McDonalds’ food companyMcDonalds’ food company is a great example of an organization that has experienced a security breach amidst the advancement of Information Technology security measures. Accordingly, the company’s website was hacked and user information decrypted to have access (Lueg, 2011). In the analysis that was conducted to assess the situation, it was stated that the use of “dumb” passwords by the customers was the prime cause of the security breach (Lueg, 2011). Precisely, most users were overwhelmed by the fact that the company has many users thereby taking less precaution in the management of their security needs. In addition to that, the company’s website uses cookies that can allow the customers to store their personal information such as usernames and passwords thereby making them vulnerable to unethical hackers. By so doing, the customers made it easy to abuse the underlying reflected server cross-site-scripting vulnerability alongside cryptographic vulnerability that allowed unethical hackers to decrypt data belonging to the company’s customers. Additionally, the company also involved other companies in the management of its email lists thereby rendering its users to the possibilities of suffering from security breaches (Yampolskiy et al., 2014).
There are a number of measures that McDonalds’ food company should have put in place to prevent the security breach (Yampolskiy et al., 2014). For instance, the organization should have taken the consent of managing all the email lists that belonged to its users. Furthermore, the company should also have designed its websites in a manner that can prevent the storage of users’ information for a long time. Going back in time, the company should have educated its users about saving their usernames and passwords on the company’s website. The customers should also have been educated about the importance of having different usernames and passwords for different websites (Lueg, 2011). The company should have ensured that users were advised about the significance of updating and consequently changing their passwords periodically. Finally, the fact that the use of alphanumeric passwords can help to minimize the possibilities of security breach also means that the company should have enlightened its customers about the advantage of the measure (Yampolskiy et al., 2014).
Wal-Mart
Wal-Mart is one of the top companies that have made it to the fortune 500 list (Weinstein, 2015). Despite its status, the company has not justified its full immunity towards security breaches. A report that was documented in 2009 by “wired” made it apparent that unethical hackers broke into the security system that was used by development team in which information from cash registers were stolen. The data then found its way into a computer located in Eastern Europe despite the company’s effort to exempt the problem from publicity describing it as an “internal issue” (Spekman & Davis, 2014).
The breach occurred because the company had not established a justified information system that could be used to separate information system from information technology (Weinstein, 2015). In addition to that, the company did not have proper security mechanisms that could have been used to detect weak points that could have been used by third parties to have access to the company’s information (Spekman & Davis, 2014). Nonetheless, the company should have segregated its underlying security systems and information security departments to ensure that they dealt with separate issues. In addition to that, the company should have taken the consent of having a team of ethical hackers in place to assess the company’s security system and consequently detect the availability of weak points that could be used to hack the company’s data (Weinstein, 2015). Going back in time, the company should have encrypted its underlying data in full to make it difficult for any security breach to occur. In retrospect to that, the underlying security keys that were used in different departments in the company should have been updated periodically to reduce the chances of allowing unauthorized access to confidential data that belonged to the company (Spekman & Davis, 2014).
- Lueg, C. (2011, November). A distributed cognition approach to integrate security management and business processes. In Proceedings of the 2nd International Conference on” Working with e− Business”. November (Vol. 29, p. 30).
- Spekman, R. E., & Davis, E. W. (2014). Risky business: expanding the discussion on risk and the extended enterprise. International Journal of Physical Distribution & Logistics Management, 34(5), 414-433.
- Weinstein, R. (2015). RFID: a technical overview and its application to the enterprise. IT professional, 7(3), 27-33.
- Yampolskiy, M., Andel, T. R., McDonald, J. T., Glisson, W. B., & Yasinsac, A. (2014, December). Intellectual property protection in additive layer manufacturing: Requirements for secure outsourcing. In Proceedings of the 4th Program Protection and Reverse Engineering Workshop (p. 7). ACM.