critique discussion below

seogil,

Due to the rapidly growing technology, the number of cyber-attacks is rising more than ever. Because cyber-attacks can cripple a business, it is important to have a proper cybersecurity mechanism be in place. In 2013, Target, one of the largest retailer company in the United States, faced a data breach affecting 70 million customers’ names, home and email address, and credit and debit card information (Target Customer Data Breach, 2014). Large companies are not the only ones facing cyber-attacks but small to medium-sized business (SMB) as well. From 2018 Data Breach Investigations Report, Verizon found that 58 percent of all cyber-attacks were on SMB because they are easier to breach (Chevalier, 2018). In our company, cybersecurity matters cannot undergo without discussing its importance during the meeting. Cyber-attacks, information system disruption, third-party liability can harmfully impact our business. Having a clear picture of the cyber-attack impact can help our company develop a proper risk posture that we need.

Cyber-attacks

A successful cyber-attack can drive one’s company to bankruptcy, disrupt business activity, and lose its reputation and trust. The attackers find the vulnerability within the company’s network system. Once they breach the system, company’s intellectual information and clients’ personal identifiable information (PII) can be compromised. Common types of cyber-attacks are denial-of-service (DoS), malware, ransomware, phishing, and password attack.

For instance, attackers can use password attacks or Brute Force attacks. This attack uses an automated system that creates different password combinations until it has the right password that leads them into a company network (7 types, 2018). At this point, the company has a data breach of the company’s critical information and clients’ PII. Cost of impact will be high from this cyber-attack because the company will lose clients and has to repair affected systems, networks and devices.

Information Systems Disruption

Disruption in the information system means the availability of the network or service has been breached. The company should always guarantee reliable access to the information system by maintaining all software and hardware are working properly, up to date, and free of clashes. For example, a DoS attack against unsecured company network system can cause downtime and inaccessible data. This will hinder employees and clients from access to the information in the network when it’s immediately needed. Also, this attack has the potential of opening a further vulnerability and more threats. Thus, this will adversely influence on this company’s reputation. Clients and shareholders put their trusts in this company to be reliable. If the availability of this company is breached, both current and future clients and shareholders will turn their back around and lose their interest to work with the company.

Third-Party Liability

The company can have the best cybersecurity and information assurance but if the third-party that they are using is vulnerable, then they are putting themselves in risk because the clients can blame the company instead of the third-party. For instance, if the third-party internet of things (IoT) products that are recommended and installed by the company is hacked, clients will point their finger towards the company and the company will lose their trust. Also, the legal bills from the aftermath of cybercrime can negatively affect the company financially.

Summary

Red Clay relies on IT and IoT to provide “Smart Home” renovation services. Cyber-attacks, disruption on availability in the IT system, and third-party liability can influence the company negative on financial, reputation, and trust. For Red Clay to successfully prevent these types of risks, the company requires to have appropriate cybersecurity measures against cyber-attacks, contingency plan which provides an effective course of action in case of an unexpected downtime or disruption in the IT system, and sign up for the third-party cyber liability insurance.