Background of the organization

The foremost determination of this security audit paper is to focus on the data breach in the My Fitness Pal accounts in February 2018, which had a negative impact on more than 150 million users of their services. The user accounts, email address and the hashed passwords were decoded by the cyber criminals. The shares of the subsidiary organization Under Armor dropped 3.8 percent after this cyber security issue. The payment information of the clients of this organization was saved from the cyber criminals (Bui, 2016). The security of the data of the clients of this business organization was compromised during this attack. The professional perspective of the cybercriminals is under hammer after this famous attack. The sportswear brand Under Armor bought the global fitness organization in the year 2015 for $475 million USD. In the year 2015, My Fitness Pal had about 80 million users all over the world. The agonistic approach to the application helped the fitness organization to grow and increase their business circle. The different services which were compromised during the famous data breach act were the exercise related activities and the calorie tracking segments (Chang & Ramachandran, 2016). The security steps which are adopted by this organization after knowing about the data breach was not enough to contain this situation as the newly created hash words were not enough to contain the situation.

Founded in the year 1996 by Kevin Plank, this American business organization manufactures footwear, sports and casual apparel. Kevin Plank was the caption of the football team University of Maryland. The organization was facing severe crisis last year due to the inefficient operational strategies. The increased amount of good sold in the online portals was one of the main reasons behind their downfall.  The current estimated worth of this business organization is around $14 billion USD (MyFitnessPal, 2018). The external threats coming from the rival organizations were very much negative for this business organization. This business organization have their branches all over the world such as New York City, Shanghai, Jakarta City and San Francisco. The products of this corporation includes the sports shoes, sports based garments and sports based products such as the protective gear, gloves and the jackets.

My Fitness Pal is a subsidiary organization of the Under Armor organization. Stakes of this organization were bought in the year 2015 for $475 million USD. This is an application found in most smart phones. They provide a variety of services to their clients all over the world. The activity of the calorific intake is considered in this website which can help its clients to lead a healthier life cycle. The nutrients of the user’s goals are focused in their applications. More than 5 million nutritional foods are recommended by this application which can help them to specify and look in to the individual requirements of the clients (Dahabiyeh, 2015). The various items of this organization can be accessed with the help of the barcodes after the clients pay their amount to the company. There are different types of payment methods in the portals of the My Fitness Pal. More than 50 different devices of the clients are handled by this organization providing them with a detailed health plan. This organization also uses the Garmin wearable devices. The calorie awareness, maintenance and the variety in nutritional food items are the primary aspects of this business organization (Dhasarathan, Thirumal & Ponnurangam, 2015). There are different types of subscription modules in this organization which makes it easier for the clients to deal with issues according to their needs and requirements.

Technical background of the technology used in the attack

The data breach which occurred in the year 2018 in the My Fitness Pal is one of the biggest cyber security issue in the world (Erkin et al., 2013). The user’s friendly codes which were actively used for hampering the data integrity of this business organization is the SHA-1 hashing technique. It had no impact on the license numbers of the drivers and the social security numbers. The source of the data is infiltrated by the cybercriminals due to the inefficient general data protection regulation requirements of this business organization. Millions of data of this organization were hacked with the help of this technique (Faruki et al., 2013). The sensitive information’s associated with the data of the clients of this business organization are compromised with the help of the discussed technique. The network security protocols were bypassed by the cyber criminals. The cyber criminals used the social engineering techniques to understanding the networking protocols of My Fitness Pal. The spear phishing emails were sent to the clients of this organization and when they downloaded the attachment associated to the mail their fitness accounts were under the control of the cybercriminals. These technologies are generally used in many other famous data breaching activities such as the Joker Stash which impacted around 5 million users and the fitness application Pump Up which impacted around 6 million users. These technologies are very much impactful for the data breaching activities.

The trust worthy entities are hacked with the help of the phishing emails. Their phishing emails are carried out with the help of the instant messaging techniques and the email spoofing. The users of this business organization were directed to a different website under the same name and made to enter their personal details (Holt, 2013). The clients of this fitness organization are deceived by the strategies adopted by the cyber criminals but their operational strategies were dependent on the phishing emails only. There are different types of phishing emails which are dedicatedly used by the cyber criminals in this scenario which is the manipulation of the links. This type of deception can be termed as the technical deception. This technology is designed to make a link in the email and in the attachment unit of the emails (Kamoun & Nicho, 2014). The spoof website is attached to it the link which is the exact copy of the My Fitness Pal application which is the main reason behind deceiving such a huge number of clients all over the world. The spoof website has misspelt URL’s which were overlooked by the clients as they thought that it was the original website. The sources codes of the spoof website are customized entirely by the criminals according to their needs and requirements. The reliability of the data was compromised with the help of this technology (Hyman, 2013). A huge amount of money and personal information were used by the cybercriminals for their personal benefits. The data which was extracted from the account of the user can be used in different illegal activities or even in the terrorist activities which can be a source of concern considering the social issues. The prime intentions of the attackers were to extract a huge amount of personal details as this organization have their clients all over the world. The amount of success the cyber criminals had over the years in different business organizations has led to this attack.

How the threat actually compromised the app

The threat coming from the phishing email compromised the integrity of this fitness application. The personal details of the clients of this business organization such as the residential address, email addresses, user’s names, hash-enabled alphanumeric passwords. The clients of this business organization were very much reliable due to the impressive strategies but were bluffed this time around due to the impressive strategy adopted by the cyber criminals. The data was stolen from the original portal of thus fitness organization (Loader & Thomas, 2013). The passwords were changes from the hash functions to the string like characters which was not noticed by the internal stakeholders of this business organization. The working principals of the hash function worked positively for the cyber criminals as they turned the long passwords into cryptographic hashes which are very much difficult to reverse. The attackers included intense source codes while encrypting the file. Multiple rounds of complication were performed by the cyber criminals implemented their strategies. All the data available in the application was compromised due to this data breaching threat.

The non-financial aspects of the application were affected due to the attack. This business organization stores the payment information in a more secure environment which is the main reason why the financial benefits was not achieved to the cyber criminals. The threat altered the data of the clients which was against the professional ethics considering the growth and development of the organization. The account information was altered an impact of the threat (Martin, Borah & Palmatier, 2017). The health plans were altered to a significant extent. The exercise is modified and the clients had a negative impact due to this data breaching activity. The blogs associated with the food were deleted or modified. Mapping activities were very much impacted due to the threats. Calories could not be tracked during the attack and the log activities of the clients cannot be checked by the super admins of this portal.

This paper helps in understanding the various impacts of the data breach on a business organization. The aspects associated with the famous data breach of My Fitness Pal is stated here, this unit of the paper will focus on the different opinions of the authors about the mitigation strategies of these cyber-attacks.

As discussed by Vitak et al. (2018), the data breaching activity is a very common cyber security issues in recent years due to the recent developments of the information technology department. The extensive growth in this industry has led to these attacks. There are plenty of emerging technologies which are widely used for the kinds of data security breaches. The personal fitness data can be reversed using these techniques. The security measures of every business organization should be updated quite frequently as more and more technologies are used for this purpose. This kinds of data security breaches have the ability to negatively impact the growth and progress of business organization (Melcherts, 2017). The repair time of these data breaches is also very much on the higher side which a loss of time and resources for the organization. The confidential data which falls into the hands of the hackers or the cybercriminals can be altered and modified as needed by the cyber criminals.

Preventing such attacks from happening

Referring to the other authors it can be said that the data source of every online business should be kept with huge security measures so that it is very difficult for the hackers to get access to their accounts (Moore, 2014). All the files should be kept in an encrypted form as it is a very secure measure considering the privacy and integrity of the data. Thus it can be said that the security breaches should be solved purposefully in order to achieve the desired organizational activities.

According to Moens & Roberts, (2017), effective IT governance plan should be the one of the business objectives on every big and small sized business organizations. The author of this resource focused on the importance of data security. Both the authors of this resource considers data as one of the assets for every business organization, so along with maintaining the financial security of this organization, these business organizations should be investing more on the security of the data also. The authors of this resource helped the readers of this document to find a plan which will help them to understand all the possible risks associated with the integrity of the data.

Referring to the other authors it can be said there are lots of complexities associated with the identification of the exact IT governance plan as the business situations are changing every time. The confusion between the IT policies and the IT governance plan should be solved by the retail industries (Moore, 2014). Different authors have a different opinion about the implementation of the IT governance plan as it is very important to understand the nature of work and the work culture before implementing this plan.

It can be also said that the implementation of the IT governance plan can positively impact the organization considering the security and integrity of the data. Data management is an important criterion for every business organization and lack of data management skills can lead to cybercrimes such as the data breaching in the My Fitness Pal fitness organization (Prakash & Singaravel, 2015). The management team of every business organization such as the My Fitness Pal organization.

The attack of this online fitness organization could have been avoided with the help of the strategies discussed in the previous unit of this paper. All the networking activities of this organization should be checked on a regular basis so that the threats coming from the internal units of the organization should be stopped. The data breaching of this organization can also be stopped with the help of frequently changing the passwords of the users accounts. All the data which are transported from one unit of the application to the other unit of the application should be through an effective medium (Romanosky, Hoffman & Acquisti, 2014). Sharing of every personal data should be avoided by the clients of this organization as the practice of the secondary personal emails should be practiced. Awareness is one of the main preventive measures of these data breaches as the individuals should be aware of the different ways by which this external threat affects this organization. In this data breach, the cyber criminals used the concept of phishing emails so all the concerned stakeholders should be aware of what phishing emails are and are its impact (Yar, 2013). All the other types of techniques such as the safeguarding the social security numbers, destroying private records or having a backup in the private servers can be one of the ways by which the impact of the data breaching can be reduced.

Research Topics

The clients of this business organization should be restricted to access on all the unauthorized files which are coming from outside their working environment (Vitak et al., 2018). Before storing the data in the databases this fitness organization should be shredding all the files and folders.

The online services which are provided by this fitness organizations should be reviewed along with that it can also be said that the restriction of the unencrypted devices is the other form of preventive measure for this business organization. The management team of this online fitness organization should have been focusing on the automating systems which have the capability to check the passwords settings of all their clients throughout the world (Sen & Borle, 2015). The systems which are installed in the working environment of this organization should be checking the privacy issues of the servers. The privacy and security of the server rooms should be maintained with the help of IT based systems. The configuration of the firewall should also be evaluated quite frequently as cyber criminals are also improving their strategies and technologies for these kinds of cyber security attacks.

The adverse condition faced by this online fitness organization could have been avoided with the help of the tracking the data which are circulated within the system and also the data which are circulated outside the business environment of this organization (Xu et al., 2014). Defining the accessibility to those who are working on the data of this organization could have been one of the preventive measures considering the data breach of this organization. The privacy and security training to all the internal and external stakeholders is one of the other preventive measures of this attack (Stevens et al., 2017). Having a breach response plan in the standby could also be an effective measure in dealing with the negative impact of the data breaching in this organization.

Conclusion

From the above security audit paper, it can be concluded that effective IT governance plan could have been useful for this organization to protect against the data breaching. The most important characteristics of this famous data breaching act were that it was detected in the later stages of the attack. The initial detection of this attack in the first place could have saved millions of users of this fitness organization. The Under Armors took all the necessary steps to contain this adverse situation by notifying the users about this ethical issue. The activity of the program which infected the working functionalities of the application is also considered in this paper. The technical background of the technologies used in the attack is also mentioned in this document which helps in realizing the importance of the preventive steps to get rid of such complex business situations. It can be also concluded that the reputation of this organization could have been saved if this organization focused on their IT strategy. The paper also focusses on the different opinions of the authors about the containment of this data breach. The impact of this famous data breach is also understood with this paper as more than 150 million users were affected by it all over the world. The paper also highlights the ways by which the attack can be prevented.

References

Bui, J. (2016). Lack of Privacy Regulations in the Fitness and Health Mobile App Industry: Assessing the Health Insurance Portability and Accountability Act (HIPPAA) for Meeting the Needs of User Data Collection. Intell. Prop. & Tech. LJ, 21, 1.

Chang, V., & Ramachandran, M. (2016). Towards achieving data security with the cloud computing adoption framework. IEEE Trans. Services Computing, 9(1), 138-151.

Dahabiyeh, L. (2015, May). Networks of Cybercrime Prevention: A Process Study of the Credit Card. In ECIS.

Dhasarathan, C., Thirumal, V., & Ponnurangam, D. (2015). Data privacy breach prevention framework for the cloud service. Security and Communication Networks, 8(6), 982-1005.

Erkin, Z., Troncoso-Pastoriza, J. R., Lagendijk, R. L., & Pérez-González, F. (2013). Privacy-preserving data aggregation in smart metering systems: An overview. IEEE Signal Processing Magazine, 30(2), 75-86.

Faruki, P., Ganmoor, V., Laxmi, V., Gaur, M. S., & Bharmal, A. (2013, November). AndroSimilar: robust statistical feature signature for Android malware detection. In Proceedings of the 6th International Conference on Security of Information and Networks (pp. 152-159). ACM.

Holt, T. J. (2013). Examining the forces shaping cybercrime markets online. Social Science Computer Review, 31(2), 165-177.

Hyman, P. (2013). Cybercrime: it’s serious, but exactly how serious?. Communications of the ACM, 56(3), 18-20.

Kamoun, F., & Nicho, M. (2014). Human and organizational factors of healthcare data breaches: The swiss cheese model of data breach causation and prevention. International Journal of Healthcare Information Systems and Informatics (IJHISI), 9(1), 42-60.

Loader, B. D., & Thomas, D. (Eds.). (2013). Cybercrime: Security and surveilla

Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data privacy: Effects on customer and firm performance. Journal of Marketing, 81(1), 36-58.

Melcherts, H. E. (2017). The internet of everything and beyond. Human Bond Communication: The Holy Grail of Holistic Communication and Immersive Experience, 173.

Moens, A., & Roberts, N. (2017). Not just an IT issue: Why governance of data should be on the agenda of every board director. Governance Directions, 69(2), 104.

Moore, R. (2014). Cybercrime: Investigating high-technology computer crime. Routledge.

MyFitnessPal. (2018). Retrieved from https://www.myfitnesspal.com/

Prakash, M., & Singaravel, G. (2015). An approach for prevention of privacy breach and information leakage in sensitive data mining. Computers & Electrical Engineering, 45, 134-140.

Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach litigation. Journal of Empirical Legal Studies, 11(1), 74-104.

Sen, R., & Borle, S. (2015). Estimating the contextual risk of data breach: An empirical approach. Journal of Management Information Systems, 32(2), 314-341.

Stevens, M., Bursztein, E., Karpman, P., Albertini, A., & Markov, Y. (2017, August). The first collision for full SHA-1. In Annual International Cryptology Conference (pp. 570-596). Springer, Cham.

Vitak, J., Liao, Y., Kumar, P., Zimmer, M., & Kritikos, K. (2018, March). Privacy Attitudes and Data Valuation Among Fitness Tracker Users. In International Conference on Information (pp. 229-239). Springer, Cham.

Xu, L., Jiang, C., Wang, J., Yuan, J., & Ren, Y. (2014). Information security in big data: privacy and data mining. IEEE Access, 2, 1149-1176.

Yar, M. (2013). Cybercrime and society. Sage.