MWEB Business: Hacked

4,883 views

Published on

MWEB Business: Hacked
Laudon/Laudon MIS 12/e: pages 349-350

1. What technology issues led to the security breach at MWEB?
2. What is the possible business impact of this security breach for both MWEB and its customers?
3. If you were an MWEB customer, would you consider MWEB's response to the security breach to be acceptable?
4. What should MWEB do in the future to avoid similar incidents?

Made and presented for the course Management Information Systems at Viadrina University, winter term 2012/2013.

Published in: Business
  • Be the first to comment

MWEB Business: Hacked

  1. 1. MWEB Business: Hacked Management Information Systems 10.12.2012
  2. 2. Outline1. What technology issues led to the security breach at MWEB?2. What is the possible business impact of this security breach for both MWEB and its customers?3. If you were an MWEB customer, would you consider MWEBs response to the security breach to be acceptable?4. What should MWEB do in the future to avoid similar incidents?
  3. 3. o South Africa’s 2nd largest Internet Service Providero Founded in 1997o Divisions: MWEB Connect and MWEB Businesso Customer base: • Home users • Small, medium and large enterprises • Corporate clients
  4. 4. Portfolioo Tailored Business Solutionso Personalized account managemento Own world class network infrastructureo International connectivity redundancyo Next generation data centerso 24/7 Technical support
  5. 5. Security Measureso Using AVG Internet Security as partnero Identity protectiono LinkScanner (safe surfing)o WebShield (safe social networking)o Antiphishing, Antispam, Antivirus, Antispywareo Enhanced firewallo Automatic e-mail cleaningo Blocking network ports commonly used by hackers
  6. 6. Dangerous BreachIssue:oCompromised subscribers account detailsoPublished logon and password detailsReasonoHackers gained access to Web based InternetSolutions’ self-service management systemo outsourced, not in total control
  7. 7. Data Management
  8. 8. Business Impacto Notifying customers and find solutiono Determine reason for breach = interruption of business processeso Work together with ISo Lost trust of customers  gain backo Implement proper policies and controlso Prepare for legal, financial riskso Threat to customer retention and reputation Very tricky process with intangible and tangible costs
  9. 9. Customer Impacto Need for explanationo Need for behavioral recommendationso Loss of personal information (privacy)o Data lost or inaccurateo Additional compromising of related accountso Inconvenience: have to change password or could not access the serviceo Lost trust in the company
  10. 10. Response to the security breacho 25.10.2010 Security Breach “Dear sirs if you see your own name on the list maybe its time for switching ISP (in case you have any option) :D”o Disclosed and responded the same day (quickly!!)o User names  recreated Passwords  changedo No personal information was losto Clients did not suffer any losses
  11. 11. Response to the security breacho Internet Solutions network  own IPC networko Repels 5000 attacks a day!o Added security measure  reset the passwordso Investigation together with Internet Solutions Acceptable response? Yes Saved trust? No
  12. 12. To-do list for the futureo Digital certificateso Intrusion detection systemo MIS audito Regular and thorough testingo Improved identity management
  13. 13. Thank you!

×