Following an incident on the engineering department R&D Center’s attacking, IP address 10.10.135.0/24, on 22nd July 2021, of Sifers-Grayson physical address 1555 Pine Knob Trail, Pine Knob KY 42721, a final report was given confirming the occurrence of the events. The event started in the afternoon hours and went on for eight days continuously. The cause of the incidence was the leakage of passwords for sensitive accounts of the business. Interference with the system was disastrous because information leaked, and some files were misplaced, forcing the company to recover the data. The Corporate headquarters IP address Corporate Headquarters 10.10.100.0/24 was affected because they lost business-related data suspending normal operations. The event was concluded on 30th July 2021, removing the invader from the company’s computer systems. The company responded to the intruder by contacting the federal government that assisted the organization in countering the intruder. In response, the federal government removed the intruder from accessing the company’s details.
Employees helped strangers access the RFID-controlled doors and were quite friendly, not knowing they were from Red Team. Being extra friendly and talkative to strangers exposes the organization to risks of insecurity. Some of the employees were also reckless and misplaced their flash dicks by leaving them on top of tables in the organization’s lounge for employees. Leaving the disks behind gives strangers access to company equipment and information. Employees’ carelessness facilitates Red Team’s invasion of the company’s privacy. Phishing emails sent to employees were also noted to be accessed by outsiders. More than one thousand outsiders accessed the emails within twenty-four hours before Red Team provoked the links. Since Red Team sent the emails to employees only, it is evident that they shared the relations with outsiders. The reckless sharing of the links exposes the company to insecure situations.
Additionally, the organization has failed in creating a strong IT department meant to handle cases of cyber insecurity specifically. As a result, Red Team could not be noticed when accessing the company’s information system. Engineers are separated from the IT department and work as individuals instead of a group. Lack of unity provides engineers with the freedom to create servers that may only aid them individually. The company’s management is irresponsible because it is not informed about broken-down computers’ primary source of concern. The IT security is only there to conduct regular duties of communication and customer care desk. There are no forensic detectors to aid the available IT experts in detecting that something is wrong. Furthermore, the available technicians lack enough knowledge to run the cyber security operations. These are failures attributed to the management company and it is the only one capable of controlling these outcomes to achieve the desired outcomes.
Cause of the Incident
Since the incident occurred for eight consecutive days, the total hours spent on the incident were one hundred and ninety-two hours. During this time, the company lost nineteen thousand and two hundred dollars. This was the cost incurred by the company to pay the IT staff to perform the clean-up. The outcome was costly, and the company incurred losses to restore the previously lost data. The costs incurred were in paying the staffs was accompanied by other miscellaneous costs and therefore are higher than nineteen thousand and two hundred. The miscellaneous costs include costs incurred for minor services, such as repurchase of the lost files.
Business Impact of the Incident
The incident negatively affected Sifers-Grayson by leading to a loss in the information stored in the computers. The company did not have backup files and paid a ransom to recover the files and install new computer systems. The company is also restricted to using Windows 8.1 because accessing the backup files would be impossible without the system. Cyber insecurity also leads to loss of company credentials and interferes with the privacy of the company. The business also loses money when trying to recover the lost data and operation systems. Lack of internal experts also forces the company to lose money by hiring new staff to run the recovery process (Mueller, 2017). The business undergoes cycles of economic failures now and then once the interference occurs. It is expensive to renew data unexpectedly, and this often causes company failure.
General Comments
The management of the company should consider changing its approach towards cyber insecurity. A proper IT department should be created and equipped with the right resources to run its operations smoothly. IT experts should also be experienced in handling cases of cyber insecurity at the appropriate time. The experts should also undergo company training to help them identify areas where they should concentrate their attention fully. The management is responsible for allocating complete resources to the department and directing them on the guidelines provided by the federal government. On the other hand, the IT department will handle all cases of cyber invasion and alarm the management on preventive measures against unfamiliar penetration to its information systems. All departments within the institution should work hand in hand and protect each other from exploitation from external users of their information.
Sifers-Grayson should educate its employees on the importance of protecting its computer systems from intrusion from external people. The employees should be told how risky sharing information of the company is with external audiences. Exposing information and providing strangers with access to the business premises could collapse company systems and cause losses, resulting in lay off of employees. Educating employees helps the management to eliminate simple mistakes that could be costly for the business. Employee education informs them on preventive measures against unknown people and servers. Employees, in turn, should follow the guidelines set forth by the management to avoid being penalized for exposing the business to risks that may cause adverse situations (Sun et al., 2018). The activities protected by the administration and the employees guarantee cyber security within the premises of the company.
The management should also consider updating the computer’s software regularly to enhance protection from stalkers. It becomes difficult for the intruders to infringe on the networks of the company. Employees cannot share details of the new systems until they are familiarised with them. Engaging current technology makes it difficult to join because it comes with new security figures which outsiders have no access to. The company should engage its employees in control measures and should help them communicate emergency information at perfect timing. Communications on anything suspicious should be done to the federal government that helps fasten the response and minimizes the adversity of the cybercrimes orchestrated. Timely communications also help in preventing further exposure of personal information and safeguards privacy (Srinivas et al., 2019). That way, the company evades the enormous costs incurred in restoring the entire data storages system and the files lost in the process.
References
Mueller, M. (2017). Is cybersecurity eating internet governance? Causes and consequences of alternative framings. Digital Policy, Regulation and Governance, 19(6), 415-428. Web.
Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178-188. Web.
Sun, C., Hahn, A., & Liu, C. (2018). Cyber security of a power grid: State-of-the-art. International Journal of Electrical Power & Energy Systems, 99, 45-56. Web.