Imagine showing up to work on a Mon-day morning right before the Thanksgiv-ing holiday, booting up your computer, and being greeted with a threatening message informing you that your com-pany’s entire network has been hacked. This nightmare was a reality for Sony Pictures Entertainment employees on Monday, November 24, 2014. The Sony hack has revealed much about the state of corporate cybersecurity and the interworking of a multi-billion dollar corporation while also raising a number of new ethical issues. There are im-portant lessons for IT students to learn from the Sony hack that will help them better prepare contingency plans and act ethically throughout their career.

The Sony hack was caused by a wiper malware that has similarities to the “Shamoon” virus that attacked Saudi Aramco in 2012 and the “DarkSeoul” malware in 2013 that attacked South

Sony Hack 1

Black Friday and eCommerce 2

Going Beyond Classroom 3

Wearable Technology 4

Java and Jobs 2014 Announcement 7

GEICO Achievement Awards Information 7

Inside this issue:

Korean networks. In all three of these attacks the malware allowed “Windows applications to gain direct access to disk hardware without having to run in ad-ministrator mode,” data was stolen, threating messages were left, and all the data on infected PCs and the serv-ers they were connected to was locked or deleted. Additionally, all three at-tacks appear to have been politically motivated; however, so far no one has claimed responsibility for the Sony hack. It is suspected North Korea is behind the attack, motivated by the upcoming release of the movie The Interview, but evidence also suggests the attack may have been motivated by the layoffs last year at Sony Pictures Entertainment because it appears the hackers had detailed insider knowledge of their net-work.

(Continued on page 4)

Volume 8, Issue No. 4

December 2014

Similar to wiper malware Shamoon and DarkSeoul, the Sony hack was a windows applica-tions to gain direct access to disk hardware with-out having to run in administrator mode.

It is no secret that Black Friday is one of the busiest consumer shopping days of the year. In 2013, the National Retail Federation (NRF) estimated there was over $57 billion in consum-er spending on Black Friday alone. While Black Friday’s surge in consum-er shopping has the largest impact on traditional brick and mortar sales, as many of the deals are limited to in-store purchases, the web and e-commerce continue to play a critical role. Despite the emphasis on in-store sales during Black Friday and dedicat-ing an entire “marketing holiday”, Cyber Monday, to online shopping, internet sales continue to grow on Black Friday. According IBM digital analytics, online sales on Black Friday rose 9.5% from last year, and a recent survey administered by the NRF indi-cated that over 47% of consumers expected to shop online during black Friday. Perhaps most importantly how-ever, the web provides a platform for Black Friday shoppers to browse deals, compare prices, and plan pur-

chases before they venture out into some of the most hectic shopping scenes of the year.

However, while Black Friday is recog-nized as a consumer shopping holiday, it isn’t intended solely for the benefit of consumers; the name Black Friday is derived from the increased sales and profits retailers experience on this day. Thus, companies like the consum-er electronics retailer Best Buy look to Black Friday as an opportunity to boost sales and begin the holiday shopping season with a strong start. Additionally, for Best Buy, a company that has seen its profits decline by nearly $8 billion over the last four years, Black Friday provides a chance to get back on track, making it all the more important. Considering the im-pact that Best Buy’s Black Friday re-sults could ultimately have on its fi-nancial wellbeing, in addition to im-portant roles of the web and ecom-merce that were outlined above, one would anticipate that Best Buy make the necessary adjustments to its own

Page 2

Black Friday and eCommerce

website in order to support increased traffic and help ensure a successful outcome on Black Friday. Best Buy ostensibly had other plans, and in one of the more notable events in the history of bad timing, Best Buy’s site went down for around 90 minutes on the morning of Black Friday. Shortly after, a Best Buy representative acknowledged the outage and at-tributed it to a “concentrated spike in mobile traffic”, stating that the site would be down until the proper ad-justments were made.

While we won’t really know the im-pact Best Buy’s blunder had on the company’s financials for a while, it is likely that it prevented the company from achieving the Black Friday re-sults that it had hoped for. Nonethe-less, it is reasonable to think that this entire occurrence could have been avoided with better analysis and plan-ning of expected web traffic and its source. More importantly, it depicts yet another e-commerce hiccup from a major retailer, a major trend over the last year. While not nearly as seri-ous as some the major data breach-es, such as in the case of Target or Home Depot, it still demonstrates that e-commerce as a channel contin-ues to be somewhat unreliable, and as consumers, there is still some rea-son for concern. While online sales continue to grow and companies con-tinue to allocate more resources to e-commerce sites and applications, one small decision or area of neglect could have severe consequences for an entire company, whether through lawsuits, loss of goodwill and reve-nue, or missed sales opportunities.

(Continued on page 5)

On the first day of classes, I walked into my intro to IT class with appre-hension. I was concerned that the class was going to be difficult due to my lack of knowledge in the subject. What I did not realize was how much this class was going to end up teach-ing me not only about the basics of IT, but also what a career in the IT field would be like.

During the first class, the professor described to us a semester long group project. The end product of the project was a Microsoft Access data-base for a company located in the Milwaukee area. Some of the projects involved creating a database from scratch, while other projects required a complete database redesign of a current database. Projects included creating a database for drug and con-traceptive use at the Aids Resource Center of Wisconsin, a database for the Notre Dame Middle School rec-ords, a customer relationship man-

agement database for the Wisconsin Green Building Alliance, a tracking system for Our Space, as well as a system for tracking donation for Habi-tat for Humanity. This project exposed us to “real life” companies in Milwau-kee, taught us about the IT consulting process, and allowed us to apply our classroom knowledge to an actual project.

When the project was first described it seemed daunting and near impossi-ble. It was one of the first semester long projects that I had ever been assigned, with a group of people that I was unfamiliar with. No one in my group had ever used Microsoft Ac-cess before and we were all unclear about what exactly this project would entail. Additionally, the thought of disappointing not only our professor but, a social organization in Milwau-kee was a little intimidating. Despite our worries, by following the monthly reports and requirements, we were

Going Beyond the Classroom able to create a great final product from concept to design to prototype for the organization with the with the help of our professor’s support and encouragement throughout the pro-ject. During the semester, this project made us realize that through the pro-ject we were not only learning valua-ble information for professional use, but we were given the opportunity to make a difference in our community.

The database project was one of the most beneficial learning experiences I have had here at Marquette. This project really combined classroom and hands on learning by giving us the opportunity to apply our knowledge. I was introduced to the consulting process, and worked thor-oughly through the steps of that pro-cess. In particular I learned how to interact with a client, transform client wants/needs into system require-ments, and explained and trained a staff using non-technical terms.

Throughout the semester, the teams met with their clients a minimum of three times. For each of these meet-ings, we were expected to find and coordinate a time to meet, prepare our questions ahead of time and send the questions to the client in advance, and then lead the meeting in a professional manner. The meet-ings for this project drastically im-proved my ability to prepare for and conduct future business meetings.

During our client meetings, detailed notes of the client responses to our questions were taken down to ensure that we had the information neces-sary to create the database that they wanted. These responses described the database and system require-ments that the client was looking for. After the client meetings, teams would meet to go over the client needs and transform them into sys-tem requirements.

Finally, when the entire database was completed, teams visited the client

(Continued on page 6)

VOL UME 8, ISS U E 3 Page 3

IT HELP

The database project was one of the most beneficial learning experiences I have had here at Marquette. This project really combined classroom and hands on learning by giving us the op-portunity to apply our knowledge.

Five days after the hack Sony Pic-tures Entertainment was still crippled; phone systems and email were still down, and every computer connected to the network had been rendered unusable. With no immediate contin-gency plan, employees explained they had resorted to using white boards to do their work and find solutions to recover from the hack. Hackers have used file sharing networks to dissemi-nate five movies and confidential Sony documents online in the weeks since the hack, including email corre-spondences, movie scripts, salaries and other private information.

News outlets and bloggers have re-ported as new information and con-tent gradually becomes leaked online. Legally, reporters and blog-gers have the right to report any infor-mation they find newsworthy; howev-er, many people have accused report-ers and bloggers of reporting too many details from the hack. The pub-lic has a right to know a major corpo-ration has been hacked, but many question if it is necessary to include screenshots of stolen documents within news stories.

A similar debate occurred after the Apple iCloud this year; does extensive news coverage go too far and encour-age people to look for stolen media

(Continued from page 1) they may not have found otherwise? Unfortunately larger hacks are be-coming more common place, and it will be important for reporters and bloggers to find the most ethical and effective way to inform the public while also respecting the victims of cyber-attacks.

Ultimately networks can be restored and backed up files can be recov-ered, but trust in a company and pro-fessional relationships built over a lifetime and can be destroyed in an instant.

As business students in IT, the Sony hack reinforces many important les-sons. A number of leaked emails from Sony executives have included offensive comments, in some cases insulting close business partners. The “Front Page of the Newspaper Test” has never seemed so relevant; considering how friends and family would respond to a business deci-sion, or something put in writing, if it was printed in the front page of the

paper, or included on the home page of a website, is critical because hacks and leaks increase the risk of private conversations being revealed to the public. Creating contingency plans are necessary for any business. Large corporations are not the only targets of hackers; a 2012 Data Breach Investigation Study by Verizon found that 71% of data breaches oc-curred in business with less than 100 employees. Regardless of the indus-try or size of the company, a hack is a business risk that needs to be taken seriously and students must be pre-pared to respond responsibly in the event they are victims of a cyberat-tack.

~ Sean Murphy, co-VP of Websites

Sony Hack (cont’d)

Page 4

… 71% of data breaches occurred in business with less than 100 employees.

References: www.forbes.com/sites/cherylsnappconner/2013/09/14/are-you-prepared-71-of-cyber-attacks-hit-small-business/ www.vox.com/2014/12/14/7387945/sony-hack-explained arstechnica.com/security/2014/12/sony-pictures-malware-tied-to-seoul-shamoon-cyber-attacks/

Black Friday (cont’d)

For the first time on Thanksgiving, online traffic from mobile (52.11%) was higher than that from desktop (47.62%). …. US Retail online sales were up 14.28% on the previous year and mobile sales increased from 25.69% in 2013 to 32.33%.

Source: www.extravision.com/blog/mobile-web-traffic-surpasses-desktop-on-thanksgiving/

The only solution is through more careful planning and implantation of these e-commerce solution, as well as tighter security and quality con-

(Continued from page 2) trols. While this is obviously much easier said than done, these gaffes are occurring more and more fre-quently, and as the role of e-commerce in business evolves, they will likely continue occurring until

something changes or these issues get the attention they warrant.

~ Alex Mueller, co-VP of Websites

VOL UME 8, ISS U E 3 Page 5

again to bring them the database and user manual, as well as conduct a da-tabase training. This training session forced us to explain the database, that we had been talking about in technical terms for a whole semester, in every-day terms rather than technical terms.

Through the hours and hours of meet-ings, preparation, report writing, data-base creation, editing, problem-solving, and frustration, this project provided so many learning opportunities. With this project, we improved our writing and communication skills through the meetings, report writing, and database training sessions. Working in a group not only gave us the opportunity to make new friends, it allowed us to learn to utilize each of our group mem-bers strengths. The database project was extremely time consuming, which forced our group to be more prepared

(Continued from page 3)

for meetings, and more efficient dur-ing our group time. Building this data-base gave us the opportunity to work with an organization in the area, gain professional experience as well as help the company. Projects like this are what sets Marquette apart and really allows their students to Be The Difference.

~ Amanda Berghuis and Danielle Theis

Beyond Classroom (cont’d)

Amanda is a junior major-ing in IT and Marketing. She is from West Chester, PA.

Danielle Theis is a junior majoring in IT and OSCM. She is from Stillwater, MN.

Page 6

Through the hours and hours of meetings, preparation, report writing, database creation, editing, problem-solving, and frustration, this project provided so many learning opportunities.

VOL UME 8, ISS U E 3 Page 7

Announcements

More articles in previous issues of ITSO Good.

www.mu.edu/~owt/ITSO/ITSOV8No1.pdf www.mu.edu/~owt/ITSO/ITSOV8No3.pdf www.mu.edu/~owt/ITSO/ITSOV8No2.pdf

Suggestions Would you like to write an article for ITSO GOOD or do you have topics that you’re interested in seeing ? Contact the Co-Editors: ahmed.hollowell@mu.edu or jennifer.sotis@mu.edu

Executive Board (2014-2015) Co-President: Aiman Abdul Rahman Co-President: James Masterson Co-Editor: Ahmed Hollowell Co-Editor: Maia Sotis Co-VP of Website: Alex Mueller Co-VP of Website: Sean Murphy VP of Programs: Haley Loprieno VP of Finance: Zhiwen Jiang VP of Publicity: Jaclyn Pesut VP of Membership: Matthew Do-malewski

Page 8

Recruiting Zone This newsletter is available for job or in-ternship posting. Please contact the Co-Editors ahmed.hollowell@mu.edu or jennifer.sotis@mu.edu

Thinking of Joining ITSO? Contact the Co-Presidents and enquire about joining ITSO and signup today.

Suggestions Would you like to write an article for ITSO GOOD or do you have topics that you’re interested in seeing ? Contact the Co-Editors: ahmed.hollowell@mu.edu or jennifer.sotis@mu.edu

Executive Board (2014-2015) Co-President: Aiman Abdul Rahman Co-President: James Masterson Co-Editor: Ahmed Hollowell Co-Editor: Maia Sotis Co-VP of Website: Alex Mueller Co-VP of Website: Sean Murphy VP of Programs: Haley Loprieno VP of Finance: Zhiwen Jiang VP of Membership: Matthew Do-malewski

ITSO Website: www.marquetteitso.org

Happy Holidays