This is a high level extract of case study from an article. Please read the case study and answer the questions below:

The revelation that Home Depot's breach resulted from the compromise of a third$-$party vendor is "eerily" similar to the circumstances of the Target data breach. The two mega$-$breaches point to the need for retailers to more closely monitor the security measures of their vendors and ramp up breach detection efforts.

The Home Depot attack vector is due to "This is fundamentally due to cybercriminals doing their homework on organizations and waging a fierce, persistent campaign to find any possible way to get a foothold in the organization" says JD Sherry, vice president of technology and solutions for Trend Micro.

Home Depot said that criminals used a third$-$party vendor's username and password to enter the perimeter of its network $.$ From there, hackers acquired "elevated rights" that allowed them to navigate portions of Home Depot's network and to deploy custom$-$built malware on the retailer's self$-$checkout systems in the U$.$S$.$ and Canada, the company says.

According to Home Depot, the malware used in the attack has not been seen in any prior attacks and was designed to evade detection by anti$-$virus software.

The home improvement retailer did not reveal the nature of its third$-$party vendor whose credentials were used in the breach.

In the Target breach, in which $40$ million payment cards and personal details on $70$ million customers were compromised, the retailer acknowledged that the incident was the result of hackers stealing electronic credentials from one of its vendors. From there, attackers used "sophisticated malware" to evade detection and obtain the card details and other sensitive information.

Following a Script? Home Depot asset has a value of $$50000$ and has one vulnerability, which has a likelihood of $0\mathrm{.}5$ with current control that addresses $30\%$ of its risk $.$ Your assumptions$/$data are $90\%$ accurate.

The Home Depot breaches demonstrate just how vulnerable retailers are to attacks waged by compromising the credentials of third parties, says Rebecca Herold, a partner at the consulting firm Compliance Helper.

One reason for that vulnerability, Herold says, is that so many retailers fail to conduct due diligence investigations of the security practices of their vendor partners, relying solely on security clauses in contracts.

The breached Home Depot vendor's apparent reliance on username and password for authentication was clearly inadequate, says Tsion Gonen, chief strategy officer at SafeNet, a data protection firm. "This massive breach reinforces why more companies need to implement multi$-$factor authentication, not only for their own employees, but for third parties that access their data systems," he says.

Organizations that outsource any type of information processing, access or storage must perform due diligence $"$to ensure the contracted entities to whom they are entrusting this access have appropriate safeguards in place," Herold says.

In announcing the apparent cause of its breach last week, Home Depot also revealed that some $53$ million customer e$-$mail addresses were stolen in the attack, in addition to the compromise of $56$ million payment cards.

Question to Answer

What are the steps Home Depot can take to help customer whose data have been breach to prevent phishing attack $[5$ marks$]$

List $5$ fundamental strategies who depot can adopt moving forward to prevent breach.$[5$ marks$]$

Based on this case study, culculate the extend risk. $[5$ marks$]$