Recommendations and Global Considerations

Early June 2018, Exactis experienced data breach that lead to 340 million individual’s

data being exposed on the server. The data that Exactis collected does not included any payment

transaction or Social Security numbers but it does include email addresses, home addresses,

phone numbers, and other personal information. The data got leak because Exactis did not use

any firewall as the protection according to Vinny Troia, who discovered the breach (Paul, 2018).

After the data breach, Exactis would need a good plan to prevent any breach and any incidents in

the future. None of the articles reported that Exactis used an incident response plan to handle the

breach, therefore, it is a good assume that Exactis would need an incident response plan for

future use.

Organizational Changes. The data breached did not include social security number or

bank account number, but the leaked information could make up a fake profile. The entries

contained email addresses, various phone numbers, home addresses, personal hobbies, religious

and political affiliations, past purchasing, marriage status, number and gender of children,

emergency contact, favorite types of entertainments, and etc. This information is enough to

complete a fake Facebook profile of someone. The first thing Exactis should change to prevent

the same incident occur is to have a firewall. Firewall is act as a filter at the gate of the network,

the firewall has the ability to check what is trying to come into the network. If the firewall

detects suspicious activity trying to enter the network, it will immediately block the activity and

notify the security team. There are lots of different types of firewall that Exactis can either buy or

subscribe. Exactis can configure the firewall depend on the needs, specify what to block and

what to pass in the network. Firewall use one or more of three methods to control traffic flow in

the network, packet filtering, proxy service, or stateful inspection (Tyson, n.d.). The firewall will
help Exactis control the traffic flow from the inter to the network and vice versa, block all the

suspicious traffic flow, and give notification when it detected traffic is abnormal.

Another tool Exactis can use after the breach is network monitoring tool. The tool is

design to monitor all the activities in the network and generate reports. Solarwinds Network

Performance Monitor is the top 10 monitoring tools in the market. It is easy to setup and ready to

run. The software can be customized to such as dashboard, charts, and views. Very high

customizable and the interface is easy to manage and change (Wilson, n.d.). The software can

scan for wired and wifi computers and devices, quickly pinpoint issue in the network, real-time

Network and Netflow Monitoring, and etc. Depend on the need of a business, the software can

be customized and perform according to the configuration. Solarwinds Network Performance

Monitor is only one examples of many monitoring tools. Exactis only need to pick one that fit

with the business operation. With a business like Exactis storing billions of data, it is hard to

monitor everything in the network with human’s eyes. Implementing monitoring tool will help

Exactis monitor all the activities, including the activities that cannot be see with human’s eyes. It

is a very powerful tool, not only it helps protect the network, it will help reduce the time and cost

for Exactis.

Ethical Guidelines. Beside implementing new tools to protect the network, Exactis also

need an ethical guidelines to prevent same incident from occurring and future incidents. The

guideline should be applied for everyone in the company and very clear on how to prevent

incidents. The guideline could be an incident response plan, it will guide all employees how to

report and how to handle an incident. Before handling any incident, Exactis should develop a

web page to report any incident. The incident reporting web page will contain all information

such as name of reporter, what happened, locations, time of incident, and etc. This information
will help the security team investigate the incident and choose the right method to handle the

incident. The incident response plan could become the important key for Exactis when prevent

the incident. There are 6 steps in the incident response plan. First step is preparation, ensure all

the software are enable and running, employees are properly training according to their response

role and responsibilities in the event of data breach (Ellis, n.d.). All the member must understand

their role very well and know exactly how to act when an incident occurs. When an incident

occurs, there is only time to act, there is no time to learn or ask questions. The second step is

identification, this phase is when the security team look into what reported. After an

investigation, the team will determine if it is a data breach, an incident, or a threat. This step is

very important, because if the team determine the report wrong, it could affect the network. This

step is also the step to identify who, what, when, where, and how the incident occurs. Also

determine the impact of incident in the network and how much did the incident cause the

company in financial aspect.

Third step is containment, this is when the security contains the incident and does not let

it expand in the network. It is important to contain the incident as soon as possible because the

longer the company does not contain the incident, the more damage the incident will cause. Once

the incident is within control, the security team can stop the damage and start handling the

incident. Next step is eradication, this step is to remove the incidents or threats out of the system.

Before removing anything, data must be save and store it somewhere so the team can access it

later. Depend how big is the incident, sometimes, it will be required to delete everything and

start from the scratch. But sometimes, it only needs to remove the incidents. So, depend on how

the security identify the incident, then the removal step will depend on it. The security team must

ensure remove everything and check to see if the incident is still lingering in the network. If
everything is in the clear, then the next step is recovery. The recovery phase is to install or put

everything back to original place and have everything up and running. The last step is lessons

learned, this step take place at the end of the handling incident process. The security team will

put together a lesson learned for every in the company. The session will explain how the incident

occurred, where the incident occurred, and how they handled the incident. This will help all

employees understand the incident and able to identify the incident. At the end is the

recommendation on how to prevent the incident occur in the future. The incident response plan

helps a business handle an incident smoothly and precisely. Exactis would not want to waste

time when an incident occurs, therefore everything must be quick and precise, the more they

waste time, the more damage they will get. By having a guideline such as an incident response

plan, Exactis can reduce the damage and able to handle the incident quickly.

International Compliance. Exactis breach occurred over the server so that mean Exactis

did not pay attention to their server. Exactis could have violated the international compliance

standards during the incident. Exactis’s breach occurred could due to Exactis did not follow one

of these standards. The international compliance standards stated update authentication for the

server. The update will ensure that BIOS (Basic Input/Output System) update images have been

digitally singed and digital signature can be verified using a key stored (Regenscheid, 2014). The

system must be able to recognize unauthorized images or signature when someone is trying to

use a fake image. Exactis could have not secure local update, this update required an

administrator be physically present at the server to conduct the update. The chance is Exactis did

not think this update is needed, therefore they could have skipped this update. Another standard

Exactis could have neglected is firmware integrity protection, this protection is to prevent the

execution of inauthentic or malicious code. If Exactis have this protection, it should protect the
server from modifications outside the authenticated update mechanisms. The purpose of these

international compliance standards are to protect the server when Exactis is expand the company

to international level.

Incident Impact. Exactis is a company that collect individual’s information and then the

data got leak, it is equivalent to personal data got leak. The data contain information about an

individual beside Social Security Number and any transaction. Once the cyber-thieves obtain this

information, they can create a fake profile from any country in the world. They could use the

fake profile to do any job that is illegal and will not be caught because the profile is someone

else. While they are using the fake profile, it could result in effecting the actual individual life.

Because of these incidents, users are losing trust in online service. Exactis is not even an online

business, they are simple collected information without user knowing about it. User are living in

fear that they do not know when data breach will affect their life. They worry to get online or

perform anything over the internet. But they are force to trust the internet because every job

required using the internet. They are force to trust the internet and hoping the company

implement strong protect to protect the database. Users will hesitate to perform any act when

they are using a new website because they do not know how secured that website is. The users

are now viewing and using the internet different than before, they are more caution when

opening any website or putting any personal information on the website.

Global Technology Environment. The data breach at Exactis seem like it was Exactis

fault for not paying attention to the data that exposed on the public server. And Exactis was not

the only company that experience data breach. After these incidents, the global legal and

regulation should be improved to protect the data. There are already a few global regulations

existed and the purpose is to protect the privacy of individual. May 25, European Union
introduced laws to protect people’s privacy and right, this law applies to all 28 European member

states (Francis, 2018). Sharing data could lead to data breach, and March 23, the US signed into

law the Cloud Act. Which allow federal law enforcement officials to compel US-based

technology companies to provide requested data stored on servers regardless of whether the data

is stored in US or on foreign soil. This will help law enforcement to track the data and use it

protect company or an individual. Phone company are now using face ID to unlock the phone,

these mean faces are being stored in databases. A facial recognition firm Cloud Walk is working

on an AL system to predict crimes before they happen. Face recognition is the new technology

and there is still a lot a work on. After so many data breach happened like Exactis, people are

now pushing more laws to protect the company and individual in the even of data breach. As a

result of multiple breaches, more laws are now being putting in place.

Exactis’s breach incident was not something anyone would want to happen but because

they neglected on the server, the data got leak. As the lesson after the breach, Exactis should

increase the firewall, anti-virus software, and monitoring software. This software will help

Exactis prevent any suspicious traffic flow and detect suspicious activity early. Exactis should

also have establish an incident response plan with an incident response team. The plan will act as

a guideline during any incident, so everything will run smoothly and precisely. The incident

response team will be the one in charge of handling any incident and provide lesson to every

employee. Exactis can resume after the breach, as long as they secure their network tightly.
 Work Cited

Compliance Standards & Guidelines. (n.d). Retrieved from http://cts-labs.com/compliance-

standards-guidelines

Ellis, D. (n.d.). 6 Phases In The Incident Response Plan. Retrieved from

https://www.securitymetrics.com/blog/6-phases-incident-response-plan

Francis, D. (2018). The Biggest New Laws to Regulate Tech Giants-and Why they Matter.

Retrieved from https://singularityhub.com/2018/06/06/the-biggest-new-laws-to-regulate-

tech-giants-and-why-they-matter/#sm.000010lk01forscyvvn1qoj7kf8oo

Paul, K. 2018. What is Exactis-and how could it have leaked the data of nearly every American?.

Retrieved from https://www.marketwatch.com/story/what-is-exactisand-how-could-it-

have-the-data-of-nearly-every-american-2018-06-28

Regenscheid, A. (2014). BIOS Protection Guidelines for Servers. Retrieved from

file:///C:/Users/lehu/Downloads/Nist%20-%20SP800-

147B%20BIOS%20Protection%20Guidelines%20for%20Servers.pdf

Sylvester, C. (2018). The Exactis Data Breach Contains Important Lessons for Small Businesses.

Retrieved from https://www.networkdepot.com/the-exactis-data-breach-contains-

important-lessons-for-small-businesses/

Tyson, J. (n.d). How Firewalls Work. Retrieved from

https://computer.howstuffworks.com/firewall1.htm

Wilson, M. (2019). 10 Best Network Monitoring Tools & Software of 2019. Retrieved from

https://www.pcwdld.com/best-network-monitoring-tools-and-software