companies to spend the minimum on cybersecurity.  Do you feel the Government should pass a bill to enforce companies to uphold a standard level of cybersecurity?

12 Responses to Hackers Lurking in Vents and Soda Machines

  • These breaches would not keep me from purchasing new devices. After reading this article, it goes to show that major hackers are after major businesses or data systems. I believe the usefulness of my phone is worth the risk.

    The level of fault that should fall on the company depends on how the hacker breached the company’s system. Some of the examples like getting in through the printer system or through a third party chinese restaurant should leave less blame for the company than hacking the main server. Regardless, companies should be focusing more on obscure ways that their systems can be hacked.

    The government should definitely pass a more detailed bill specifying the security level that companies must maintain. The current law was a step in the right direction towards internet security, but it remains to vague to be effective. I believe that if a few more major companies are breached it will draw enough attention from Washington to get a bill passed.

    • This example does not affect my decision to purchase a new devices. It is one of those things where you have to do what you have to do because you need to be protected somehow.

      Since the information regarding guidelines for cybersecurity breaches and how much fault should be on the company is so vague, it is undetermined how much fault should actually be placed on the company. If there is no clear standard, how can a determination be made.

      The Government should set a more defined guideline to determine how much fault should be placed on the company. As the article mentioned banks have spent up to 12% on security measures, where as retailers have spent less than 5%. Banks and retailers house very important consumer data, so the percentage rates for security measures should not differentiate so greatly. Both entities have personal consumer information that can be compromise.

  • 1 – How might this example of IS security breach affect your decision to purchase new devices that allow its users constant connection through their phone or internet?
    It definitely would make me be more cautious of who has the access and how much access people can have. There probably needs to more controls in place like no one person has all the access. It makes you realize how much security is needed and that some companies are not spending enough.
    2 – How much fault should be placed on the company who falls victim to security breaches?
    They should take a good amount of blame. As the article states, it’s always wartime. Companies have to always be prepared to catch it before it happens or as soon as it happens. Too many times it seems companies dropped the ball somewhere and that’s when the breach occurred.
    3 – Sarbanes-Oxley Act of 2002 and subsequent government Acts require companies to implement a “reasonable” level of security. The lack of specific guidelines and its vague language leaves room for interpretation allowing companies to spend the minimum on cybersecurity. Do you feel the Government should pass a bill to enforce companies to uphold a standard level of cybersecurity?
    I think their should be more regulation for more cybersecurity. Everyone seems to be connected through companies giving hackers a lot of information when they break in. Chapter 10 and the article pretty much indicate that governments can be brought down because of lack of security.

  • That is one of my major concerns with the Cloud Based Data Systems. I good hacker can get in through someone system who has a lower level of security than you have and then they can get into your system. Target was just the latest major company to have breach of security.

  • How might this example of IS security breach affect your decision to purchase new devices that allow its users constant connection through their phone or internet?

    If I did not have any of the advanced systems mentioned towards the end of the article I would definitely be more skeptical of incoming devices, where they’re coming from, and what the company’s security protocol is. If I did have an advanced system, however, I would not be as concerned, because I should be properly protected.

    How much fault should be placed on the company who falls victim to security breaches?

    I don’t think much fault can at all be placed on the victum. Even in large instances like the Target incident, it really wasn’t a flaw in their own security system as much as it was with the heat/AC company. Hopefully articles like this catch more wind and large corporations will start becoming aware of these types of breaches. That way they better develop their systems to protect customers.

    Sarbanes-Oxley Act of 2002 and subsequent government Acts require companies to implement a “reasonable” level of security. The lack of specific guidelines and its vague language leaves room for interpretation allowing companies to spend the minimum on cybersecurity. Do you feel the Government should pass a bill to enforce companies to uphold a standard level of cybersecurity?

    No. Vague language is used on purpose, just like in our constitution, so that we can dictate its meaning with the times. If we were to implement specific previsions we would have to make amendments to those laws with every new attack. Just like IS systems are rapidly changing, so are the ways hackers infiltrate our systems. We can only hold victims to a reasonable standard to be determined by a judge/jury.

  • It doesnt really stop me from buying new devices that allow users connection through their phone or internet. I have have just grown to accept the fact that these things happen and I am just going to have to deal with it. I will just keep buying antivirus to help me out to its best ability and hope for the best.

    A lot of fault should be placed on companies that suffer breaches in their security. They need to understand that they are dealing with mass personal data from customers and these people trust them to protect their information and that is why they purchase from them constatly. Hence they should be investing a lot of money into protecting people’s information as that is a factor that keeps their business thriving.

  • Wow! It definitely makes me think about devices I would purchase – maybe not a phone – but an electronic thermostat or monitoring system for my house… Great article Joanne!

  • How might this example of IS security breach affect your decision to purchase new devices that allow its users constant connection through their phone or internet?

    I will probably buy and install additional software that protects my personal information from intruders and hackers.

    How much fault should be placed on the company who falls victim to security breaches?

    Almost 100%, because the company should stay vigilant all the time and take the necessary steps to avoid this type of breach by not bundling everything in their system, each department must have its own security system.

    Sarbanes-Oxley Act of 2002 and subsequent government Acts require companies to implement a “reasonable” level of security. The lack of specific guidelines and its vague language leaves room for interpretation allowing companies to spend the minimum on cybersecurity. Do you feel the Government should pass a bill to enforce companies to uphold a standard level of cybersecurity?

    Yes, the government must reevaluate and reinforce the law, so that companies should update and implement high level of security

  • 1. I won’t be deterred from buying the devices that I want. Like anything in life, if you let the risks stop you from doing anything then you won’t be doing much. Just accept the risk and if something happens, deal with it then as best you can.

    2. I think it depends on how much security is in place and the method of the of the security breach. Hackers come up with new ways everyday and companies sometimes have to learn as they go when something new comes up. I wouldn’t place 100% of the blame on them unless they had nothing in place to begin with.

    3. Yes. The minimum that must be done and consumers should be aware of what precautions the company has in place so they can make the decision on whether or not to trust the site with personal information.

  • 1.) I am still going to buy the devices that I want. I trust the companies that make them, and for me, the risk associated with this is less than the usefulness and benefits I get from the device. However, this article does make me want to learn how I can protect myself from this type of breach.

    2.)All if it should be placed on them. Security threats are not something that are going to go away. They are a part of our modern technological society. Because of this these companies need to make sure their devices are as safe as possible, just like as they would try and improve any other aspect of a device or service.

    3.) I dont think the government should get involved. I know that standardization of security is a good thing but the idea of having a company being forced to allow a government official to have at their security system seems dangerous. Maybe I am paranoid but I feel that it could lead to its own new set of issues.

  • 1. How might this example of IS security breach affect your decision to purchase new devices that allow its users constant connection through their phone or internet?
    On a personal level I would be concerned because I make online purchases and if someone hacks in and tracks my activity they might be able to access my personal information. On a business level it is very similar because some one could have a virus on their device
    and spread it to a system or network just by plugging in.

    2. How much fault should be placed on the company who falls victim to security breaches?
    Like the article stated sometimes the hackers come from very unlikely places it is very hard to protect ones self if you don’t know where the attack is coming from. In my company we block a lot of websites but you can’t make 3rd parties up their security.

    3. Sarbanes-Oxley Act of 2002 and subsequent government Acts require companies to implement a “reasonable” level of security. The lack of specific guidelines and its vague language leaves room for interpretation allowing companies to spend the minimum on cybersecurity. Do you feel the Government should pass a bill to enforce companies to uphold a standard level of cybersecurity?
    I don’t think a bill is necessary. Yes ultimately if a security breach occurs then personal information about clients could get out. But that is more damaging to the company. Brand reputation could be severly hurt. So it is in their best interest to protect their information.

  • 1. It would not change my mind about future decisions. On several occasions, I have given permission to Kodak & Apple remote access resolve an issue. It is my responsibility to have protected against potential cyber-attacks.
    2. Regardless of how the security breach happen, the company has to take the brunt of responsibility. As with the Target breach, the company had an adequate security, but still it was compromised, and the customers blamed Target for their information being hacked.
    3. No, I do not believe it is the federal government responsibility to mandate to private industry businesses have a “standard level of cybersecurity.” How can the federal government stipulate what lever of security a company should have, when the federal government cannot protect their own databases.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 14 other subscribers