IPremier Company Cybersecurity Analysis

IPremier like many companies was indeed not prepared for the 75 minutes distributed denial of service attack (DDoS). This might have occurred due to lack of a vision about this kind of danger and also because of putting much assurance Qdata capacities. The failure to have disaster or strategies planning and lack of crisis management left everyone in a frenzy mood during the attack. Once the attack started and all lines of communication broke down, all workers at the IPremier began to panic with and what was more challenging was that there was no way to get around the situation they were in. Messages titled "ha" were used to crash their website by overburdening it. During this time, the company information leader Bob Turley was not present as he attended a key conference and all he could do was watch what was happening. With Qdata insufficiently backing them up and failure to have a BC Planning, an attack was posed to be a success. In this paper, I will look at how the company performed and how it should have responded by giving new perspectives and recommendations.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

IPremier Performance during the DDoS attack and what I would have done differentlyI believe the IPremier workers responded reasonably well considering they have not previously encountered or thought of such an attack. However, the company itself that is IPremier significantly lacked a standard set of rules that employees could follow during an emergency. According to Yu (2014), it is essential for any company with a website to have a standard set of rules that can guide it during an emergency such as one involving distributed denial of service attack. The IPremier had no such plan, and they were left to run around looking for help with no success especially after communication broke down. Furthermore, rather than informing QData on the spot, they had to wait until the attack had progressed.

If I were Mr. Turley, knowing that there was no action plan and my coworkers were not well equipped or prepared for such an attack, I would have immediately telephoned the directors of information or the managers of QData requesting them to assist in resolving the issues personally. I would then inform my managers, legal, security and network team to come together in an emergency conference so that they can share ideas and minimize wastage of time as they look for each other. This would be necessary for communication to be maintained which is crucial during such situations (Kommareddy, Bhattacharjee, Shayman & La, 2013).

Inadequacy and Deficiency of Ipremier’s Operating Procedures

During its attack, IPremier lacked clear policies, procedures, and strategies for management of such as an attack showing that its operating procedures were inadequate and deficient. The company had weak reporting procedure, which can be seen by the CIO, responded to the emergency. Furthermore, even if the company had an emergency plan, it was undoubtedly inadequate and deficient considering that it was out of date (Austin, Leibrock & Murray, 2002). The fact the no one knew the nature of the attack that is whether it was a hack DoS or an intrusion shows that the operating procedures were far from being efficient. It is crucial for any organization to be aware of all kind of cyber-attacks they can encounter and more importantly how they can counter them (Stavrou et al., 2013). Additionally, QData should have been contacted sooner.

Additional Procedures to Encounter the Attack Efficiently

To handle the attack better, the company should have additional procedures such as bettering and enhancing the IT department so that it can have proper tools to fight this kind of threats. When the IT is strengthened, it means it has the best firewall system that is not easily passed. Also, to avoid disappointing the customers, the company should have the "Temporary Unavailable" webpage which is something they can understand. In addition to having Qdata, the company should have other substitute providers that can also handle the attack correctly.

Preparing for Similar Attack

With this attacked already done, the company should give first assess its capabilities when it comes to handling such an attack. An honest assessment should be done in this case. By using this frank assessment, improvements should be made in areas such as infrastructure up-gradation, workforce, firewall strength, network security among other areas of weaknesses (Dagon et al., 2013). Network security should be allocated more budget since it is an integral part of the business. Firewall capabilities should be improved to meet international standards. Staff should be prohibited from sharing confidential information in all circumstances (Austin, Leibrock & Murray, 2002).

Recommendations

After analyzing the damage done by this attack, I would recommend several actions for IPremier one of them being about putting up a proper crisis management strategy and policy. I would also recommend detailed checking of logs and other affected areas. Awareness and training of workers should be done. Changing the current vendor that is Qdata or reviewing the initial contract with them. Proper update of the firewall system is something I would also recommend.

References

Austin, R. D., Leibrock, L., & Murray, A. (2002). The iPremier Company (A): Denial of service attack. Harvard Business School Pub.

Dagon, D., Feamster, N., Lee, W., Edmonds, R., Lipton, R., & Ramachandran, A. (2013). U.S. Patent No. 8,566,928. Washington, DC: U.S. Patent and Trademark Office.

Kommareddy, C., Bhattacharjee, S., Shayman, M. A., & La, R. (2013). U.S. Patent No. 8,397,284. Washington, DC: U.S. Patent and Trademark Office.

Stavrou, A., Keromytis, A. D., Nieh, J., Misra, V., & Rubenstein, D. (2013). U.S. Patent No. 8,549,646. Washington, DC: U.S. Patent and Trademark Office.Yu, S. (2014). Distributed denial of service attack and defense (pp. 15-29). Springer New York.