Free Essay

A Case Study of the Trend in Cyber Security Breaches as Reported by Us Federal Agencies

In: Computers and Technology

Submitted By jmaccmuga
Words 987
Pages 4
A Case Study of the Trend in Cyber Security Breaches as Reported by US Federal Agencies

Joash Muganda

American Public University System

ISSC640 – Prof. Belkacem Kraimeche

November 12, 2014

Abstract
The cases of cybersecurity breaches reported by federal agencies have sharply increased in recent years due to a combination of factors. This study seeks to examine the current trends in cybersecurity breaches documented and reported by federal agencies, analyze the various factors responsible for this trend and their impacts, as well use currently available data to predict a future trend.

A Case Study of the Trend in Cyber Security Breaches as Reported by US Federal Agencies The number cybersecurity breaches reported by federal agencies has been on the increase owing to the variety of factors. According to a report by U.S Government Accountability Office, GAO (2014), federal agencies have reported increasing number of cybersecurity breaches that have put sensitive information at risk, with potentially serious impacts on federal and military operations. GAO (2014) further stated that the increase in this number is due to the fact that obtaining hacking tools has become easier, there is dramatic increase in reporting security incidents, and steady advances in the sophistication and effectiveness of attack technologies. The table below shows the number of cybersecurity breaches since 2006 to 2012 as reported by GAO (2014). Number of Incidents | 5503 | 11911 | 16843 | 29999 | 41776 | 42854 | 48562 | FiscalYear | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 |
Data sourced from GAO Analysis of US-CERT Data for Fiscal Years 2006-2012 Federal and private agencies have invested much resources in their attempts to curb cybercrime, and over the years, what has been put in place may be responsible for the wider detection and therefore increased number of reported incidents of security breaches. In fact, according to Mendoza (2014), by year 2020, the U.S. government is projected to spend roughly $65 billion on cybersecurity, although some experts contend that even this amount is grossly insufficient to meet the need. The strategies currently employed to tackle cybercrime range from promoting education and awareness; addressing international cybercrimes; developing detection, mitigation and response plans to the incidents; to promoting research and development etc. (GAO, 2014). For example, the significance of the education and awareness component of the cybercrime fight is heightened by the fact that in a large number of cases where federal agencies are exposed to cybersecurity breaches, it was as a consequence of human error. In 2013, federal employees were to blame for approximately half of the 228,700 cyber incidents that involved federal agencies through actions ranging from work-place policy violations, to improper handling of sensitive information taken from workplace computers (Mendoza, 2014). In light of this fact, it is reasonable to anticipate an increase in the number of reported incidents if employees are better trained to detect cybersecurity threats. Gendarmerie Nationale (2011) explained that Cybercrime is on the rise for the reason that development of connections has expanded exponentially; knowledge base for the subject has increased; there is more cultural awareness; and programmable onboard electronics, therefore increasing the number of potential targets. In comparison to other crimes and offenses, cybercrime generally requires lesser investment and can be accomplished in diverse locations, without any geographical constraints and with no consideration to borders (Gendarmerie Nationale, 2011). If cybercrime is bound to increase as explained by these facts, the number of incidents reported are likely to do the same.
Prediction
This study predicts a polynomial growth in the number of reported cybersecurity breaches as illustrated in the graph below.

Data sourced from GAO Analysis of US-CERT Data for Fiscal Years 2006-2012
The blue line show the trend as it has been since 2006 to 2012, and the black line shows a trendline in to the future. In 2020 for example, the number of incidents that will be reported by federal agencies will be approximately 110000 compared to 48562 in 2012 for instance. This study predicts a polynomial growth in the number of reported cybersecurity violations due to the fact that figures showed by the graph above does not suggest exponential growth. However, the growth is still very large and fast leading to the conclusion that the growth is polynomial. An example to explain this growth is, government and private agencies can spend heavily but not enough to eradicate cybercrime. The impact of that spending would be felt, slowing down the growth. On the other hand, perpetrators will continue with their missions, considering the fact that not enough money was used to fight them, the number of cases reported will only go up.
Conclusion
This case study predicts that the number of security breaches reported will increase. On a positive note, this could mean that more breaches are being reported than in the past and the trend will continue in the future. However, this can also mean that more attacks are taking place now and will continue in the future. The point is, increase in the number of cases being reported does not necessarily mean that there is no progress in the fight against cybercrimes. The increase of the number of cybersecurity breaches being reported depend on several factors such as emergence of new technologies, awareness of cyber threats and attacks, increased use of internet and electronics, federal agencies initiatives and regulations availability of law enforcement cyber incident reporting resources, government spending, advancement in the techniques that criminals use, and many others.
References:
Gendarmerie Nationale. (2011). Prospective Analysis on Trends in Cybercrime from 2011 to 2020. Retrieved from http://www.mcafee.com/us/resources/white-papers/wp-trends-in-cybercrime- 2011-2020.pdf Mendoza, M. (2014, November 10). Federal government struggles to keep pace against cyberattacks. The Associated Press. Retrieved November 14, 2014. U.S. Government Accountability Office [GAO]. (2013). Cybersecurity: National Strategy, Roles, and Responsibilities Need to be Better Defined and More Effectively Implemented. Retrieved from: http://www.gao.gov/assets/660/652170.pdf

Similar Documents

Premium Essay

Cyber Crime

........................................................................................ 2 3.1. Cyber Crime ................................................................................................................................. 2 3.2. Cyber security ............................................................................................................................... 3 4. Key Findings / Discussion of your research topic ............................................................................ 3 4.1. The major risks of cyber security ................................................................................................. 3 4.1.1. To consumers ........................................................................................................................ 3 4.1.2. To businesses........................................................................................................................ 4 4.1.3. IT organisations ..................................................................................................................... 4 4.1.4. Telecommunication companies ............................................................................................. 5 4.1.5. Government ........................................................................................................................... 5 4.2. The origin of cyber security .................................................................................................

Words: 3380 - Pages: 14

Free Essay

Identity Theft Research Paper

...to report identity theft is also explained. Defining Identity Theft The U.S. Department of Justice defines identity theft, also called identity fraud, as “all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain” (U.S. Department of Justice, 2015). Identity thieves use personal data such as Social Security numbers, bank account or credit card numbers to personally profit at the victim’s expense. These breaches allow thieves to take funds out of bank accounts or in the worst cases, take over a victim’s identity completely, running up huge debts and committing crimes using the victim’s name. Victims not only suffer the out-of-pocket financial losses, but they may have to rebuild their reputation in the community due to the perpetrator’s actions (U.S. Department of Justice, 2015). Identity theft is expected to surpass traditional theft as the leading form of property crime. Security analysts state everyone should prepare to be a victim of identity theft at some time in their lives (Anderson, 2013). Identity theft is a three stage process: acquisition, use, and discovery (Office of Justice Programs,...

Words: 4583 - Pages: 19

Free Essay

Foreign Economic Collection 2011

........ i Scope Note ........................................................................................................................................... iii US Technologies and Trade Secrets at Risk in Cyberspace.....................................................................1 The Appeal of Collecting in Cyberspace................................................................................. .....1 Security and attribution ....................................................................................................... 1 Faster and cheaper .............................................................................................................. 2 Extra-territoriality ................................................................................................................ 2 Large but Uncertain Costs........................................................................................................... 3 Pervasive Threat from Intelligence Adversaries and Partners ...............................................................4 China: Persistent Collector.......................................................................................................... 5 Russia: Extensive, Sophisticated Operations ..............................................................................5 US Partners: Leveraging Access ..................................................................................................6...

Words: 11021 - Pages: 45

Premium Essay

Is3920 Lab 9

...Order Code RL33199 Data Security Breaches: Context and Incident Summaries Updated May 7, 2007 Rita Tehan Information Research Specialist Knowledge Services Group Data Security Breaches: Context and Incident Summaries Summary Personal data security breaches are being reported with increasing regularity. Within the past few years, numerous examples of data such as Social Security, bank account, credit card, and driver’s license numbers, as well as medical and student records have been compromised. A major reason for the increased awareness of these security breaches is a California law that requires notice of security breaches to the affected individuals. This law, implemented in July 2003, was the first of its kind in the nation. State data security breach notification laws require companies and other entities that have lost data to notify affected consumers. As of January 2007, 35 states have enacted legislation requiring companies or state agencies to disclose security breaches involving personal information. Congress is considering legislation to address personal data security breaches, following a series of high-profile data security breaches at major financial services firms, data brokers (including ChoicePoint and LexisNexis), and universities. In the past three years, multiple measures have been introduced, but to date, none have been enacted. This report will be updated regularly. Contents Introduction . . . . . . . . . . . . . . . . . . . ....

Words: 18803 - Pages: 76

Free Essay

Law Report

...ensure businesses adhere to the privacy act to prevent the unauthorised use of these information. Any misuse of information can cause great personal and financial harm to the victim. Privacy of health information is fundamental principle in health care. Lack of privacy information might result in people not seeking the health care they need which might be very risky to their own health and the health of others. The rate of technological development is accelerating too quickly and current laws are becoming irrelevant to the business practices of online service providers. Businesses can collect non sensitive information from a number of sources and combine their result to form a comprehensive profile of an individual. Intelligence agencies also play a significant role in collection analyzing and storing different types of information all over the world. The reason for their existence is protection...

Words: 11809 - Pages: 48

Premium Essay

Test

...Degree Master of Science in Information Security Assurance January 9, 2014 1 SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING 2 A1 - Abstract Since 1999 wireless devices have become a necessity in enterprises. While increasing convenience, connectivity, and productivity, they also pose an unprecedented threat to network security guarding, which has literally taken to the airwaves. This paper will deal with vulnerabilities and risks regarding access points (APs) in a wireless network (WLAN) connecting to a wired local area network (LAN) in enterprises. Data for this paper will come from published academic papers, industry publications including white papers and surveys, and industry specialists. It will also include definitions of terms, policy and procedures that affect access points, and current practices regarding rogue APs. A case study will be presented for a fictional enterprise with multiple locations that has standard procedures, policies, and protocols in place, but recent events have questioned their ability to control access points with the discovery of rogue devices hidden in several office locations. Industry warnings about access points span the past thirteen years, and still new articles appear saying similar warnings, with only the solutions evolving with the technology. Suggested solutions will include security literacy regarding APs and their devices and their compliance; security audits to re-evaluate configurations of......

Words: 18577 - Pages: 75

Premium Essay

Vl Bank

...VL Bank Case Security Risk Analysis Scenario: You are the chief information security officer (CISO) for the VL Bank based in Atlanta, Georgia. Recently, a highly sophisticated and cleverly orchestrated crime was brought to your attention by the information security analysts in your department and by a growing number of business customers. Your company’s commercial customers utilize a digital certificate multifactor authentication process to access wire transfers, cash management, deposit operations, and account management applications common to all business customers. The problem is that several customers have reported that new user accounts have been set up under their names without their authorization and these accounts are initiating. The main term used in risk analysis Digital certificate multifactor will be defined and will be covered along with risk mitigation . A discussion of acceptable and unacceptable risk and how to follow specific federal best practice standards for securing communications and preventing cybercrime , provide a cybercrime prevention strategy using National Institute of Standards and Technology (NIST) federal guidelines. Digital Certificate : The most common method for authentication E-commerce transaction is via the exchange of digital certificates. Its contain digital signature which is unique representation of the certification authority. The digital signature is a distinctive mark that cannot be replicated by another entity. When affixed......

Words: 2557 - Pages: 11

Premium Essay

Stats

...2010 / 2011 CSI Computer Crime and Security Survey 15th annual 2010/2011 Computer CrIme and SeCurIty Survey www.GoCSI.com 1 2010 / 2011 CSI Computer Crime and Security Survey by Robert Richardson, CSI Director 2010 / 2011 CSI Computer Crime and Security Survey With this document, the CSI Survey achieves its fifteen-year mark. Both the aims and format of the survey continue to evolve. As you’ll see in the findings that follow, many of the results reported by our respondents easily could have been predicted based on looking at results from the past several years. There has always been an almost surprising stability to answers about tools and methodology in this survey and this year is not an exception. What is different, broadly speaking, is that there is considerably more context within which these results may be interpreted. There are a number of very good reports of various kinds now available on the Web. All of them that we’re aware of, with the exception of this one, are either provided by vendors or are offered by analyst firms. That’s not to say that there’s anything wrong with these sources. A tremendous amount of useful information is offered in these various reports. But independent research seems fundamental and we believe the survey provides this. Beginning last year, there were three important changes to this survey. The first was that a “Comprehensive” edition was offered, one of its key objectives being to attempt to take other report......

Words: 16095 - Pages: 65

Premium Essay

Information Technology

...technology and identify situations in which they occur. 2. Identify the many threats to information security. 3. Understand the various defense mechanisms used to protect information systems. 4. Explain IT auditing and planning for disaster recovery. Ethics, Privacy, and Information Security LEARNING OBJECTIVES rain_c03_070-121hr.qxd 28-09-2009 11:25 Page 71 WEB RESOURCES Student Web site www.wiley.com/college/rainer • Web quizzes • Lecture slides in PowerPoint • Author podcasts • Interactive Case: Ruby’s Club assignments WileyPLUS • All of the above and... • E-book • Manager Videos • Vocabulary flash cards • Pre- and post-lecture quizzes • Microsoft Office 2007 lab manual and projects • How-to animations for Microsoft Office • Additional cases CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources What’s in IT for me? ACC FIN MKT OM HRM MIS rain_c03_070-121hr.qxd 28-09-2009 11:25 Page 72 72 Chapter 3 Ethics, Privacy, and Information Security Opening Case NASA Loses Secret Information for Years The Business Problem Over the past decade, U.S. government agencies have been the victims of an unprecedented number of cyber-attacks. One government official noted, “It is espionage on a massive scale.” Government agencies reported almost 13,000 security incidents to the U.S. Homeland Security Department during fiscal year 2008, triple the number from two years earlier. The......

Words: 25389 - Pages: 102

Free Essay

It and Terrorism

...[pic] [pic] THE INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA SUBMITTED BY: PRITISH S. ROONGTA (GROUP LEADER) (09820456348) GROUP DETAILS |NAME |WRO NUMBER |CONTACT NUMBER | |PRITISH S. ROONGTA |WRO 0279357 |09820456348 | |RADHIKA R. PALKAR |WRO 0286747 |09833391122 | |RUTU A. SHAH |WRO 0278759 |09819033996 | |VINIT D. PATIL |WRO 0313142 |09819689616 | BATCH TIMING: 05.00 PM TO 09.00 PM BATCH COMMENCEMENT DATE: 6TH JULY 2009 CENTRE: RVG HOSTEL, ANDHERI (W) INDEX |Sr. No. |PARTICULARS |PAGE NO. | |1. |Internet And Terrorism |5 | |2. |Modern Terrorism And Internet ...

Words: 11580 - Pages: 47

Free Essay

Dfdgfg

...Build Your Report | Symantec http://www.symantec.com/threatreport/print.jsp?id=highlights... BOOKMARK THIS PAGE | PRINT THIS PAGE | CLOSE Internet Security Threat Report Volume 17 Custom Report SHARE THIS PAGE Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010. Web based attacks increased by 36% with over 4,500 new attacks each day. 403 million new variants of malware were created in 2011, a 41% increase of 2010. SPAM volumes dropped by 34% in 2011 over rates in 2010. 39% of malware attacks via email used a link to a web page. Mobile vulnerabilities continued to rise, with 315 discovered in 2011. Only 8 zero-day vulnerabilities were discovered in 2011 compared with 14 in 2010. 50% of targeted attacks were aimed at companies with less than 2500 employees. Overall the number of vulnerabilities discovered in 2011 dropped 20%. Only 42% of targeted attacks are aimed at CEOs, Senior Managers and Knowledge Workers. In 2011 232 million identities were exposed. An average of 82 targeted attacks take place each day. Mobile threats are collecting data, tracking users and sending premium text messages. You are more likely to be infected by malware placed on a legitimate web site than one created by a hacker. Introduction Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 64.6 million attack sensors......

Words: 44470 - Pages: 178

Premium Essay

Scanning Applications

...U.S. Department of Justice Federal Bureau of Investigation 2012 The Strategic Information and Operations Center at FBI Headquarters is the 24/7 command post that monitors FBI operations and law enforcement activities around the globe. An FBI agent examines a potentially contaminated letter during a white powder training exercise. 2012 The FBI Story I A Message from FBI Director Robert S. Mueller, III For the FBI and its partners, 2012 was a year that reminded us once again of the seriousness of the security threats facing our nation. During the year, extremists plotted to attack—unsuccessfully, thanks to the work of our Joint Terrorism Task Forces—the U.S. Capitol, the New York Federal Reserve Bank, and other landmarks on U.S. soil. Tragically, on the 11th anniversary of 9/11, a hateful attack in Benghazi took the lives of the U.S. Ambassador to Libya and three other Americans. In the cyber realm, a rising tide of hackers took electronic aim at global cyber infrastructure, causing untold damages. High-dollar white-collar crimes of all kinds also continued to siphon significant sums from the pocketbooks of consumers. And in Newtown, Connecticut, 20 young children and six adults lost their lives in one of the worst mass shootings in American history, ending a year of violence that saw similar tragedies around the country. Working with its colleagues around the globe, the FBI is committed to taking a leadership role in protecting the nation. As you can see......

Words: 67387 - Pages: 270

Premium Essay

Books of Ark

...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Case Study: Critical Controls that Could Have Prevented Target Breach In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores by accessing data on point of sale (POS) systems. This paper will explore known issues in the Target breach and consider some of the Critical Controls that could have been used to both prevent this breach and mitigate losses. AD Copyright SANS Institute Author Retains Full Rights Case Study: Critical Controls that Could Have Prevented Target Breach GIAC (GSEC) Gold Certification Author: Teri Radichel, teri@radicalsoftware.com Advisor: Stephen Northcutt Accepted: August 5th 2014 Abstract In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores by accessing data on point of sale (POS) systems. This paper will explore known issues in the Target breach and consider some of the Critical Controls that could have been used to both prevent this breach and mitigate losses. From what is known about the Target breach, there were multiple factors that led to data loss: vendors were subject to phishing attacks, network segregation was lacking, point of sale systems were vulnerable to memory scraping malware and detection strategies employed by Target failed.......

Words: 8983 - Pages: 36

Free Essay

Budget

...military mission accomplishments, core functions, and force structure. Key initiatives incorporated in the FY 2014 Defense budget. Our budget is formulated based on aligning program priorities and resources based on the President’s strategic guidance. This year’s budget involves key themes to: achieve a deeper program alignment of our future force structure with resource availability; maintain a mission ready force; continue to emphasize efficiencies by being even better stewards of taxpayer dollars; and continue to take care of our people and their families. Implementing Defense Strategic Guidance. The FY 2014 budget request continues the force structure reductions made in the FY 2013 budget request. Following the President’s National Security Strategy and the January 2012 revisions to that strategy, the Budget continues to make informed choices to achieve a modern, ready, and balanced force to meet the full range of potential military requirements. The restructured force will be balanced by technological advancements to deter and defeat aggression, to maintain flexibility, to ensure surge...

Words: 74297 - Pages: 298

Premium Essay

Beacuse I Have to

...State of North Carolina Statewide Information Security Manual Prepared by the Enterprise Security and Risk Management Office Publication Date: April 20, 2012 INTRODUCTION FOR STATEWIDE INFORMATION SECURITY MANUAL ...... 1 GUIDANCE FOR AGENCIES .............................................................................. 1 CHAPTER 1 – CLASSIFYING INFORMATION AND DATA ................................ 2 CHAPTER 2 – CONTROLLING ACCESS TO INFORMATION AND SYSTEMS. 7 CHAPTER 3 – PROCESSING INFORMATION AND DOCUMENTS ................. 32 CHAPTER 4 – PURCHASING AND MAINTAINING COMMERCIAL SOFTWARE ..................................................................................................... 107 CHAPTER 5 – SECURING HARDWARE, PERIPHERALS AND OTHER EQUIPMENT .................................................................................................... 122 CHAPTER 6 – COMBATING CYBER CRIME ................................................. 146 CHAPTER 7 – CONTROLLING E-COMMERCE INFORMATION SECURITY 153 CHAPTER 9 – DEALING WITH PREMISES RELATED CONSIDERATIONS . 173 CHAPTER 10 – ADDRESSING PERSONNEL ISSUES RELATING TO SECURITY ........................................................................................................ 185 CHAPTER 11 – DELIVERING TRAINING AND STAFF AWARENESS .......... 192 CHAPTER 12 – COMPLYING WITH LEGAL AND POLICY REQUIREMENTS ......................................................................................................................

Words: 65255 - Pages: 262