Even with cyber security systems and measures in place, company cannot think themselves safe, for there are always some loopholes or vulnerabilities left in the defense system. Their exploitation may affect companies in many ways, with impact making itself felt through reputational damage, the loss of delicate information, and expenditure associated with the deployment of additional cyber protection mechanisms. Companies incur heavy financial losses estimated at hundreds of thousands of dollars. The US-based AWS Inc. is the company that should not deem itself as being invincible, as big companies are the first in line for a big-scale attack. To deal with potential vulnerabilities, the company must educate its staff on the danger of emails, attach security directly to data, and adopt micro-segmentation to keep operational data segments separated for damage minimization. The point is that the AWS Inc. is one of the big US-based companies that must accept its inevitable vulnerability to cyber threats despite the maintenance of the cyber protection system and follow recommendations of how to improve its safety to avoid myriads of adverse effects cyber-attacks have on large companies.
Company Background and Cyber Security Applicability thereto
The US-based AWS Inc. or Alaska Winter Shoes Inc. is the company with trade partners in Norway and Sweden supplying skin as a raw material for shoes production. What the company has to offer to its customers is an exclusive line of shoes adapted to harsh climatic conditions. There is a large bulk of stored sensitive cyber data on the amount of raw material import and invoices along with information on the bipartite deals and negotiations. Furthermore, the company stays connected with exclusive retail stores across the USA and the UK along with all Commonwealth countries. The company is establishing market presence in continental Europe. The annual revenue reached the 6.5-billion mark in 2015. The following are the reasons for the ASW to improve its vulnerabilities by acting on the recommendations.
No matter how protected, the company should have no illusions as to its safety. None of commercial enterprises of whatever orientation is invincible these days. According to Wall (2015), there being a connection between a business and employees, suppliers, and customers via the internet, companies remain vulnerable to cyber threats. The incidence of attacks against companies seems high. According to Risk Group LLC (2016), reports have it that 25% of commercial ventures experience a cyber-attack. Ponemon Institute (2012) asserted that organizations experienced a median of 66 cyber assaults on a weekly basis, with business disruptions left in their wake. Organizations in the United States and Germany face the highest median level of weekly assaults of 79% and 82% respectively. Besides being US-based, the AWS Inc. is a large company on the rating list composed by prestigious magazines. As such, it may be high on the agenda of offenders entertaining a particular disdain for them. Jackson (2012) noted that hackers shared an understanding that companies from the Fortune 500 could absorb less being filthy rich.
A Wealth of Negative Effects
The types of impact of cyber-attacks on business are aplenty. Ponemon Institute (2012) claimed that business disruption and the loss of delicate information were two major outcomes of cyber assaults, as is evident from the opinion of interviewees in Hong Kong and the USA. Brazilian, German, and British respondents expressed concern with the loss of such categories of delicate information as trade secrets and intellectual property. Help Net Security (2015) reported about 88% of respondents as having linked a cyber assault to considerable productivity and financial implications to the company. Other sources tend to estimate the impact in percentage terms rather than calculate the impact-related opinion of interviewees. Thus, Loveland and Lobel (n.d.) put the percentage of fiscal losses at 37.5%. Intellectual property theft falls behind at number two spot, the percentage being 31.8%. Close behind at the number three spot is reputation or brand compromising standing at 31.2%. Frauds with the rate of 15.8% sit fourth from top. Placing fifth on the list, the likelihood of breaches leading to lawsuits or legal exposures amounts to 12.2%. The loss of shareholder value is second from last on the list, and the percentage equals 11.3%. Extortions bring up the rear occurring in 7.1% of cases. Zaharia (2015) provided an impact list of her own. The loss of proprietary or confidential data is atop the standings estimated at 11%. Next stands reputational detriment. Both may be said to share the number one spot, as the percentage is equal for both. Critical system disruption also made the list at number 3 spot accounting for 8% of cases. Such reason as the forfeiture of revenue, whether current or future, is next to last amounting to 7%. The loss of customers landed in the bottom of the list being equal to 6%.
Although Risk Group LLC (2016) did not define the impact in percentage terms, the source did diversify the range of potential effects a cyber threat can have on businesses. An assault can result in investment diversion, the demolition of digital infrastructure, a decrease in capital inflows and economic growth, trade limitation, the introduction of expensive security measures and precautions in space, geo-, and cyberspace, higher cyber insurance measures, and the re-direction of public investment funds to security. Business is likely to become expensive to do. Companies will be made to pay larger salaries to the major security employees at risk. The company may have lawsuits filed against it. A cyber-attack may lead financial markets to raise the cost of capital for the company. Brand damage and customer base turnover may also follow a cyber assault (Risk Group LLC, 2016).
The article authors were right to bring forward all of these arguments creating rather a full picture of attack fallouts. Indeed, customers or subcontractors may come to press charges against the company. It is they who may incur losses while cooperating with the venture. Security-related expenditure seems to be one of the biggest group of effects, as the company will spend on larger paychecks for its IT staff and security software. Reputational damage may be the strongest blow dealt by cyber offenders, as a company compromised is the company least wanted by partners and customers for cooperation. Suppliers may fear lest theirs be the venture that suffers a blow when the once compromised company faces another attack. Brand damage may well drive the company out of business if it loses its clientele and suppliers after spending years accumulating both.
Indeed, Help Net Security (2015) reported 3.5% of respondents to be under the assumption that a single cyber assault against their employer has the potential of putting their company out of business for good. The financial impact as such as may turn out fatal to a commercial enterprise. Costs associated with investment in security technologies, the rebuilding of reputation and brand, and investigation run up to 106.904 dollars in Brazil and 298.359 dollars in Germany on the average (Ponemon Institute, 2012). Since the USA is close to Germany in terms of popularity with hackers, as stated in one of the preceding paragraphs, the post-assault cost may approach the 300.000 dollars being thrice as heavy as that in Brazil. In the later portions of the report, Ponemon Institute (2012) disclosed the financial equivalent of the restoration efforts placing it at 276.671 dollars in the USA. In Hong Kong and the UK, the cost came out at 159.244 and 229.560 dollars in that order at the time of report publication.
Recommendations
Jason Hart, chief technology officer at digital security specialist, Gemalto is much of the view that the chief information officers of companies need to accept the fact a breach will inevitably occur. To transition from breach prevention to breach acceptance mindset is what IT specialists need (Wall, 2015). However, this is not to suggest that all the company needs to do is take the blow. Wall (2015) recommends looking to it that the company loses no data. The AWS would do better to employ the best practice data protection by linking security directly to the data. How the company may do so is by utilizing multi-factor data encryption and authentication as well as introducing the secure management of encryption keys. Even if stolen, data will be of zero use to perpetrators. Tom Patterson, an IT company GM, came up with the idea of micro-segmentation, and company’s cyber system may see plenty of small walls built around the parts of business that contain precious data never to lose. The approach requires the signing of each bit of digital information, the packet data, by means of a code unique to every business segment in a crypto-graphical fashion. In the event of offenders breaking in, they will access nothing more than data unique to a particular segment, and such will be an easier breach to handle. Hackers will have no way of sending the entire company flying or inflicting a devastating blow.
If the company does not want its data stolen or accessed by unauthorized individuals, it would better consider the internal risk that may require around 70 days of remediation also being hard to detect. Thus, employees can click on email attachments they think have come from trusted sources. One click will prove sufficient to leave a company compromised and render multi-million security investments futile. Hackers employ social engineering for gathering information from social media to reason employees that it is from people they know that they received emails. Thus, the company would be well advised to educate the personnel about this danger (Wall, 2015). While education may work, there is no expecting it to have effects with regard to employees who have a grudge against management or owners, and they may decide to take revenge while on their way out of the company, that is, when they are about to part ways with it. The AWS Inc. may find itself intentionally compromised by such soon-to-be-former staff members. Furthermore, the possibility exists of there being company insiders paid by criminal gangs. Much as there are instruments that allow detecting conduct anomalies within the corporate network, their use is fraught with considerable time and money spending (Wall, 2015). It may be that thorough background checks will help identify connections with criminal groups that may use the position of their insiders to conduct cyber-attacks.
As follows from Technical Director at Tenable Network Security, Gavin Millard, sometimes, companies need to do no more than monitor systems effectively. To maintain a solid password policy, to encrypt delicate information, to install up-to-date malware defence systems, to filter out- and inbound communications, and to patch bugs that are easy to exploit is what any company needs to this end. At the minimum, the company would be better off controlling if firewall, antivirus, and security certificates are up-to-date. Funneling funds into monitoring control for the identification of when it is that an attack occurs is a good idea. Non-technologically, personnel teaching is the recommended approach to invasion risk mitigation. Important is also to recommend that the personnel not be granted access to critical systems and data alike if they use their mobile gadgets in the professional settings and for the respective purpose (Wall, 2015).
One of the ways to deal with the cyber risk will be for the company to make a shift to a centrally controlled system enabling the IT department to conduct the remote wiping of mobile devices in the case of them being stolen or lost (Wall, 2015). However, the company would be better suited cultivating a culture or the habit of reporting device thefts immediately. However, as educated and informed as the personnel may be, it may take employees hours to find their devices stolen. When they do, the system may be compromised as of then especially if offenders primarily targeted the device of an important company employee. Therefore, the guideline is not a safe bet; nor is cyber security as such, which brings one back to the mantra of the cyber-attack inevitability-induced acceptance mentioned before.
Conclusions
Thus, The US-based AWS Inc. is one of American companies that needs to stay aware of the danger of cyber-attacks and its authors who will inevitable target it due to market status and attack feasibility owing to it being impossible for any company to be immune from cyber invasions. The company must improve its potential vulnerabilities to avoid negative attack-related effects like reputation and money losses, customer defection, and security spending. The financial damage sustained by organizations is the biggest of the effects a cyber assault may have on a company. Staff education on email treatment, the attachment of security to the data, and data micro-segmentation are among recommendations for the company to follow. Of course, no company is safe from vindictive or incautious employees who can make extra precautions futile; however, the guidelines recommended are likely to enhance the defenses of the Alaska Winter Shoes Inc. keeping it protected.
References
Help Net Security. (2015, February 26). The business and social impacts of cyber security issues. Help Net Security. Retrieved from: https://www.helpnetsecurity.com/2015/02/26/the-business-and-social-impacts-of-cyber-security-issues/
Jackson, G.M. (2012). Predicting malicious behavior: Tools and techniques for ensuring global security. John Wiley & Sons. Retrieved from: https://books.google.com.ua/books?id=PkQK318zKEoC&pg=PA20&dq=hackers+target+rich+companies&hl=uk&sa=X&ved=0ahUKEwjnl-nqkIzOAhVGliwKHRZiAvUQ6AEIIzAA#v=onepage&q=hackers%20target%20rich%20companies&f=false
Loveland, G., and Lobel, M. (n.d.). Cybersecurity: The new business priority. PWC. Retrieved from: https://www.pwc.com/us/en/view/issue-15/cybersecurity-business-priority.html
Ponemon Institute. (2012, May). The impact of cybercrime on business. Retrieved from: https://www.ponemon.org/local/upload/file/Impact_of_Cybercrime_on_Business_FINAL.pdf
Risk Group LLC. (2016, April 28). Cyber-security risks: Impact on global business. Risk Group. Retrieved from: https://www.riskgroupllc.com/cyber-security-risks-impact-on-global-business/
Wall, M. (2015). Six thing firms should do to improve cyber security. BBC News. Retrieved from: http://www.bbc.com/news/business-34636751
Zaharia, A. (2015, March 11). 10 critical corporate cyber security risks – a data driven list. Heimdal Security. Retrieved from: https://heimdalsecurity.com/blog/10-critical-corporate-cyber-security-risks-a-data-driven-list/
