Case Study 20

-

MWEB Business: Hacked


Q1: What technology issues led to the security breach at MWEB?

Technology issues that led to the security breach at MWEB is MWEB Business subscribers’ account details were compromised when their logon and password details were published on the internet by hackers. MWEB previous web based self-service management system outsource to Internet Solution not yet migrate to the new MWEB network. So the reason is hackers gained access to Web based Internet Solutions self-service management system and it led to security breach that MWEB does not have total control.

Q2: What is the possible business impact of this security breach for both MWEB and its customers?
Impact to the business:

The security breach gives a big impact for both MWEB Business and its customers. The possible business impact of this security breach for MWEB is this security breach forces MWEB to notify their customers and find the possible solutions for the problem and to work together with Internet Solution to solve those issues. MWED would lose trust from their customers and it is hard to gain back the trust form the customers.

Furthermore, they need to immediately implement proper policies and controls of their systems and at the same time they need to prepare for legal action and financial risks. It brings a big change in the company and it might affect their business routines. Therefore, those impacts will be the threat to customer retention and reputation.

Impact to the customers:

Customers may need to face the problem of losing of their personal information which is privacy for them. At the same time, they are facing with inconvenience regarding the problems because they have to recreate or change their password and facing the possibility of the service could not be accessed. Customers would also lose their confident and trust on th services provided by MWED in the future.

Q3: If you were an MWEB customer, would you consider MWEB’s response to the security breach to be acceptable? Why or why not?

If I am MWEB customer, I would consider MWEB’s response to the security breach to be acceptable. There were several reasons for the considerations:

1. MWEB responded quickly to the hacking incident. MWEB also has been contacting their customers to reset their passwords, as an added security measure.

2. Besides, they were also quick to note that no personal information was lost and that none of MWEB’s clients suffered any losses as their usernames and passwords had been recreated and changed.

3. Furthermore, MWEB successfully repels 5,000 attacks a day. In addition, MWEB was working closely with Internet Solutions to investigate the nature and source of the breach to ensure that it does not happen again.

Q4: What should MWEB do in the future to avoid similar incidents?

To avoid similar incidents in the future, MWEB should implements up to date security or devices or protocol to their network such as digital certificates, intrusion detection system, Management Information System (MIS) audit, regular and thorough testing and last but not least, improved identity management. Besides, MWEB should proactively take immediate action to evaluate the extent of the breach and to limit any damages. At the same time, MWEB should constantly advise its customers to be vigilant regarding their online data and security. Moreover, MWEB should working closely with Internet Solutions to investigate the nature and source of the breach.

All of these suggestions or recommendations are important to avoid similar incidents in the future.

Comments

Post a Comment

Popular posts from this blog

Case Study 23

-
WIM Industries: From MRP to ERP Q1: Why did WIM feel the need to implement an ERP system? Before implementing an ERP system, WIM was using a materials resource planning (MRP) system, but this system, while a large advance over paper-based management techniques, nevertheless created many problems as the company’s operations expanded. MRP systems do not integrated information from various divisions within a company, but instead automate processes and information within departments. For WIM this meant there was no platform with which to integrate data from different departments, there was a prevalence of data duplication and redundancy, and inconsistent data were supplied to managers. In addition to this, the departments within the company were acting as separate entities and information was not being shared. The growing size of the firm and the corresponding increase in the sizes of departments also bogged down the flow of information. There were also no predefined standard...
Read more

Case Study 16

-
The battle over net neutrality Q1: What is net neutrality? Why has the Internet operated under net neutrality up to this point in time? Net neutrality also called network neutrality, Internet neutrality, or net equality is the principle that Internet service providers and governments should treat all data on the Internet equally, not discriminating or charging deferentially by user, content, site, platform, application, type of attached equipment, or mode communication. In short, network neutrality is the idea that Internet service providers must allow customers equal access to content and applications regardless of the source or nature of the content. The internet nowadays is indeed neutral; all Internet traffic is treated equally on a first-come, first-served basis by Internet back-bone owners. The Internet is neutral because it was built on phone lines, which are subject to 'common carriage' laws. These laws require phone companies to treat all calls and customer...
Read more

Case Study 18

-
RFID Propels the ANGKASA Library Management System Q1: How can RFID technology simplify basic library processes like the lending and returns of books? RFID technology has simplified the basic library processes like the lending and returns of books. Borrowers just need to simply place books and other material they want to borrow on the touch screen, and hand over their cards to the library staff. The screen will automatically reads RFID tags, while the card reader opens up a member’s profile on the system for the staff to view. After that the receipt will be generated, and with the date of return clearly. This system eliminates the need for physical records, stamping, and other time-consuming activities involved in the process of checking a book out of a library. In addition, the system also minimizes human error. Besides, returning books is also much easier now by using RFID technology, the borrowers just need to simply dropping their books at any time into a specially ...
Read more