Consider that your team has been hired to prepare a business report and presentation about cyberattacks for a business organisation called HackMePlease which lacks appropriate security control measures. Your job is to convince them that cyberattacks can lead to severe financial and reputational damages for any organisation and hence need to be appropriately handled. As part of this activity, you need to select a specific type of cyberattack, e.g., Malware, social engineering, denial of service (DoS), Man-in-the-middle (MITM), Cross site scripting, etc. Based on your selection, investigate recent (2017-present) cyberattacks globally and select three different cases where your selected attack type was used to penetrate the security of a business organisation. Please select three well-documented cases for this task and note that the selection of appropriate cases is also a part of your assessment. Therefore, please select carefully as you need to address different aspects of these attacks.
Analyse the cases in detail and, where appropriate, apply the knowledge discussed in the class during the analysis.
The report and presentation video must cover the following mandatory issues:
A. Background information about the cases (e.g., the business environment of the organisation).
B. The existing control mechanisms (if any) to deal with the security breaches identifed in (A) in those organisations.
C. How did the security breaches occur (including details such as the attack type, the tools used (if any), the target system(S), the time frame for the attack, and the corresponding vulnerabilities)?
D. The impact of those security breaches on those organisations.
E. Was there any legal action taken after the attacks? Why or why not?
F. What has been done (e.g.. adding new controls or improving the existing controls) by the organisations to deal with the security breaches? In your opinion, has the organisation done enough to deal with these security breaches? Why?
G. After implementing new controls or improving the existing ones (see (E) above), identify any potential threats that could happen in the organisation.
H. Compare and contrast those three different cases in terms of attack strategy, their impact, and how they were handled? Or, use any other suitable criteria.
I. What are the potential benefits of incorporating security programs in HackMePlease company?
In addition to the above issues, your report and presentation may cover any other issues you feel are important. There is no explicit requirement about the length of your chosen documented cases. However, the collected cases must be detailed enough so that your group can obtain sufficient information to address most (if not all) of the above issues. Marks will be deducted if most of the issues are not covered as it is your responsibility to select a suitable topic.