QUEZON CITY UNIVERSITY

COLLEGE OF COMPUTER STUDIES

IAS101 – FUNDAMENTAL OF INFORMATION ASSURANCE AND SECURITY 1

LABORATORY ACTIVITY 5

NAME: Cunanan, Jesse Anne S. SCORE PERCENTAGE

STUDENT NO: 20-1271

YEAR/SECTION: SBIT3G
DATE: March 8, 2023

INSTRUCTIONS:

A. Individual Activity
B. Search for at least 5 companies who are dealing with the following:
1. Risk
2. Threat
3. Vulnerabilities
4. Impact on their business
C. Submit this in word file format to our Google Classroom

1. Yahoo 2013-2015

RISK: One of the greatest and most well-known cases of a hack is the data breach at Yahoo, which
presently holds the record for the most persons impacted. In 2013, the first assault happened, and
numerous others would occur over the next three years.

THREAT: The hackers broke into Yahoo's systems between 2014 and 2016, probably in some cases by
spear-phishing attempts. An individual with access to Yahoo's internal network is subjected to such an
attack where they receive what appears to be a legitimate message asking them to click on a link, which
then silently installs malware on their computer. It's likely that the compromised computers eventually
allowed the attackers access to the Yahoo network.

VULNERABILITIES: A group of Russian hackers attacked Yahoo's database using backdoors, stolen
backups, and access cookies to steal data from every user account, including personally identifiable
information (PII) like:

• Email Addresses
• Names
• Phone Numbers
• Birth Dates
• Passwords
• Calendars
• Security Questions

IMPACT ON THEIR BUSINESS: Yahoo first announced that data from around 1 billion accounts had
been compromised. Nevertheless, once Verizon acquired Yahoo in 2017, they revealed that around 3
billion accounts were compromised in total. Yahoo was not only sluggish to respond, but the
corporation also neglected to inform customers of a 2014 incident, which led to a $35 million fine and
41 class-action lawsuits. Over 3 billion user accounts exposed.
 QUEZON CITY UNIVERSITY
COLLEGE OF COMPUTER STUDIES

2. Target – November 2013

RISK: On Black Friday 2013, Target become a victim of a third-party data breach on one of the largest
shopping days of the year. Every company with exposed third parties is extremely vulnerable to a data
leak or cyberattack, even with a security mechanism in place. Target utilized a gateway through which
third-party firms could access their data in this situation. Yet, by doing so, a vulnerability was
established that allowed unauthorized access to Target's network.

THREAT: Target lacked a separated network and adequate firewall, which would have significantly
reduced the cyber assault. Once inside, the hackers attacked Target's point-of-sale (POS) system using
a Trojan, gaining access to credit card data.

VULNERABILITIES: This massive data breach enabled attackers to obtain more than 41 million credit
and debit card details and 70 million customer records. Every company's cybersecurity strategy must
prioritize the management of third-party risk. One compromised third party is sufficient to access the
complete network.

IMPACT ON THEIR BUSINESS: Target ultimately suffered around $202 million in damages ($292 million
before insurance), including a $18.5 million settlement payment, a $10 million class-action lawsuit, and
$127.5 million paid to banks and credit card firms.

3. Facebook

RISK: Facebook's dependence on ad revenue, the uncertainty surrounding the success of its virtual
reality products and its foray into artificial intelligence, the potential for government regulation, the
threat of competition from newer social media platforms, and the potential for backlash from users or
advertisers over contentious issues with data privacy are all risks associated with buying Facebook's
stock.

THREAT: Investors in Meta face risks due to the company's dependency on advertising revenue, the
potential for government regulation, the likelihood of competition from newer social media platforms,
the potential for backlash over contentious issues, and the potential for data privacy issues.

VULNERABILITIES: And here is where the political tempest over political operators' exploitation of
Facebook enters the picture. Accidentally or purposely, Facebook permitted the political data firm
Cambridge Analytica to acquire the data of millions of its users, and this data wound up in the hands of
foreign political operators during the 2016 U.S. presidential election. During the election season,
political operators used Facebook and other social media platforms to propagate misleading material.
Meta is addressing these issues, but the government may decide too as well.

IMPACT ON THEIR BUSINESS: Meta was fined $414 million by European regulators in early 2023 after
it was proven that the corporation inappropriately coerced customers to accept personalized adverts.
2 The penalty has substantial repercussions for the advertising operations of the social media
behemoth (Facebook and Instagram) in the EU, a vital market.
 QUEZON CITY UNIVERSITY
COLLEGE OF COMPUTER STUDIES

4. Home Depot

RISK: Home Depot and its competitors, such as Lowe's, continue to have strong ties with their
suppliers. This restriction prevents suppliers from doing business with rival companies. For example,
Home Depot suppliers steer clear of doing business with Lowe's out of concern for losing customers to
Home Depot. This supply chain constraint is problematic since some brands are not available at the
company's retail outlets.

THREAT: The economy and rival companies present risks to Home Depot's business. This SWOT
framework component identifies the external strategic elements in the market or industry that might
have a detrimental impact on corporate capabilities. The following are Home Depot's most significant
threats:

• Competition
• Substitutes
• Economic Slowdown

VULNERABILITIES: Both stocks have suffered severe losses this year, along with the market as a whole.
Lowe's is down about 20%, and Home Depot is down about 25%. Worries about the housing sector
recession are dragging on the stock market as first-time buyers find it harder to buy a home owing to
rising mortgage rates and sky-high property prices.

IMPACT ON THEIR BUSINESS: The market leader in do-it-yourself products said in its third quarter
results report that the number of client transactions dropped by more than 4% compared to the same
period last year. However, these consumers are spending more due in part to inflation. The average
consumer purchase at Home Depot was about $90, an increase of about 9% from the prior year.
 QUEZON CITY UNIVERSITY
COLLEGE OF COMPUTER STUDIES

5. LinkedIn – April 2021

RISK: Hackers were able to reveal the user IDs of over 700 million people (>93% of the entire user
population) in 2021, when the site had over 750 million users, by doing a data scrape on the LinkedIn
website. Even though much of the information was publicly accessible, it was against LinkedIn's terms
of service to undertake a data scrape by using their API.

THREAT: Workers' personal information provided on LinkedIn can be coupled with other online data
about them (such as information shared on their other social media accounts or information obtained
on people-search websites) by threat actors to pinpoint when and where they are most vulnerable to
an attack.

VULNERABILITIES: The scraped data included:

• Full Names
• Phone Numbers
• Email Addresses (not publicly available)
• Usernames
• Geolocation Records
• Genders
• Details to linked social media accounts

IMPACT ON THEIR BUSINESS: It also gives dishonest gamers the chance to target significant figures or
top company leaders. For instance, amateur hackers quickly looked for ways to benefit from this
situation. On a public forum, one man asserted that he was offering a fresh batch of LinkedIn data for
$7000 in Bitcoin. 700 million or more user profiles.