The loss or theft of sensitive data—such as personal identification, financial records, or proprietary business information—can be devastating. It may lead to identity theft, financial fraud, or a competitive disadvantage.
Example: Legends International (2024)
Legends, a prominent sports and entertainment venue management firm, suffered a data breach in which attackers accessed and exfiltrated sensitive files. These included internal documents and potentially the personal details of employees and patrons. The breach illustrated how cybercriminals target organisations with vast data pools, especially when security measures are inadequate.
When attackers gain access to systems without permission, they can manipulate, steal or destroy data. This can occur due to weak authentication methods, poor access controls, or exploitation of system vulnerabilities.
Example: E-commerce Database Compromise
A mid-sized e-commerce platform experienced a serious breach after cybercriminals exploited a misconfigured database. Attackers obtained login credentials and accessed customer payment records and order histories. This type of intrusion can cause irreparable damage to customer trust and brand reputation.
Overloading a system, such as in a Distributed Denial-of-Service (DDoS) attack, can render critical services unavailable. These attacks flood the target with traffic, preventing legitimate users from accessing services.
Example: OmniCyber Security Case Study
An organisation was subjected to a DDoS attack that disrupted its customer-facing website and internal systems. The outage lasted several hours, affecting service availability and business operations. It highlighted the need for robust incident response protocols and scalable infrastructure protection.
Data corruption involves the unauthorised alteration or damage of data, making it unusable or misleading. It often occurs through malware, ransomware, or insider threats.
Example: Norsk Hydro (2019)
One of the world’s largest aluminium producers, Norsk Hydro, was hit by a ransomware attack that encrypted key systems and data. The company had to switch to manual operations for several weeks, costing over $70 million. The attack exposed how dependent even industrial operations are on digital infrastructure.
Cyberattacks can cause widespread disruption to IT systems and services, delaying operations or halting them altogether. This can lead to financial loss, missed deadlines, and reduced productivity.
Example: KNP Logistics (2023)
Russian hackers compromised KNP Logistics through an employee’s weak password, which granted them access to internal systems. The attackers deleted crucial business data, leading to the collapse of the 158-year-old company. This case underscores the importance of robust authentication policies and disaster recovery plans.
Breaches involving personal information or login credentials can lead to identity theft, fraud, and the resale of data on the dark web. This compromises both individuals and the integrity of organisational systems.
Example: 23andMe (2024)
Hackers accessed the genetic and personal data of nearly 7 million 23andMe users. The incident included sensitive heritage and health information, with a million profiles reportedly sold online. It raised serious ethical and legal questions about data protection in the genomics sector.
Physical breaches can occur when unauthorised persons gain access to secure locations, often through social engineering or tailgating. Such breaches can lead to theft of hardware, surveillance equipment, or sensitive documents.
Example: Cresco Physical Security Incident
In a co-working space, attackers used social engineering techniques to blend in with employees and access restricted areas. This breach highlighted that physical security is just as critical as cyber security and must be treated with equal vigilance.
Failure to apply security patches in a timely manner leaves systems vulnerable to known exploits. Attackers often scan for unpatched systems to target with malware or unauthorised access attempts.
Example: Equifax Breach (2017)
Equifax failed to install a security patch for Apache Struts, which had a known vulnerability. As a result, attackers exploited this flaw, leading to a massive breach affecting 147 million individuals. This case is a textbook example of the dangers of neglecting routine system maintenance.
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|
Anonymous Assessment - Learners assess an anonymous piece of work containing deliberate mistakes against given success criteria.