Professional Documents
Culture Documents
Early June 2018, Exactis experienced data breach that lead to 340 million individual’s
data being exposed on the server. The data that Exactis collected does not included any payment
transaction or Social Security numbers but it does include email addresses, home addresses,
phone numbers, and other personal information. The data got leak because Exactis did not use
any firewall as the protection according to Vinny Troia, who discovered the breach (Paul, 2018).
After the data breach, Exactis would need a good plan to prevent any breach and any incidents in
the future. None of the articles reported that Exactis used an incident response plan to handle the
breach, therefore, it is a good assume that Exactis would need an incident response plan for
future use.
Organizational Changes. The data breached did not include social security number or
bank account number, but the leaked information could make up a fake profile. The entries
contained email addresses, various phone numbers, home addresses, personal hobbies, religious
and political affiliations, past purchasing, marriage status, number and gender of children,
emergency contact, favorite types of entertainments, and etc. This information is enough to
complete a fake Facebook profile of someone. The first thing Exactis should change to prevent
the same incident occur is to have a firewall. Firewall is act as a filter at the gate of the network,
the firewall has the ability to check what is trying to come into the network. If the firewall
detects suspicious activity trying to enter the network, it will immediately block the activity and
notify the security team. There are lots of different types of firewall that Exactis can either buy or
subscribe. Exactis can configure the firewall depend on the needs, specify what to block and
what to pass in the network. Firewall use one or more of three methods to control traffic flow in
the network, packet filtering, proxy service, or stateful inspection (Tyson, n.d.). The firewall will
help Exactis control the traffic flow from the inter to the network and vice versa, block all the
suspicious traffic flow, and give notification when it detected traffic is abnormal.
Another tool Exactis can use after the breach is network monitoring tool. The tool is
design to monitor all the activities in the network and generate reports. Solarwinds Network
Performance Monitor is the top 10 monitoring tools in the market. It is easy to setup and ready to
run. The software can be customized to such as dashboard, charts, and views. Very high
customizable and the interface is easy to manage and change (Wilson, n.d.). The software can
scan for wired and wifi computers and devices, quickly pinpoint issue in the network, real-time
Network and Netflow Monitoring, and etc. Depend on the need of a business, the software can
Monitor is only one examples of many monitoring tools. Exactis only need to pick one that fit
with the business operation. With a business like Exactis storing billions of data, it is hard to
monitor everything in the network with human’s eyes. Implementing monitoring tool will help
Exactis monitor all the activities, including the activities that cannot be see with human’s eyes. It
is a very powerful tool, not only it helps protect the network, it will help reduce the time and cost
for Exactis.
Ethical Guidelines. Beside implementing new tools to protect the network, Exactis also
need an ethical guidelines to prevent same incident from occurring and future incidents. The
guideline should be applied for everyone in the company and very clear on how to prevent
incidents. The guideline could be an incident response plan, it will guide all employees how to
report and how to handle an incident. Before handling any incident, Exactis should develop a
web page to report any incident. The incident reporting web page will contain all information
such as name of reporter, what happened, locations, time of incident, and etc. This information
will help the security team investigate the incident and choose the right method to handle the
incident. The incident response plan could become the important key for Exactis when prevent
the incident. There are 6 steps in the incident response plan. First step is preparation, ensure all
the software are enable and running, employees are properly training according to their response
role and responsibilities in the event of data breach (Ellis, n.d.). All the member must understand
their role very well and know exactly how to act when an incident occurs. When an incident
occurs, there is only time to act, there is no time to learn or ask questions. The second step is
identification, this phase is when the security team look into what reported. After an
investigation, the team will determine if it is a data breach, an incident, or a threat. This step is
very important, because if the team determine the report wrong, it could affect the network. This
step is also the step to identify who, what, when, where, and how the incident occurs. Also
determine the impact of incident in the network and how much did the incident cause the
Third step is containment, this is when the security contains the incident and does not let
it expand in the network. It is important to contain the incident as soon as possible because the
longer the company does not contain the incident, the more damage the incident will cause. Once
the incident is within control, the security team can stop the damage and start handling the
incident. Next step is eradication, this step is to remove the incidents or threats out of the system.
Before removing anything, data must be save and store it somewhere so the team can access it
later. Depend how big is the incident, sometimes, it will be required to delete everything and
start from the scratch. But sometimes, it only needs to remove the incidents. So, depend on how
the security identify the incident, then the removal step will depend on it. The security team must
ensure remove everything and check to see if the incident is still lingering in the network. If
everything is in the clear, then the next step is recovery. The recovery phase is to install or put
everything back to original place and have everything up and running. The last step is lessons
learned, this step take place at the end of the handling incident process. The security team will
put together a lesson learned for every in the company. The session will explain how the incident
occurred, where the incident occurred, and how they handled the incident. This will help all
employees understand the incident and able to identify the incident. At the end is the
recommendation on how to prevent the incident occur in the future. The incident response plan
helps a business handle an incident smoothly and precisely. Exactis would not want to waste
time when an incident occurs, therefore everything must be quick and precise, the more they
waste time, the more damage they will get. By having a guideline such as an incident response
plan, Exactis can reduce the damage and able to handle the incident quickly.
International Compliance. Exactis breach occurred over the server so that mean Exactis
did not pay attention to their server. Exactis could have violated the international compliance
standards during the incident. Exactis’s breach occurred could due to Exactis did not follow one
of these standards. The international compliance standards stated update authentication for the
server. The update will ensure that BIOS (Basic Input/Output System) update images have been
digitally singed and digital signature can be verified using a key stored (Regenscheid, 2014). The
system must be able to recognize unauthorized images or signature when someone is trying to
use a fake image. Exactis could have not secure local update, this update required an
administrator be physically present at the server to conduct the update. The chance is Exactis did
not think this update is needed, therefore they could have skipped this update. Another standard
Exactis could have neglected is firmware integrity protection, this protection is to prevent the
execution of inauthentic or malicious code. If Exactis have this protection, it should protect the
server from modifications outside the authenticated update mechanisms. The purpose of these
international compliance standards are to protect the server when Exactis is expand the company
to international level.
Incident Impact. Exactis is a company that collect individual’s information and then the
data got leak, it is equivalent to personal data got leak. The data contain information about an
individual beside Social Security Number and any transaction. Once the cyber-thieves obtain this
information, they can create a fake profile from any country in the world. They could use the
fake profile to do any job that is illegal and will not be caught because the profile is someone
else. While they are using the fake profile, it could result in effecting the actual individual life.
Because of these incidents, users are losing trust in online service. Exactis is not even an online
business, they are simple collected information without user knowing about it. User are living in
fear that they do not know when data breach will affect their life. They worry to get online or
perform anything over the internet. But they are force to trust the internet because every job
required using the internet. They are force to trust the internet and hoping the company
implement strong protect to protect the database. Users will hesitate to perform any act when
they are using a new website because they do not know how secured that website is. The users
are now viewing and using the internet different than before, they are more caution when
Global Technology Environment. The data breach at Exactis seem like it was Exactis
fault for not paying attention to the data that exposed on the public server. And Exactis was not
the only company that experience data breach. After these incidents, the global legal and
regulation should be improved to protect the data. There are already a few global regulations
existed and the purpose is to protect the privacy of individual. May 25, European Union
introduced laws to protect people’s privacy and right, this law applies to all 28 European member
states (Francis, 2018). Sharing data could lead to data breach, and March 23, the US signed into
law the Cloud Act. Which allow federal law enforcement officials to compel US-based
technology companies to provide requested data stored on servers regardless of whether the data
is stored in US or on foreign soil. This will help law enforcement to track the data and use it
protect company or an individual. Phone company are now using face ID to unlock the phone,
these mean faces are being stored in databases. A facial recognition firm Cloud Walk is working
on an AL system to predict crimes before they happen. Face recognition is the new technology
and there is still a lot a work on. After so many data breach happened like Exactis, people are
now pushing more laws to protect the company and individual in the even of data breach. As a
result of multiple breaches, more laws are now being putting in place.
Exactis’s breach incident was not something anyone would want to happen but because
they neglected on the server, the data got leak. As the lesson after the breach, Exactis should
increase the firewall, anti-virus software, and monitoring software. This software will help
Exactis prevent any suspicious traffic flow and detect suspicious activity early. Exactis should
also have establish an incident response plan with an incident response team. The plan will act as
a guideline during any incident, so everything will run smoothly and precisely. The incident
response team will be the one in charge of handling any incident and provide lesson to every
employee. Exactis can resume after the breach, as long as they secure their network tightly.
Work Cited
standards-guidelines
https://www.securitymetrics.com/blog/6-phases-incident-response-plan
Francis, D. (2018). The Biggest New Laws to Regulate Tech Giants-and Why they Matter.
tech-giants-and-why-they-matter/#sm.000010lk01forscyvvn1qoj7kf8oo
Paul, K. 2018. What is Exactis-and how could it have leaked the data of nearly every American?.
have-the-data-of-nearly-every-american-2018-06-28
file:///C:/Users/lehu/Downloads/Nist%20-%20SP800-
147B%20BIOS%20Protection%20Guidelines%20for%20Servers.pdf
Sylvester, C. (2018). The Exactis Data Breach Contains Important Lessons for Small Businesses.
important-lessons-for-small-businesses/
https://computer.howstuffworks.com/firewall1.htm
Wilson, M. (2019). 10 Best Network Monitoring Tools & Software of 2019. Retrieved from
https://www.pcwdld.com/best-network-monitoring-tools-and-software