Homework Help is Here – Start Your Trial Now!
Engineering
Computer Science
ompany Alpha is located in the Midwest United States. It deals in medical supply sales to hospitals and clinics in the surrounding area.  The current number of employees stands at 75 people. Of those, the 5 people who work for the IT department are the only ones who receive annual training in cybercrime. What they learn at these trainings is not shared with other employees, simply because time is not put aside for internal password, MFA, and malware training.  At 6:00 am, all employees received an email from an account with a familiar company domain. The email came from john.clower@companyalpha.com, the usual address that tech information was sent through. It stated that updates needed to be installed before devices were used for the day. As salespeople, receptionists, and management logged in and checked their emails, they downloaded the attachment and installed.  They failed to notice a pretty common trick for phishing and ransomware scammers: Using a similar and familiar email address to fool victims into following their instructions. The actual tech supervisor’s email address was john.dower@companyalpha.com. More than 30 people downloaded a ransomware program onto their devices.  By 9:00 am, several computers were getting strange popups stating that all files on the device had been encrypted, and that the only way to regain access to them was by purchasing a decryption key through a website. Meanwhile, the ransomware continued its journey through the network, effectively shutting down every unsecured device logged into the WLAN.  Confidential customer data, employee email addresses, and personal information were skimmed and saved, to be sold on the dark web. It was a network blackout of massive proportions, and one that could only be solved by paying the creators of the ransom the sum of money they demanded. All employees were asked to log off and avoid accessing company data until further notice– Without the  network, critical functions, including sales documents, access to printers, and customer orders, were completely inaccessible.  After a week of failed attempts to remove the ransomware, it was decided that it would be more cost-effective to pay. As of now, the company had lost a week’s worth of sales, employees were unable to work, and many customers were questioning the reputation of a once-trusted supplier.  Company Alpha paid the RM 75,000 ransom, nearly draining company coffers. It took another 48 hours to receive the decryption keys. By the end of the incident, the company was out more than RM 100,000 in damages, compensation, and hiring a team to revamp the network security.  The story of Alpha company is fictional, but the situation and severity are very real. Without multilayered, adaptive security systems, a single misclicked attachment or unnoticed phishing email could bring a business to a grinding halt.  (a) Discuss FIVE (5) threats/attack and vulnerabilities occur at the Alpha company. (c) To strengthen the IT system security in the company (based on the case study above), propose and suggest the solution and countermeasure needed for the company to preserve their valuable assets. Your suggestions should relate to the threats/attack and vulnerabilities answered in Question 1(a).    Your suggestion will be based on the following components: Technology Used Policy and Procedure

ompany Alpha is located in the Midwest United States. It deals in medical supply sales to hospitals and clinics in the surrounding area.  The current number of employees stands at 75 people. Of those, the 5 people who work for the IT department are the only ones who receive annual training in cybercrime. What they learn at these trainings is not shared with other employees, simply because time is not put aside for internal password, MFA, and malware training.  At 6:00 am, all employees received an email from an account with a familiar company domain. The email came from john.clower@companyalpha.com, the usual address that tech information was sent through. It stated that updates needed to be installed before devices were used for the day. As salespeople, receptionists, and management logged in and checked their emails, they downloaded the attachment and installed.  They failed to notice a pretty common trick for phishing and ransomware scammers: Using a similar and familiar email address to fool victims into following their instructions. The actual tech supervisor’s email address was john.dower@companyalpha.com. More than 30 people downloaded a ransomware program onto their devices.  By 9:00 am, several computers were getting strange popups stating that all files on the device had been encrypted, and that the only way to regain access to them was by purchasing a decryption key through a website. Meanwhile, the ransomware continued its journey through the network, effectively shutting down every unsecured device logged into the WLAN.  Confidential customer data, employee email addresses, and personal information were skimmed and saved, to be sold on the dark web. It was a network blackout of massive proportions, and one that could only be solved by paying the creators of the ransom the sum of money they demanded. All employees were asked to log off and avoid accessing company data until further notice– Without the  network, critical functions, including sales documents, access to printers, and customer orders, were completely inaccessible.  After a week of failed attempts to remove the ransomware, it was decided that it would be more cost-effective to pay. As of now, the company had lost a week’s worth of sales, employees were unable to work, and many customers were questioning the reputation of a once-trusted supplier.  Company Alpha paid the RM 75,000 ransom, nearly draining company coffers. It took another 48 hours to receive the decryption keys. By the end of the incident, the company was out more than RM 100,000 in damages, compensation, and hiring a team to revamp the network security.  The story of Alpha company is fictional, but the situation and severity are very real. Without multilayered, adaptive security systems, a single misclicked attachment or unnoticed phishing email could bring a business to a grinding halt.  (a) Discuss FIVE (5) threats/attack and vulnerabilities occur at the Alpha company. (c) To strengthen the IT system security in the company (based on the case study above), propose and suggest the solution and countermeasure needed for the company to preserve their valuable assets. Your suggestions should relate to the threats/attack and vulnerabilities answered in Question 1(a).    Your suggestion will be based on the following components: Technology Used Policy and Procedure

Database System Concepts
Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
See similar textbooks
icon
Related questions
Question

Company Alpha is located in the Midwest United States. It deals in medical supply sales to hospitals and clinics in the surrounding area.  The current number of employees stands at 75 people. Of those, the 5 people who work for the IT department are the only ones who receive annual training in cybercrime. What they learn at these trainings is not shared with other employees, simply because time is not put aside for internal password, MFA, and malware training.  At 6:00 am, all employees received an email from an account with a familiar company domain. The email came from john.clower@companyalpha.com, the usual address that tech information was sent through. It stated that updates needed to be installed before devices were used for the day. As salespeople, receptionists, and management logged in and checked their emails, they downloaded the attachment and installed.  They failed to notice a pretty common trick for phishing and ransomware scammers: Using a similar and familiar email address to fool victims into following their instructions. The actual tech supervisor’s email address was john.dower@companyalpha.com. More than 30 people downloaded a ransomware program onto their devices.  By 9:00 am, several computers were getting strange popups stating that all files on the device had been encrypted, and that the only way to regain access to them was by purchasing a decryption key through a website. Meanwhile, the ransomware continued its journey through the network, effectively shutting down every unsecured device logged into the WLAN.  Confidential customer data, employee email addresses, and personal information were skimmed and saved, to be sold on the dark web. It was a network blackout of massive proportions, and one that could only be solved by paying the creators of the ransom the sum of money they demanded. All employees were asked to log off and avoid accessing company data until further notice– Without the  network, critical functions, including sales documents, access to printers, and customer orders, were completely inaccessible.  After a week of failed attempts to remove the ransomware, it was decided that it would be more cost-effective to pay. As of now, the company had lost a week’s worth of sales, employees were unable to work, and many customers were questioning the reputation of a once-trusted supplier.  Company Alpha paid the RM 75,000 ransom, nearly draining company coffers. It took another 48 hours to receive the decryption keys. By the end of the incident, the company was out more than RM 100,000 in damages, compensation, and hiring a team to revamp the network security.  The story of Alpha company is fictional, but the situation and severity are very real. Without multilayered, adaptive security systems, a single misclicked attachment or unnoticed phishing email could bring a business to a grinding halt. 

(a) Discuss FIVE (5) threats/attack and vulnerabilities occur at the Alpha company.

(c) To strengthen the IT system security in the company (based on the case study above), propose and suggest the solution and countermeasure needed for the company to preserve their valuable assets. Your suggestions should relate to the threats/attack and vulnerabilities answered in Question 1(a).

   Your suggestion will be based on the following components:

  1. Technology Used
  2. Policy and Procedure
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer
Knowledge Booster
Security Techniques and tools
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education
SEE MORE TEXTBOOKS