Expression in music is crucial, yet little is known about teaching music students how to acquire and improve this skill. Expression is what makes or creates new and insightful interpretations of common pieces. How well this skill is demonstrated makes the audience choose one musician over another. Unfortunately, most of the teaching focuses much on the technique of using an instrument rather than the expression. The same observation is seen in music instrument books where little or little is covered on the expressive aspects, further raising the question of whether it should be taught in class or ignored altogether. It can be argued that the mastery of playing expressively is a skill that manifests the musical talent of the musician, which cannot be learned. More so, knowledge about expression is implicit thus complicated to describe or deliver in words, making it challenging to teach in class.
Previous research underemphasized the teaching degree of expression since it is purported to be tacit. According to Karlson and Juslin (2008), music has the potential to elucidate and express various emotions and thoughts based on the performer. The emotional aspects and devices used can mimic life (Bonastre, Muñoz, & Timmers, 2017). Musical expression is a critical element of a musical performance that influences and affects the audience’s perception (Karlsons and Juslin, 2008). Meissner (2021) also supports the idea and states that expressivity in music is critical in enhancing the playing and listening experience of the audience. The expressive skills of musicians are the basis of the audiences preferring one artist over another. Meissner & Timmers (2019) posit that expressiveness is applied in defining the process a performer uses to identify and manipulate the moments in music. The authors further orate that musical expression allows the music to make sense to the audience. According to Karlsson and Juslin (2008), extensive research indicates that both music teachers and students believe that musical expression is essential. The authors further posit that little information is available concerning the teaching technique despite its importance. Therefore, a musician must master the ability of emotional expression. Brenner & Strand (2013) share the same opinions but further orate that teachers often neglect the aspect despite the importance of musical expression in performance.
The sentiments are echoed by Bonastre et al. (2017), who states that despite the importance of music expression, which automatically creates the idea that music teachers devote more time to ensure students develop the skill, evidence indicates that this is not the case. The sentiments are shared by Karlsson and Juslin (2008), who orate that despite its importance, little information is available concerning the teaching technique for music expression. Knowledge is critical in developing the teaching process, which will impact the students’ performance. Indeed, in the recent past, there has been growing interest in research concerning teaching in music which is essential in providing more insight into learning and influencing the outcomes of instrumental music learners. According to Meissner (2021), research needs to be conducted to identify effective methods that will assist students in learning expressiveness. However, McPhee (2011) posits that the research in this area has mainly focused on music teachers who self-taught in music pedagogy. Therefore, the focus has been on the teachers’ practice rather than a consideration of its educational outcomes. McPhee states that the most collective limitation of the teachers was the lack of planning and course. The author notes that teachers failed in the interpretation and musical expression. Brenner and Strand (2013) also posit that teachers often neglect music expression.
Similarly, Karlsson and Juslin (2008) state that instrumental teaching mainly focuses on technique rather than expression. Consideration on teaching music expression has been limited, and McPhee (2011) and Brenner and Strand (2013) state that this explains the reason for the skill being acquired late in the music development. Meissner (2021) further supports this and posits that there is less attention given to expressiveness and communication lessons when teaching instrumental music. Musical participation for most students focuses on the technical and thus creates insufficiencies in developing meaningful interaction with music. Meissner & Timmers (2019) take this further and state that the deprivation could contribute to ceasing music interaction. Ivaldi (2016) agrees with Karlsson and Juslin (2008) that the main contest in research has been the ability to tap into the intricate forces of the teaching process.
Fabian 2014 et al. and Meissner (2021) state that expert musicians use a variety of expressive tools to convey their expression of music work. The expressive tools used include the ancillary gestures, articulation, tempo, timing, intonation, among other music elements. The sentiments are echoed by Gabrielsson (2003), who states that musicians can influence various performance topographies to effectively and efficiently communicate phrases and harmonic structures. According to Brenner & Strand (2013), Bonastre et al. (2017), and Meissner & Timmers (2019), it is essential to consider music as an intellectual narrative with a character. This will help the performer devise structures that are perceived in music to solve a sequence of expressive problems, consequently creating a definitive performance. Therefore, modulation of various expressive devices can mould the discernment of emotion in music. However, Gabrielsson (2003) states that the awareness of emotion in music is based on the interaction of the ability of music to express itself and the influence of the contextual information on the mind of the listener. Meissner (2021), conversely, notes that despite the plausibility of the idea, it cannot be useful for the instruction of teaching and learning expressiveness. Thus, learners require metaphors denoting emotions, moods, or characters to develop their understanding and elucidation of the works they study.
Fabian et al. 2014 state that expressive music performance is categorised by expressive intensity and musical tension. Meissner (2021) supports the idea by stating that musicians can practice a sense of forwarding movement when playing if the music has a track and the performance is going well. On the contrary, if the expression fails, the musicians may feel that the music is static, and both the performer and the listeners can lose focus. Therefore, the tension of music and the forward movement had a significant influence on the perceived expressive intensity of a performance.
Brenner and Strand (2013) highlight a significant gap in the literature concerning expression, which fails to provide the meaning of the term. In the same regard, Meissner & Timmers (2019) point out that research treats expression as a single unit, and the quality is considered vaguely mysterious. Mcphee (2011) shares the same sentiments and states that research on music expression fails to focus on the consideration of whether the students have an understanding of what it means or what they are doing. The lack of serious consideration of the aspects being expressed and how they are expressive provides a false illusion that there is just a single way of performing expressively. Therefore, it is evident that teachers have significant shortcomings in teaching interpretation and expression.
According to Meissner & Timmers (2019), music expression being neglected in teaching could be linked to the idea that it is a talent and, therefore, innate. Meissner (2021) supports the vision and states that teaching expressiveness is complex since the knowledge is intuitive. Karlsson and Juslin (2008) state that the most important things to learn are also the most difficult to teach and point out that books for teaching music instruments do not include expressive aspects as part of the syllabus. Brenner & Strand (2013) share the same sentiments but further state that the skills and knowledge to perform are considered more implicit than the obvious, and it is thus challenging to convey. This brings about a significant debate concerning the strategies that should be applied to teach expressivity and ensure students better understand the concept. Therefore, they can easily employ it. Karlsson and Juslin (2008) posit that a significant debate among music teachers has been on the best strategies to teach expressivity or whether it should be taught at all. According to Mcphee (2011), the success of teaching music expressivity is dependent on motor production. Music expression is someone dependent on the experience achieved by a musician so the physical skills can become fully automated in the motor memory.
Therefore, it is challenging to teach music expression when basic skills are being learned. However, Karlsson and Juslin (2008) state that implicit strategies may be less effective in teaching expressiveness. McPhee 2011 states that it seems complicated for a master model to be used as a strategy for enabling students to create personal meaning to the making of their music. Moreover, many students may question the essence of their musicality if the teachers mainly focus on the method at the cost of the meaning of music. This further highlights the importance of teaching music expression. Therefore, Mcphee 2011 and Meissner (2021) recommend that music teachers refocus their teaching strategies to support the students in the hearing, interpretation, and creation of musical expressions of emotions.
According to Brenner & Strand (2013), teachers apply a variety of strategies in teaching music expression. The authors, however, state that the choice of techniques used had little importance in ensuring students acquire a proper understanding of the style. Meissner (2017), Brenner & Strand (2013), Meissner & Timmers (2019) share the same opinion, but further state that the inclusion of strategies that focus on ensuring young learners can create and attach personal meaning in the making of their music can be very beneficial to the art of teaching musical expressions. Researchers and music teachers must address these issues for practical application of strategies for teaching expressiveness which will positively impact the performance of instrumental students in teaching.
Brenner & Strand (2013) orate that the strategies available for teaching music expression include the choice and use of vocabulary, the numerous forms of modeling, and the general organization and application approaches. Teachers use metaphors, aural modeling, verbal direction, and a focus on the emotions felt to provide students with information concerning musical expression. Bonastre et al. (2017), on the other hand, are of the opinion that heightened groupings and accent patterns positively impact the performance of a music structure, making it more expressive. Learning and experience in music are essential in allowing the performer to make decisions on the performance of accents and groupings (Brenner & Strand, 2013). However, Meissner, H. (2017) has a contrary opinion where he states that deviations in the dynamics, articulation, and tone quality might be termed as mistakes by the audiences rather than expressive gestures. In contrast with Bonastre et al. (2017), Meissner (2021) denotes that it is impossible to have one single prototypical presentation of a composition. Fabian et al. 2014 supports the sentiments and explains that it is because there can be different appropriate interpretations within stylistic constraints. Therefore, teachers should encourage students to imitate and advance their understanding of a musical work, which varies subject to the situation and the performer. Gabrielsson (2003) states that teachers must assist their learners in developing a sense of expressiveness during the learning process. The theory and practice of teaching expressiveness are predisposed by the understanding of music, its elucidation, and performance. Meissner (2021), therefore, states that it is essential to ensure there is an understanding of the concepts. Gabrielsson (2003) refers to a previous study that postulated that children who lacked explicit instruction had limited knowledge of their music and did not consider the aspects of expressionism. Therefore, teachers need to ensure they effectively guide their students to polish their performance. Mcphee (2011) supports the same sentiments with his study, mainly focused on high school students. He, therefore, states that for music students in high school, it is easier for them to understand the difference in expression when playing two different instruments. Still, the consideration of expressivity achieved by their performance takes time, and some students only pick it up later.
According to Meissner & Timmers (2019), the dimension to be addressed in helping students develop skills in music expressionism are essential questions that need to be addressed. The sentiments are shared by Meissner (2017), who states that the lack of explicit meaning attached to expressiveness makes it difficult for teachers to determine the areas that should be covered when helping learners to develop the skills when performing. Brenner & Strand (2013) also states that there are significant questions that are linked with the focus areas teachers are required to consider and the dimensions that are readily available to children. The authors, therefore, indicate the existence of issues with determining the appropriateness of a teaching strategy to a group of learners, which is influenced by the age of the learners. Additionally, Meissner (2017) posits that there is a significant issue related to the relationship between the definition of music expressiveness by practitioners and the one derived from research sources. Meissner & Timmers (2019) also purport that the existing disconnect between the beliefs of teachers and their pedagogy indicates significant gaps that should be addressed to have a better understanding of the teaching practice.
Ivaldi (2016) states that conversation analysis should be applied in achieving micro-analysis of the composite nature of the music lesson interface. The methods use both psychological and sociological tactics to language and social relations based on the structure of a conversation, its organization, and the student’s response. The method will be effective since it involves communication, and thus it is less vulnerable to the over-interpretation of data. Meissner & Timmers (2019) state that technique, interpretation, and creativity are central to the content teachers apply in instructing the students. Content analysis will therefore be a practical theory used in formulating effective strategies for teaching expressivity. Conversation analysis is an effective strategy that will allow us to see how learning and performing are rooted in the structure of the pedagogical interaction. Ivaldi (2016) further states that conversation analysts are concerned in data collected without researchers’ interference. Therefore, the data is collected from mundane settings, and thus, it can provide accurate data on the teaching of music expression. The sentiments are supported by Gabrielsson (2003), who stated that positive assessment could influence the interaction between students and teachers. Contrary to these sentiments, Bonastre et al. (2017) state that students may interpret teachers’ assessment delays as a negative evaluation, and repeated questions indicate a failed answer. Ivaldi (2016) highlights a significant issue with the distinction between understanding and knowing. Teachers provide a positive evaluation based on the students’ demonstration of knowing in distinction to their considerate and doing, resulting from negative assessments (Meissner & Timmers 2019).
Teachers can re-enact students’ performance and can therefore effectively provide feedback on the areas that require improvement. It is paramount for the bodily quotations to be displaced immediately after the improper presentation, encouraging modification in the consequent version (Gabrielsson, 2003). The student’s response to the bodily corrective will then provide the teacher with information on whether the student acquired an understanding of the instruction. Ivaldi (2016) posits that the interaction during a music lesson offers a wide range of pedagogical practices that can be studied. He further states that conversation analysis provides an opportunity to analyse each technique and identify its differences. McPhee (2011), on the other hand, highlights the shortcomings of the teachers where he states that instrumental teachers fail in providing students with strategies that enable them to understand and generate expressive interpretations that are important to themselves. Meissner & Timmers (2019) argue that teachers do not address all realms of musical expression, and creativity is of least addressed during instructions concerning the structure of music.
Expressiveness is considered necessary, but the techniques applied in teaching students vary based on the teachers’ pedagogy and the student’s response to the instructions provided (Bonastre et al. 2017). Meissner (2017) states that expressivity is the student’s bodily fluidity of movement and the degree of connectedness to the device. The most accessible instrument that expressivity can be practiced is mainly considered to be the voice since it is within the body. Brenner & Strand (2013) support the idea that they purport that a musically expressive body is connected to the instrument. Thus, it is essential to teach the lesson as early as possible. Similarly, Gabrielsson (2003) discourses that physical freedom needs to be developed for the audience to connect with the music. Therefore, teachers must ensure they apply strategies that will assist students in developing physical independence.
Research in the area would effectively define expressivity and develop theories that can guide teachers in teaching expression. This would also be effective in devising strategies that are effective in teaching expressivity that can be applied by all teachers and have guaranteed success for learners of all ages and instruments. Research would also be effective in describing the nature of the existing teaching strategies to determine the merits and demerits of each. This would effectively address the current gaps in literature while ensuring that the approach applied would be beneficial to both the students and their teachers. The improvement of music expression teaching depends on obtaining the information concerning the current techniques applied.
Nonetheless, the literature gap is highlighted by the scarcity of information regarding the strategies applied in teaching expressive music performance. There is a need for further research to clearly explain the meaning of music expressivity, especially for instrumental students. Students and teachers both require a clear understanding of its definition and components for them to integrate it into their performance effectively. Teachers should also pay more attention to teaching expression during the initial stages of learning to allow the student to achieve healthy growth. It is also evident that younger students have a more challenging time understanding the meaning of expressivity and its importance in performance which could be influenced by the motor skills and memory at that level. Therefore, research should focus on providing information on the most effective techniques that can be applied by music teachers who are dealing with children and young adults. All aspects of music should be learned as a process. Various theories should be applied to guide the teaching process and ensure music expression is given as much attention as the technical aspect of learning an instrument. Additionally, it has been highlighted that there is a need for music teachers to provide their students with enough room for making their musically expressive selections rather than dictating the tactic to a student.
Bonastre, C., Muñoz, E., & Timmers, R. (2017). Conceptions about teaching and learning of expressivity in music among Higher Education teachers and students. British Journal of Music Education, 34(3), 277-290.
Brenner, B., & Strand, K. (2013). A case study of teaching musical expression to young performers. Journal of Research in Music Education, 61(1), 80-96.
Fabian, D., Timmers, R., & Schubert, E. (Eds.). (2014). Expressiveness in music performance: Empirical approaches across styles and cultures. Oxford University Press, USA.
Gabrielsson, A. (2003). Music performance research at the millennium. Psychology of music, 31(3), 221-272.
Ivaldi, A. (2016). Students’ and teachers’ orientation to learning and performing in music conservatoire lesson interactions. Psychology of Music, 44(2), 202-218.
Karlsson, J., & Juslin, P. N. (2008). Musical expression: An observational study of instrumental teaching. Psychology of music, 36(3), 309-334.
McPhee, E. A. (2011). Finding the muse: Teaching musical expression to adolescents in the one-to-one studio environment. International Journal of Music Education, 29(4), 333-346.
Meissner, H. (2017). Instrumental teachers’ instructional strategies for facilitating children’s learning of expressive music performance: An exploratory study. International Journal of Music Education, 35(1), 118-135.
Meissner, H. (2021). Theoretical framework for facilitating young musicians’ learning of expressive performance. Frontiers in psychology, 3721.
Meissner, H., & Timmers, R. (2019). Teaching young musicians expressive performance: an experimental study. Music Education Research, 21(1), 20-39.
ExxonMobil And Climate Change Sample Essay
ExxonMobil is an American oil and gas company. For the longest time, the company has been involved in controversies about climate change, notably its denial of its impact as an oil company on climate change. This can be considered deliberate as ExxonMobil is alleged to have been actively involved in climate research since the 1970s. The company later began advertising, lobbying, and giving grants to deny the evidence of the human factor in global warming to delay acceptance of and action against global warming. Curry asserts that Exxon collaborated with universities and has been a significant player in the denial of climate change between the 1980s and the mid-2000s when it worked to fight global warming regulations. The goal was to influence public opinion against scientific claims that the burning of fossil fuels was directly linked to climate change. In this letter, I argue that ExxonMobil intentionally denied oil companies’ contributions to global warming, which impacted passing policies aiming for alternative fuel sources.
Climate Change Research
Before the merge, Exxon had pursued research to understand whether its products were causing global warming from the late 70s through the 80s. Exxon funded research to counter scientific evidence that supported the impact of continuous use of fossil fuel products and advanced a view for carbon dioxide expertise. This did not stop even after the merging of Exxon and Mobil into ExxonMobil as academic collaborators and researchers, with dozens of articles backing its denial of climate change (Hall). As early as the 70s, there was a consensus among scientists that human actions were a leading cause of increased carbon dioxide in the air, thus driving global warming. One of its research projects aimed to assess the rate at which the ocean was absorbing carbon dioxide. The company designed a laboratory and installed sensors on one of its largest supertankers, the Esso Atlantic, to undertake this research. Its findings showed that carbon dioxide was increasing in the atmosphere, which would directly cause a rise in the global temperature due to the trapping of heat.
This knowledge did not stop the company from spending decades counteracting the publicly agreed evidence of global warming and even misrepresenting climate change information. Hall notes that the company was aware that accepting that its products were causing a problem would affect its profits. As a result, they endeavored to spread misinformation that contradicted the consensus that global warming was occurring. However, ExxonMobil has claimed that all of its early statements were too ambiguous to be considered conclusive. The company intentionally aimed to counter any argument supporting global warming as a measure to ensure its investments remained profitable. ExxonMobil even designed a Global Climate Coalition to assess whether concerns about global warming were viable, although it was dismantled later (Goldenberg). Every action that the company took against global warming had a detrimental impact around the globe. For instance, the US and other countries, such as India and China, failed to sign climate change treaties since it was not clear whether fossil fuels were a significant contributor.
Funding Climate Change Denial
ExxonMobil stands as the most active oil company in the debate concerning climate change. For instance, while other companies were looking for ways to adopt renewable energies such as solar and wind to reduce their reliance on fossil fuels, ExxonMobil stood its ground. It even looked for ways to increase its production. Curry adds that the company employed most of the tactics and approaches used by the tobacco industry to deny the link between smoking and lung cancer. The company played a central role in advancing climate change denial in the US and globally. For instance, the Kyoto protocol was created, which aimed to convince states parties to lessen their greenhouse gas emissions based on evidence that human actions such as burning fossil fuels were a significant contributor to global warming. ExxonMobil financed organizations against the Kyoto Protocol and worked to disrupt any consensus on the link between fossil fuels and global warming. Goldenberg adds that ExxonMobil, in general, sent about 33 million dollars to support lobbyists and advocacy groups that dispute the human impact of global warming to create doubts. Most of these advocacy groups misrepresented the climate change scientific evidence by outright denying the evidence that human actions were causing global warming, which they did not believe.
The company also directed some of its investments to think tanks to create doubt and influence public opinions on the need for the government to take action that targeted the use of fossil fuels. Such actions were seen as dangerous to the economy. In 2008, the company agreed to reduce its funding to various public policy research groups that supported its endeavors to discredit the impacts of fossil fuel claims by diverting attention from the recommendations to adopt alternative energy sources to lessen reliance on fossil fuels. Despite its pledge to cut support to such organizations, ExxonMobil has continued being a leader in funding denying climate change. Goldenberg demonstrates that ExxonMobil is still active in its efforts to combat climate change. It has granted more than 2.3 million dollars to congress members and corporate advocacy groups that deny climate change claims and stymied climate change efforts. However, covert support for climate change skeptics appears hypocritical, given that ExxonMobil spent a lot of money on advertising that portrays it as an environmentally responsible company.
Lobbying groups and state-level Republicans are a significant hindrance to enacting climate change policies. State and federal regulation’s effectiveness in advocating for alternative energy sources and planning for future catastrophes due to extreme weather are practically halted by the actions of these groups. According to a series of reports by Inside Climate News based on years of investigation, the company was at the forefront of climate research and, without disclosing what it learned, worked to deny climate impact, casting doubt on the scientific consensus that scientists had confirmed. However, the company has publicly denied this, noting that these reports were based on biased remarks from its workers and refuted assertions that it disagreed and fought scientific research in favor of climate change denial. According to Schwartz, Mobil subscribed to the regular Thursday advertorials that gave public information on climate change as an unresolved issue between 1989 and 2010.
Lobbying Against Emissions
Global oil giants are identified as leaders lobbying against policies that focus on climate change. Social media has effectively pushed their agenda to the masses by weakening and opposing meaningful policies targeting the reliance on fossil fuels. For instance, it spent about 2 million dollars on targeted Instagram and Facebook ads during the 2018 US midterm election to promote the economic importance of fossil fuels. Although they have publicly backed climate action, they are known to lobby against binding policy. ExxonMobil has been actively influencing public opinion on the climate change issue. Schwartz notes that Lee Raymond, who headed the company between 1993 and 2006, actively advocated against policies that supported climate change. The company’s effectiveness can be attributed mainly to its financial strength. ExxonMobil has a lot of influence on the government and climate change policies, making it hard to protect the environment.
Climate Change’s Impact
The environmental impact of fossil fuels cannot be denied. The greenhouse gases produced are directly linked to increased global temperature due to their ability to trap more heat in the atmosphere. Scientific evidence shows that the average global temperature has risen by about 2 degrees Fahrenheit in the last century. A change of two degrees in the average temperature of the world can have potentially dangerous changes in the world’s climatic pattern. For instance, many regions have experienced changes in their rainfall patterns, leading to heavier rain, floods, or drought. The impact on the ozone layer, which greenhouse gases can easily damage, results in severe and more frequent heatwaves. Nunez highlights that climate change impacts every living organism due to changes in their habitats. The oceans and glaciers have changed. Seas are rising due to ice caps melting and warming and becoming more acidic. This shows that actions need to be taken to prevent more changes from beginning to surface from becoming more pronounced in the coming decades. If nothing is done, the continuous use of fossil fuels will present challenges to the environment and society.
Climate Change Acknowledgment
ExxonMobil’s acknowledgment of the impact of fossil fuels on global warming and its decision to cut back its support and funding has been a significant step in driving legislation that supports alternative energy sources. This move revealed the need to back climate change policies to the company’s stakeholders. Currently, ExxonMobil is devoted to offering affordable energy solutions to address the impact of fossil fuels on the environment. Its risk management strategy entails four components: reducing emissions, offering products that help consumers reduce their carbon footprint, developing scalable technologies to decarbonize most emitting sectors, and proactively backing climate-related policies. The company’s scientists are now at the forefront of climate research to understand ways that it can work to mitigate climate change.
Companies have a corporate social responsibility to ensure their activities do not affect the environment but rather conserve it. ExxonMobil had previously violated its environmental conservation duties by funding against it. Oil companies have to take responsibility for their activities, such as contributing proportionally to their actions. Currently, the precise impact of global warming will remain undetermined since fossil fuel is continuously being burned. Scholars warn that ongoing climate disasters are expected to intensify, given that greenhouse gases already unleashed by industrialization continue to impact the environment. It is everyone’s responsibility to take care of the environment to make it sustainable for future generations. In the next few years, things like supporting alternative energy sources or cutting back on our dependence on oil should be encouraged.
Curry, Rex. “Exxon’s Climate Denial History: A Timeline”. Greenpeace USA, (2019), https://www.greenpeace.org/usa/fighting-climate-chaos/exxon-and-the-oil-industry-knew-about-climate-crisis/exxons-climate-denial-history-a-timeline/.
Goldenberg, Suzanne. “ExxonMobil gave millions to climate-denying lawmakers despite pledge.” Guardian. (2015). https://www.theguardian.com/environment/2015/jul/15/exxon-mobil-gave-millions-climate-denying-lawmakers
Hall, Shannon. “Exxon knew about climate change almost 40 years ago.” Scientific American 26 (2015).
Nunez, Christina. “Causes and effects of climate change.” National Geographic. (2019). https://www.nationalgeographic.com/environment/global-warming/global-warming-overview
Schwartz, John. “Exxon misled the public on climate change, study says.” New York Times, (2017), https://www.nytimes.com/2017/08/23/climate/exxon-global-warming-science-study.html.
Facebook Data Breach Free Essay
Meta Inc. platforms’ Facebook experienced a data breach involving personal data and phone numbers of over 533 million users published in a low-level hacking forum on April 2, 2021 (Holmes, 2021). The leak contained Facebook user data from 106 countries, with over 32 million users from the US, over 11 million records from the UK, and over 6 million users from India. The data comprised Facebook bios, IDs, Phone numbers, locations, full names, birth dates, and in some instances, email addresses. Some insiders on Facebook reviewed the leak. It was verified with several records matching listed Facebook IDs to phone numbers using the password reset feature that could partially reveal users’ phone numbers. As per Facebook’s spokesperson, the data scrap was possible because of a system vulnerability, which the company claimed to have patched in 2019 (Holmes, 2021). Data scraping (web scraping) involves importing data from a website into a local file or a spreadsheet based on a local machine.
A Facebook spokesperson said the attacker had scraped the data of its site by exploiting a zero-day vulnerability in a feature that allowed Facebook users to find their friends using their phone numbers. In addition, the information found on the leak contained data available publicly on the user accounts; therefore, Facebook chose not to notify affected users.
Type of Data Breach
In this case, the type of data breach involved personally identifiable information (PII). PII is any data that can potentially identify specific individuals. This data category comprises home addresses, date of birth, phone numbers and can be used as an identifier. In addition, PII can be defined as i) any information that directly identifies an individual, such as email address, telephone numbers, social security numbers, name, and addresses. (ii) any information that an agency may identify an individual combined with other information such as geographic indicator, birth date, race, gender, and other descriptors. Moreover, any information online or physical that may aid in contacting a specific person is categorized as PII. In this case, an attacker could obtain user names, phone numbers, birthdates, and email addresses of Facebook users. Contractors are remended by the department of labor (DOL) to save guard sensitive data.
The other type of data breach is the loss of intellectual property. The company discovered a flaw in June 2020 that allowed third parties to access personal data rather than their level of access. The issue was patched on July 1, 1 same year. Intellectual Property theft (IP theft) refers to robbing people or companies’ Generally, and there are four types of IP theft, patents, copyrights, trademarks, and trade secrets. Facebook had implemented a policy that allowed developers to access clients’ data for only 90 days After the Cambridge Analytica Saga in 2018. However, the company found out that third-party developers had access to user data of inactive users if they were friends with other active users.
Impact of the breach on the organization; legal, financial, and reputational
|Legal||– Legal penalties: for failing to secure user data.
– Government fines: failure to inform relevant government bodies about breaches will attract penalties.
– In extreme circumstances, those involved will serve prison time
|– Legal Penalties
The legal team must deal with data breach repercussions in the post-breach era. They must ensure that users and the federal government is notified and all the regulations are followed. The company also faces another challenge of infractions of global data privacy compliance violation because it has a global consumer base. In 2019, Facebook reached a landmark settlement with FTC and paid a $5billion fine for failure in data privacy.
|Financial||– Financial Impacts
The company lost more than 26% of its shares during the last quarter of 2021. In addition fell in market value to about $230 billion (Snider, 2022).
|According to (MetaCompliance Marketing Team, 2021), the company is expected to lose an estimated cost of $3.7 billion. This is because of exposing locations, date of birth, phone numbers, full names, and some email addresses.|
|Reputational||The network has been losing a significant number of its users. Its daily active users have declined. Comparing active users, in the last quarter of 2021, daily active users were capped at 1.929 billion compared to 1.93 in the past quarter (Snider, 2022).||– Less Attractive to New Employees
Further decline in user base will adversely influence the company’s ability to deliver on their ads and impression, thus affecting their financial performance.
Security Issues Facebook was Facing Before the Breach
- Failed Access control
The company made the issue public through a blog post on July 1, 2020. The bug enabled third-party developers to have more excessive access to personal user data than they should (Heiligenstein, 2022). Developers were able to see user details of inactive users if they were friends with active users. The flaw was discovered and patched. Failure enables hackers to perform unauthorized information modification, disclosure, or destruction of all data. In addition, it allows hackers to perform business functions beyond their limits.
- Back doors and application vulnerabilities
In 2019, the company had backdoors and application vulnerabilities that led to breaches (Heiligenstein, 2022). A second server was discovered in 2020, containing 42 million more users, making about 310 million. These flaws expose the company to security breaches or exploitations. With the global outreach of the internet, web applications are vulnerable to these flaws and attacks coming from a range of attack vectors.
- Code Error
In September 2018, hackers accessed user data, allowing them full access to the entire profile (Heiligenstein, 2022). This was possible because of a flaw in the platform “view as” feature. This feature gives a user ability to view their profile from the perspective of other users. However, an error in the code allowed hackers to steal tokens and view information deemed private. According to Facebook, it took about a year for the flaw to be noticed and be patched.
- Poor credential management.
User data was stored in an encrypted format exposing them to workers of Facebook (Heiligenstein, 2022). Data was stored in plaintext. This can lead to severe damages when a data breach occurs.
CSC Suitable Control
Center for Internet Security (CIS) released a collection of 20 controls called Critical Security Controls (CSC) to help organizations protect themselves from identified threats and security attacks (CIS Critical Security Controls, nd). Facebook had faced several security breaches before the breach in the case study, as discussed in the previous question. Here we will recommend controls for the given breach to help mitigate the risk associated with the issue.
|Security Issue||Recommended control||Recommended sub controls||Recommended Tools||Risk Control Strategy|
|Failed Access Control||CSC:1- Inventory of /authorized and Unauthorized Devices||IA-3: Device Identification and Authentication
PM-5: Information System and Inventory
|– security information and event management (SIEM)||Mitigation|
|Back door and application vulnerability||CSC 3: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and services||CA-7: Continuous Monitoring.
SI-4: Information System Monitoring
|– Intrusion Detection and Prevention Systems (IDS/IPS)
– Security Information and Event Management (SIEM)
|Code Error||CSC 18: Application Software Security||SA-15: Deployment process, standard, and Tools
SA-17: Developer Security Architecture and Design.
|– Dynamic Application Testing (DAST) tool.
– Static Application Security Testing (SAST) tool.
|Poor credential Management||CSC 4: Continuous Vulnerability Assessment and Remediation||CA-2: Security Assessment.
SI-7: Software, Firmware, and Information Integrity
|– IBM Guardium for File and Database Encryption
It was added to the previous table.
Open-Source Tools vs. Commercial Tools.
|Tools||Open Source||Commercial Tools|
– Improves Cybersecurity Performance—it shortens the time to detect and identify threats allowing the company to react fast.
– Helps with regulatory Compliance
– Provides Details Forensic Analysis
– Offer a wide range of uses
|Access Rights Manager
– It helps IT and security specialists to automate their work.
– In addition, it will help the company to improve on compliance issues and avoid violations of set guidelines.
– It will help the company better visualize its resources and control its data.
– It will help Facebook prevent unauthorized parties from accessing the company’s data.
– It will also prevent data loss and data breaches.
– It is effective with both outsider and insider threat detection.
– It uses Machine-learning algorithms to identify new sensitive data.
|Disadvantages||– Requires Technical expertise- its effectiveness will be entirely based on its implementation. In addition integrating, configuring, and analyzing SIEM reports require technical expertise.
– It takes a long time to implement- it can take up to 90 days, depending on the firm’s size.
– Generates Large amounts of False-positive- when it is misconfigured, it creates large amounts of false positives in a day.
|– Before implementing any DLP Software, one must study the pros and cons of every software.
– The company will need to define and develop core data protection strategies for business and technical requirements. Otherwise, it will not be effective. This is because implementing a data leak prevention policy takes time to develop.
– DLP assigns network access based on privileges. All accounts need to be audited to ensure that they can distinguish between regular and privileged ones.
– It is challenging to implement DLP; thus, the company must have a comprehensive overview of data flow within the company.
I will deploy an Enterprise Security Architecture to secure the company’s information system. This will be possible by determining Facebook Inc.’s security requirements, such as planning, implementing, and testing security systems. In addition, it will work in preparation of security standards, procedures, policies, and mentoring team members. The Enterprise Security Architecture will utilize a dual-firewall. A dual firewall is more complex than a single firewall implementation. However, it is overly secure, providing granular control over internet traffic flowing through the firewalls. Ideally, the firewalls should have different models and vendors acting as interior and external firewalls, offering a DMZ segment between the internal and external firewalls. Like in a single firewall model, the DMZ will allow internal to external firewall traffic. However, no traffic will be permitted from the external network directly to the internal network.
Reflection and Lesson Learned from the Incident
After going through the case study, I have learned that even giant firms like Facebook can be faced with data breaches and are vulnerable to data breaches. For a firm to be secure, it has to take proactive measures in data security and pay the cost of implementing the associated standard. When a company is involved in a data breach, customers lose their trust in the company, and it is faced with a high attrition rate of both customers and employees. The consequence of the high attrition rate has more significant impacts on the company’s investors.
I have learned the following after studying the case study:
- Companies should monitor systems, hosts, and their networks in real-time.
- The development of new software leads to unique security gaps; therefore, there is a need for proper testing.
- There is a need for log and alerts on changes to administrative group membership,
- There is a need to have a red and blue team perform incidence response and find errors in the web application.
- When a company is faced with a data breach, the brand is also harmed.
- User data should be secured with proper and updated tools.
- Companies should perform data audits and control all logs.
Avery, A. (2021). After the disclosure: measuring the short-term and long-term impacts of data breach disclosures on the financial performance of organizations. Information & Computer Security, 29(3), 500–525. https://doi.org/10.1108/ics-10-2020-0161
Choi, Y. B. (2021). Organizational Cyber Data Breach Analysis of Facebook, Equifax, and Uber Cases. International Journal of Cyber Research and Education (IJCRE), 3(1), 58-64.
Downing, A., & Perakslis, E. (2022). Health Advertising on Facebook: Privacy & Policy Considerations. arXiv preprint arXiv:2201.07263.
Foecking, N., Wang, M., & Huynh, T. L. D. (2021). How do investors react to the data breaches news? Empirical evidence from Facebook Inc. during the years 2016–2019. Technology in Society, 67, 101717.
Holmes, A. (2021, April 21). 533 million Facebook users’ phone numbers and personal data have been leaked online. Business Insider. Retrieved March 20, 2022, from https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T
Snider, M. U. T. (2022, February 4). $230 billion? Facebook’s stock plunge brings big losses for Mark Zuckerberg, Meta – and maybe you. USA TODAY. https://eu.usatoday.com/story/money/2022/02/03/facebook-zuckerberg-retirement-funds/6654000001/
Strawbridge, G. (2020, February 28). 5 Damaging Consequences Of A Data Breach. MetaCompliance. https://www.metacompliance.com/blog/5-damaging-consequences-of-a-data-breach/