INDIVIDUAL ASSIGNMENT

CT104-3-1-IIS-T-1

INTRODUCTION TO INFORMATION SYSTEM

APU1F2209IT

HAND OUT DATE: WEEK 2

HAND IN DATE : WEEK 12

WEIGHTAGE: 30%

NAME : CHIN ZHE GABRIEL

STUDENT ID : TP064294
ASSIGNMENT : INDIVIDUAL ASSIGNMENT
LECTURER : KHURSHID BEGUM BINTI ABDUL
JABBAR
CT104-3-1-IIS-T-1 INDIVIDUAL ASSIGNMENT

Table of Contents
1.0 Introduction..................................................................................................... 3
2.0 Security problem.................................................................................................. 4
2.1 Preventive measure and improvement............................................................5
2.2 Reason for recommendation............................................................................6
3.0 Privacy problem....................................................................................................7
3.1 Preventive measure and improvement............................................................8
3.2 Reason for recommendation............................................................................9
4.0 References........................................................................................................... 10

2
CT104-3-1-IIS-T-1 INDIVIDUAL ASSIGNMENT

1.0 Introduction

The Grab app is a mobile application that can easily book a ride, place orders from
your favourite restaurants, arrange for delivery, and even securely pay for services
with just a few taps on your smartphone. It has emerged as major concerns for both
users and businesses in the rapidly evolving world of technology and digital services.
This report intends to examine Grab's Security and privacy concerns. Although Grab
provides many conveniences and benefits, there are also possible security and privacy
risks that need to be considered.

3
CT104-3-1-IIS-T-1 INDIVIDUAL ASSIGNMENT

2.0 Security problem

Grab takes full responsibility and aims to uphold the best reputation when it comes to
its security measures. But with millions of data that Grab needs to handle all the time,
an error in safeguarding everybody’s information is bound to happen.

One security problem that has caused problems within the Grab community is Data
breaches. This happens when companies fail to secure confidential information and
exposes it to an unauthorized person. Despite Grab taking measures to prevent data
breaches, there are always risk where unauthorised people attempting to access Grab’s
systems and steal user data, such as card details and transaction details.

Looking into the history of data breaches occurred, one particular event was due to a
technical error tied to a buggy update. This led to the leaking of personal information
about Grab users and drivers. This mistake caused users profile to be viewed by other
individuals for an hour, this includes their profiles, wallet balance, transaction history,
ride orders and car plate numbers. Although this data breach was not intentionally
caused by a malicious individual, this slip-up could cause unauthorized personnels to
steal or even use the information for bad intentions. On another occasion, Grab found
itself in hot water when it was fined with US$11,700 when it failed to contain over
100,000 marketing emails being sent out that holds user data like their names and
phone numbers. (Yu, 2020)

4
CT104-3-1-IIS-T-1 INDIVIDUAL ASSIGNMENT

2.1 Preventive measure and improvement

On security problems, Grab can put in place a number of measures to strengthen the
security of user data and guard against unauthorised access in order to prevent and
improve data breaches in Grab.

It can conduct thorough security checks, including penetration testing and

vulnerability assessments, to find and fix any system flaws or vulnerabilities. Regular
assessments can aid in locating potential points of entry for attackers and ensure that
these are quickly fixed. Besides that, Grab can inform staff members of data security
best practices and the value of protecting user data. Training sessions ought to go over
issues like phishing awareness, password hygiene, and secure information handling.
Because most data breaches issues in Grab happened because of self-imposed
technical mistakes, implementing these measures would best help the company.

By implementing these measures, Grab can proactively find security holes that
malicious actors might exploit by conducting thorough assessments of the network,
applications, and data storage. This enables Grab to take the appropriate corrective
action and put in place the required security measures to reduce the risk of data
breaches. (Cynet, 2023)

5
CT104-3-1-IIS-T-1 INDIVIDUAL ASSIGNMENT

2.2 Reason for recommendation

The reason I chose thorough security checks is Grab can evaluate its security controls,
network architecture, and data protection measures by conducting routine security
checks. These audits assist in locating system flaws, out-of-date security protocols,
and possible points of entry for attackers. Grab can improve its security posture and
lower the risk of data breaches or unauthorised access by promptly addressing these
problems. Besides that, training courses like handling sensitive data safely, and
adhering to the right data access protocols. Employees who have received proper
training are more likely to follow security procedures, which lowers the risk of
internal security incidents and unintentional data breaches.

6
CT104-3-1-IIS-T-1 INDIVIDUAL ASSIGNMENT

3.0 Privacy problem

With Grab’s expansion into a large portion of Southeast Asia, and going public in the
regional cities, it has raised many profits and also went through upgrades. The
company has faced many difficulties over the past years, not the least of which has
been a string of privacy violations.

A problem that Grab has with privacy is the data sharing with Third Parties. Privacy
issues may arise due to the volume of data shared, the reasons for sharing, and the
degree of user control and consent over such sharing.

One particular incident that happened was that some GrabHitch drivers were caught
having disclosed personal information of their passengers on social media. People
might blame that a disciplinary issue is at fault as Grab fails to prevent this from
happening because they are not giving the third parties a proper training. However,
Grab was not given a penalty following the incident, and the disclosures of
information from third parties are still at risk. (Wong, 2020)

7
CT104-3-1-IIS-T-1 INDIVIDUAL ASSIGNMENT

3.1 Preventive measure and improvement

Moving on, privacy problems on data sharing with third parties can be prevented by
using data encryption. Grab can Use secure file transfer methods like SFTP (SSH File
Transfer Protocol) or FTPS (FTP over SSL) instead of standard FTP when sending
sensitive data-containing files. Data in transit is encrypted using these protocols,
which also offer more reliable authentication procedures. Moreover, To protect data,
there are numerous different encryption techniques that can be utilised. For example,
the symmetric encryption algorithm known as AES (Advanced Encryption Standard)
is regarded as being exceptionally safe. Governments and companies all over the
world use it to safeguard sensitive data. An asymmetric encryption algorithm called
RSA (Rivest-Shamir-Adleman) is employed when two parties exchange keys. For a
more secure solution, it is frequently used in conjunction with other encryption
techniques. (Fortra, 2023)

8
CT104-3-1-IIS-T-1 INDIVIDUAL ASSIGNMENT

3.2 Reason for recommendation

Having a thorough assessment on vendors is essential because partners and third-party

vendors frequently have access to sensitive user data. Grab can make sure that its
vendors have the necessary data protection measures in place by performing thorough
due diligence. By doing this, the chance of data breaches or unauthorised access to the
vendor's systems is reduced. An additional layer of assurance for users and
stakeholders is provided by vendor due diligence, which helps guarantee that vendors
adhere to Grab's data protection and privacy policies.

9
CT104-3-1-IIS-T-1 INDIVIDUAL ASSIGNMENT

4.0 References

Yu, E. (2020, September 16). Grab must review data policies following security

breaches. ZDNET. https://www.zdnet.com/article/grab-must-review-data-

policies-following-security-breaches/

Auto, H. (2020, September 17). Grab fined $10,000 for fourth data privacy breach in

S'pore in two years. The Straits Times.

https://www.straitstimes.com/tech/grab-fined-10000-for-fourth-data-privacy-

breach-in-two-years

Ikeda, S. (2020, September 17). Fourth Privacy Breach in Two Years for Grab; Given

Low Fines, Does the Company Have a Reason to Care? CPO Magazine.

https://www.cpomagazine.com/data-protection/fourth-privacy-breach-in-two-

years-for-grab-given-low-fines-does-the-company-have-a-reason-to-care/

#:~:text=Grab's%20history%20of%20privacy%20breaches&text=The

%20exposed%20information%20included%20profile,data%20protection

%20by%20design%E2%80%9D%20policy.

Cynet. (2023, May 2). Unauthorized Access: 5 Best Practices to Avoid Data

Breaches. https://www.cynet.com/network-attacks/unauthorized-access-5-

best-practices-to-avoid-the-next-data-breach/

How to Choose the Right Encryption Method for Securely Exchanging Files. (n.d.).

https://www.goanywhere.com/resources/videos/how-to-choose-the-right-

encryption-method-file-exchange

10