Essay On Fundamental Security Principle

Popular social networking and job posting site, LinkedIn suffered a data breach in the year 2021. The data of 700million LinkedIn users were put up online for sale. The data included name, phone number, physical address, emails, geo-location records, usernames, professional experiences, and other linked social media accounts and usernames [1]. All this information is highly sensitive. The hackers conducted data scrapping using the weak link in LinkedIn API to collect all the sensitive data and information of the 700million LinkedIn users. API or application programming interface, helps the users to share data from one application to another application through a common interface. However, as highly sensitive data is shared, due to this reason strong security measures need to be implemented on the interface. 

 

 

In this attack, the confidentiality and integrity of the data have been breached. Confidentiality, Integrity, and Availability are important, as it helps in protecting the data from getting into the hands of the hacker. The confidentiality of data ensures that all the data and information which are available in the organization cannot be accessed by anyone. The integrity part helps when data is being shared within the platform [2]. Often people share data on the platform, thus, when the data is being shared, it should reach the correct destination, without any alteration of the data. Lastly, availability helps in providing the services to the end-users all the time. This means that the end-users can access the services offered by LinkedIn, whenever they login into the platform.

 

Layering is a process in cyber security, where an organization has various security controls in the identified vulnerabilities. Through this process, the API link could have been secured. Limiting would have helped in restricting the data traffic through API requests. Diversity helps in deploying security controls that were not included before. Obscurity would have helped LinkedIn in implementing a security design into the whole system [3]. Simplicity in the source code of the system helps the organization identify the potential vulnerabilities. Through this process, the organization could have identified the weak link in the API module and prevented the data breach. 

 

With the help of cyber security hygiene, LinkedIn could have trained their employees about the importance of cyber security controls in the system. The developers of the source code of the system could have enabled a security module in the API platform. The employees should also enforce the usage of strong passwords for their work systems and emails. Adding to that, a cycle frequency for the changing of the password should also be maintained in the organization. LinkedIn should also look after the system and identify the various vulnerabilities which are currently present [4]. Using a penetration testing approach, the organization can locate all the vulnerabilities which are currently available. After that, by deploying security patches to the system, those vulnerabilities can be removed. LinkedIn should also allow strong authentication and access control approaches throughout the organization and enable a two-factor authentication protocol for every end-user.

 

B. Gibson, S. Townes, D. Lewis and S. Bhunia. Vulnerability in Massive API Scraping: 2021 LinkedIn Data Breach. In 2021 International Conference on Computational Science and Computational Intelligence (CSCI) 2021, December (pp. 777-782). IEEE.

 

 

G. Kaur, Z. Habibi Lashkari and A. Habibi Lashkari, Introduction to Cybersecurity. In Understanding Cybersecurity Management in FinTech 2021 (pp. 17-34). Springer, Cham.

 

 

M. Christen, B. Gordijn and M. Loi. The ethics of cybersecurity 2020 (p. 384). Springer Nature.

 

 

A.Vishwanath, L.S. Neo, P. Goh, S. Lee, M. Khader, G. Ong and J. Chin. Cyber hygiene: The concept, its measure, and its initial tests. Decision Support Systems, 128, 2020 p.113160.