DATA4000 Introduction to Business Analytics Report 3 Sample
Your Task
Consider below information regarding the Capital One data breach. Read the case study carefully and using the resources listed, together with your own research, complete:
• Part A (Industry Report) Individually by Monday 23: 55pm AEDT Week 12
Assessment Description
Capital One
Background
Who is Capital One?
Capital One Financial Corporation is an American bank holding company specializing in credit cards, auto loans, banking, and savings accounts. The bank has 755 branches including 30 café style locations and 2,000 ATMs. It is ranked 97th on the Fortune 500, 17th on Fortune's 100 Best Companies to Work For list, and conducts business in the United States, Canada, and the United Kingdom. The company helped pioneer the mass marketing of credit cards in the 1990s. In 2016, it was the 5th largest credit card issuer by purchase volume, after American Express, JPMorgan Chase, Bank of America, and Citigroup. The company's three divisions are credit cards, consumer banking and commercial banking. In the fourth quarter of 2018, 75% of the company's revenues were from credit cards, 14% were from consumer banking, and 11% were from commercial banking.
History
Capital One is the fifth largest consumer bank in the U.S. and eighth largest bank overall(Capital One, 2020), with approximately 50 thousand employees and 28 billion US dollars in revenue in 2018(Capital One, 2019).Capital One works in a highly regulated industry, and the company abides to existing regulations, as stated by them: “The Director Independence Standards are intended to comply with the New York Stock Exchange (“NYSE”) corporate governance rules, the Sarbanes-Oxley Act of 2002, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, and the implementing rules of the Securities and Exchange Commission (SEC) thereunder (or any other legal or regulatory requirements, as applicable)”(Capital One, 2019). In addition, Capital One is a member of the Financial Services Sector Coordinating Council (FSSCC), the organization responsible for proposing improvements in the Cybersecurity framework.
Capital One is an organization that values the use of technology and it is a leading U.S. bank in terms of early adoption of cloud computing technologies. According to its 2018 annual investor report (Capital One, 2019), Capital One considers that “We’re Building a Technology Company that Does Banking”. Within this mindset, the company points out that “For years, we have been building a leading technology company (...). Today, 85% of our technology workforce are engineers. Capital One has embraced advanced technology strategies and modern data environments. We have adopted agile management practices, (...).We harness highly flexible APIs and use microservices to deliver and deploy software. We've been building APIs for years, and today we have thousands that serves as the backbone for billions of customer transactions every year.” In addition, the report highlights that “The vast majority of our operating and customer-facing applications operate in the cloud(...).”Capital One was one of the first banks in the world to invest in migrating their on-premise datacenters to a cloud computing environment, which was impacted by the data leak incident in 2019. Indeed, Amazon lists Capital One migration to their cloud computing services as a renowned case study. Since 2014, Capital One has been expanding the use of cloud computing environments for key financial services and has set a roadmap to reduce its datacenter footprint. From 8 data centers in 2014, the last 3 are expected to be decommissioned by 2020, reducing or eliminating the cost of running on-premise datacenters and servers. In addition, Capital One worked closely with AWS to develop a security model to enable operating more securely. According to George Brady, executive vice president at Capital One,
Assessment Instructions
Part A: Industry Report (1800 words, 25 marks)- Individual
Based on the readings provided in this outline, combined with your own independent research, you are required to evaluate the implications of legislation such as GDPR on the Capital One’s business model. The structure of your report should be as follows.
Your report needs to be structured in line with the Kaplan Business School Report Writing Guide and address the following areas:
• Data Usability
- Benefits and costs of the database to its stakeholders.
- Descriptive, predictive and prescriptive applications of the data available and the data analytics software tools this would require.
• Data Security and privacy
- Data security, privacy and accuracy issues associated with the database.
• Ethical Considerations
- The ethical considerations behind whether the user has the option to opt in or opt out of having their data stored.
- Other ethical issues of gathering, maintaining and using the data.
• Artificial Intelligence
- How developments in AI intersects with data security, privacy and ethics.
• Use the resources provided as well as your own research to assist with data collection and data privacy discussions.
Suggested Sources:
• https://web.mit.edu/smadnick/www/wp/2020-07.pdf
• https://research.vu.edu.au/ordsite/ethics/ethics_childlren_handbook.pdf
• https://gdpr.net.au/
Solution
Introduction
Most people and organisations in today's society use a variety of technology equipment to make life easier and more comfortable. Furthermore, globalisation has brought people from all over the world together. University Assignment Help, People's interactions and everyday activities have changed dramatically as technology has been more widely available and used. For example, the Internet conveniently links persons and entities all over the world. This particular report will discuss the data breach incident case of a financial organization Capital One along with assessing the implications of legislation into its business model. It will be done through exploring the factors of data usability, security, artificial intelligence and ethical considerations.
Capital One
Capital One is a financial services company established in the United States that specialises in banking, auto loans, credit cards, and savings accounts. The company's headquarters are located in Virginia. Capital One is one of the major banks in the United States, with customers from Canada and the United Kingdom. Thompson gained access to capital one's server during the hack and stole the personal information of 106 million customers. Credit cards, consumer banking, and commercial banking are the three sections of the organisation. With around 50000 workers and $28 billion in sales in 2018, Capital One is the 5thlargest consumer bank in the USA and the 8thlargest bank across the globe (Novaes Neto et al., 2020). Capital One's move to Amazon's cloud computing services is cited by Amazon as a well-known case study. Capital One has been extending the usage of cloud computing environments for essential financial services since 2014, and it has a plan in place to shrink its trail of datacentre.
Capital One collaborated extensively with AWS to create a security strategy that would allow them to operate more safely. Capital One was one of the first banks in the world to invest in transferring its on-premise datacentres to a cloud computing infrastructure, which was attacked by the 2019 data breach disaster. Capital One disclosed a serious security compromise in late July 2019. According to the study, 100 million Americans were impacted, 6 million Canadians who utilised the bank were also impacted. Thompson stole sensitive information from individuals and small companies, including names, phone numbers, addresses, social security numbers, birth dates, account numbers, credit card applications, transaction data, and credit ratings (Islam 2020). The attacker obtained almost 80,000 account details as well as 140,000 social security information, according to press reports. The usage of a badly mis-configured open-source WAF was found to be a major contributor to the breach, according to the investigation based on direct knowledge of the breach. This online application, on the other hand, was utilised within the corporation as part of its operations, and was mostly housed on AWS in the cloud.
Data Usability
The data usability technique enables the users of Capital One to receive and share a variety of relevant information. This data sharing inspires and leads to additional community connections and cooperation. It leads to various new findings on the cause of the Capital One hacking occurrences. Data sharing is valuable to the community since it may boost the circulation of corporate operations by employing the scientific community by communicating for more transparency (McLean 2019). It is reflected in the company's philosophy of making money and operating the firm in the best interests of all stakeholders. The analytics results are based on descriptive and predictive data, and this analysis would necessitate the use of analytics software tools to make it understandable. To begin with, typical stakeholder enticement tactics are costly. When a user uses them, he or she must assess the cost of engagement against the benefits they will provide. For example, a user can reach stakeholders via techniques such as newspaper advertisements, flyers, letters, and hard-copy questionnaires, but consultations with even the smallest groups of people would cost a lot of money. Next, a user may share information, track tasks, and invite comments from any stakeholder with a PC or mobile device, or solutions like online collaboration software. By making it easier to search, the capacity to circulate and exchange data can increase the discoverability and viability of repositories that publish data. It is significant because it improves the productivity of outcomes, increases transparency, and informs the scientific community significantly.
Descriptive analytics is a sort of data analysis in which historical data is acquired, organised, and presented in a way that is easy to comprehend. Unlike other methods of evaluation, descriptive analytics is simply concerned with what has already transpired in an organisation, and it does not use its results to create conclusions or projections. Descriptive analytics, on the other hand, is a basic start line for telling or putting together information for further analysis. For instance, Capital One has data of numerous applicants, such as their names, email addresses, phone numbers, zip codes, DOB, and addresses while applying for credit card. It includes all the information and the company use this data for process and thus it did the predictive and descriptive method of data collection. Because descriptive analytics is based on historical data and simple computations, it may easily be implemented in day-to-day operations and does not always necessitate in-depth analytics knowledge (Novas Neto et al., 2020). This method allows the firm to quickly and easily record overall performance and gain valuable insights that can be utilised to improve. On the other side, descriptive analytics seem to have the problem of not looking beyond the surface of the data - here is where predictive and prescriptive analytics come into play.
Data Security and Privacy
In order to enter the system of the company, the attacker exploited security flaws in the system of Capital One. Paige Thompson used Capital One's misconfigured Amazon Web Services (AWS) cloud-based assets to launch the attack, according to Goodin (2019). The misconfiguration of the Web Application Firewall of the financial institution enabled the attacker to trick the cloud firewall of Capital One into delivering commands to Amazon Web Services' core data source. The metadata service was the database in question. This page usually provides transitory information about cloud servers, such as current access credentials. Thompson also granted the web application with a large number of consents, allowing it to record and access file contents in every data bucket to attack the Capital One vulnerability. This form of attack is known as the "Server-Side Request Forgery," where assailants deceive the server into performing instructions that suit their interests. All problems with this infringement of data have been handled. After investigations, FBI agents detained and charged Paige Thompson with cybercrime on 29 July in conjunction with the Capital One management. Thompson didn't hide the trails of her. Authorities have utilised the web trail to track it (Neto et al., 2020). The suspect boasted of hacking Capital One and robbing 106 million users of confidential information. Capital One said there was no interference with login information or card information, which only affected 1% of social security credentials.
Figure: Capital One Breach incident through technical process
(Source: Lu,2019)
According to Goodin (2019), the bank discovered the breach through an email alert, which informed the firm that part of its sensitive data had been hacked and placed on a Github account under the name "Netcrave."Capital One has taken many actions to amend the situation and reduce the danger of a similar assault in the future since the occurrence of the cybercrime (Storm 2020). The firm take a decision for cloud storage servers to double-check the potential of a server misconfiguration, and monitors the cyber risk of their third- and fourth-party service providers. Capital One also runs frequent inspections on its Intrusion Detection System and examines host-based IDS rather than network-based IDS in order to analyse hazards at the host level. To defend itself from future data breaches, the organisation has boosted cybersecurity awareness among its staff and frequently checks for compromised credentials, in addition to developing an effective agile patch management process.
Ethical Considerations
A part of data collection where majority of the data is collected via observation, interviews and surveys, various ethical issues can be considered during the data collection of the firm like privacy, anonymity and confidentiality. The security of data by maintaining the ethical practices is a good way to let the community to know the organization, and cause of collecting data when asking for participation. The act of taking advantage of easy access to bank accounts must be avoided because, this could cause the confidential findings to be anonymous and therefore, the trust will be lost (Lu, 2019). While law cannot make a judgement, ethics can provide context for regulation. Privacy violations cause disbelief and have the potential to erode or eliminate the security, which is a act of disobedience to the law and a violation of moral norms.
Since, the event happened to Capital One, several unauthorized accesses to private data have been prohibited. When using technology like Cloud Computing to collect data on a person or a company, accuracy, privacy and robustness are essential. The availability of data content, as well as the legal right of the data subject to access or ownership. It is critical to respect people's time and, wherever feasible, recompense them for it. Capital One must take precautions to safeguard the information gathered from others (Calderon, McCoskey and Onita, 2021). The firm must not keep anything containing personal information in a location where it may be easily accessible by those who do not need to see the data. Capital One clients' information may be ethically and securely sourced, and this activity is critical in the event of a hacking incident. It's important since it helps to adhere to a variety of evidence-gathering procedures, as well as the promotion of a variety of research studies and ethical standards. This goal-finding process includes avoiding mistakes and focusing on information and truths. These points of ethical considerations can be applied to Capital One to help it preserve its data integrity.
Artificial Intelligence
When it comes to developing machine learning solutions, developers place a low focus on security, privacy, and ethics. The customer cares about privacy, therefore a company must consider how to use data to get information while staying inside regulatory guidelines. A virtual card number (VCN) functionality will be implemented by AI. The VCN tools employ machine learning (ML) to offer consumers with a unique credit card number for each online merchant, ensuring that customers' credit cards are not stolen or used fraudulently. Thus, Capital One must consider how to handle lawfully obtained data in accordance with its own corporate ethics, as well as legal compliance difficulties.
Conclusion
Capital One's incident is one of the massive security breaches in cyber-world history. This report has thus addressed the case with data usability, security, AI and ethics. As a result, it can be stated that Capital One's usage of data should benefit the community by safely and ethically handling the data. It is also necessary to store sensitive data securely in order to safeguard the privacy and integrity of private information (Naudé and Dimitri, 2021). Furthermore, in order to avoid privacy breaches, the results and insights should be presented in an ethical way.
References
Calderon, T., McCoskey, M.G. and Onita, C., 2021. Toward a Protocol for Tax Data Security. Journal of Forensic and Investigative Accounting, 13(1). Available at: http://web.nacva.com.s3.amazonaws.com/JFIA/Issues/JFIA-2021-No1-9.pdf
Goodin, D. (2019, July 30). Hacker I’d as former Amazon employee steals data of 106millionpeoplefrom Capital One.Retrieved fromhttps://arstechnica.com/%20information-technology/2019/07/feds-former-cloud- worker-hacks-into-capital-one-and-takes-data-for-106-million-people/
Islam, R., 2020. The Impact of Data Breaches on Stock Performance. Available at: https://www.stern.nyu.edu/sites/default/files/assets/documents/Islam_Glucksman%20Paper_final_200520.pdf
Lu, J., 2019. Assessing The Cost, Legal Fallout Of Capital One Data Breach. Legal Fallout Of Capital One Data Breach (August 15, 2019). Available at: https://www.researchgate.net/profile/Jack-Lu-11/publication/335210159_Assessing_The_Cost_Legal_Fallout_Of_Capital_One_Data_Breach/links/5d58348992851cb74c74965c/Assessing-The-Cost-Legal-Fallout-Of-Capital-One-Data-Breach.pdf
McLean, R. 2019, July 30. Capital One hack exposes 100 million customers. CNNBusiness. Retrieved from https://edition.cnn.com/2019/07/29/business/capital-one-data-breach/index.html
Naudé, W. and Dimitri, N., 2021. Public Procurement and Innovation for Human-Centered Artificial Intelligence. Available at: http://ftp.iza.org/dp14021.pdf
Neto, N.N., Madnick, S., Paula, A.M.G.D. and Borges, N.M., 2021. Developing a Global Data Breach Database and the Challenges Encountered. Journal of Data and Information Quality (JDIQ), 13(1), pp.1-33. Available at: https://dl.acm.org/doi/abs/10.1145/3439873
Novaes Neto, N., Madnick, S., de Paula, M.G. and Malara Borges, N., 2020. A Case Study of the Capital One Data Breach. Stuart E. and Moraes G. de Paula, Anchises and Malara Borges, Natasha, A Case Study of the Capital One Data Breach (January 1, 2020). Available at: https://web.mit.edu/smadnick/www/wp/2020-07.pdf
Storm, S. A. A. 2020. Capital ONE: A breach in the cloud. Corporate governance case studies, 145. Available at: https://governanceforstakeholders.com/wp-content/uploads/2020/07/cg-fs-casestudies.pdf#page=153