All organizations face the risk of attacks. In today’s world businesses cannot function efficiently without computers, networks, and the internet. Increased internet connectivity has provided the companies with many incentives but along with them a tremendous increase in the level risk. Although no organization can be fully secure, we have the responsibility to mitigate all risks. The company must assess, plan and address threats and vulnerabilities through different security measures.
Denial-of- Service is a major risk for the organization. The attack would aim at disrupting the service network. The attackers can send high volumes of traffic and data consequently making enormous connection requests thus overloading the network and rendering it nonfunctional. A denial-of-service attack can cause the Red Clay Renovations employees unable to access the system both in the company premises and also in other locations. The attack would also make it impossible for clients to access the company online (NCSC, 2013).
Another risk that the company might face is malware. Malware is a code designed with the intention of causing harm. Malware can take several forms which include viruses, worms and Trojans (Humphreys, 2008). The malicious software can be introduced into the company’s network through email downloads, operating system vulnerabilities, storage devices and software downloads. Some of the events that might result from malware attacks include interfering with data integrity by deleting, formatting databases, stealing data, replicating and taking up memory.
Another risk that the organization faces is phishing. The Phishing emails look like legitimate emails from legitimate contacts but are designed to steal data. Phishing emails are sophisticated and make it difficult for employees to discern between legitimate and false requests. Normally the email has a link that when clicked redirects the staff. Some of the events that can result from phishing emails include stealing of personal information and data. The risk can be mitigated by educating the staff on what to look out for when opening their emails. Password attacks are also a risk that the organization faces (Sandro & Zeljiko, 2007). Attackers often try to crack passwords using means such as brute force and dictionary combinations. The event that can result is system compromise and stolen data. One of the primary ways of safeguarding against password attacks is having strong passwords.
One of the impacts that can result if the risks were to happen is a financial loss (Ramona, 2011). An event such as Denial-of-service would bring normal business operations to a standstill. The longer the period when the clients are not being served, and the employees are not working the higher the losses to the company. The attacks can also cause the clients to lose trust in the company. When potential customers and current ones gain knowledge of hacking incidents or attack events in the company, they lose trust. For example, when company data is stolen through an attack, the clients lose trust in the company’s ability to protect their data and may opt to take their business elsewhere.
Another impact that may result from an attack event is reputation damage. If the company was to be attacked depending on the extent of the event, the social image is bound to suffer. In case the incident is big, the company can lose market share as well. A damaged reputation can cost the company current and future business (NCSC, 2013). A company’s reputation takes a long time to build and recovering from a damaged reputation can be costly and time-consuming.
In conclusion, Red Clay Renovations cannot afford to overlook the information technology threats facing the company. Also, the organization should be willing to make the necessary investments in the personnel as well as the system to be prepared to handle the ever developing security risks.
References
Humphreys, E. (2008) Information Security Management Standards: Compliance, Governance, and Risk Management. Information Security Technical Report 13: 247-249.
National Cyber Security Centre (2013) Cyber Security Na Risk Management: An Executive Level Responsibility. Retrieved from http://www.ncsc.govt.nz/assets/cyber-security-risk-management-Executive.pdf
Ramona, E. ( 2011) Security Risk Management-Approaches and Methodology. Informatics Economics, 15(1): 228-240.
Sandro, G. & Zeljiko, H. (2007) Information System Security Threats Classifications. Journal of Information and Organization, 31(1): 20-38.
