IT Risk Management Report: Internet Security and WannaCry Attack

Verified

Added on 2020/04/15

AI Summary

This report focuses on IT risk management, particularly concerning internet security and the WannaCry ransomware attack. It begins by highlighting the integral role of the internet and the World Wide Web in modern business operations, emphasizing its use in marketing, communication, and data storage. The report then identifies various internet-related risks, such as denial-of-service attacks, malware, phishing, and botnet attacks, and underscores the need for robust security measures. The core of the report examines the WannaCry ransomware attack of 2017, detailing its nature as a malware that encrypts files and demands ransom, its global impact, and its exploitation of vulnerabilities in outdated Windows operating systems. The report offers preventive measures to mitigate such risks, including updated antivirus software, firewall protection, and regular data backups. It concludes by emphasizing the importance of not paying ransoms and the need for proactive security practices to safeguard vital organizational information. References to relevant research and publications support the analysis.

Running head: IT RISK MANAGEMENT
IT risk management
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
IT RISK MANAGEMENT
1. The internet and the web
It is very difficult to imagine any business operation without the involvement of internet
and the World Wide Web. The involvement or use of internet in business has significantly
helped in altering and enhancing the day-to-day operations involved in a business. Furthermore,
it is one of the essential tools for marketing and advertising that is more conveniently used to
reach a wider audience. A company website helps an organization to present its business to
global customers (Baker, 2012). Furthermore, internet is used for making the customers aware of
the current promotions in the organization. With the advent of internet and increasing use of
web, most of the business operations use internet as a medium for carrying out vital operations,
which includes storage and access of the important files and documents, communicating
important information and so on.
Creating a good image and an intelligent marketing is very important for an organization
to be successful. Internet plays a huge role in achieving this. An effective company website helps
in creating a perfect web experience that helps in reaching a wider audience. Use of social
networking is increasingly used by different organizations in under to identify their target
audience.
Maintaining a good communication and having a proper interaction with the customers is
very important and vital for expanding a business. The internet helps in achieving it. Email,
instant messages, internet telephony and so on. The use of internet makes it easier for the
businesses to deliver the messages to the employees and staffs of the organization as well.
Personally, the use of internet has helped in performing the different operations of the
organization more accurately. It simplifies the process of information collection by conducting a

2
IT RISK MANAGEMENT
secondary research from the internet. The information gathered can be recorded electronically
that eliminates the hassle of manual information keeping. Furthermore, with the advent of
internet, carrying out payments and transactions has become even simpler.
However, there are certain risks that are associated with the use of internet in
organizations and for personal use as well. Denial of service attack is a common attack that can
jam the network of the organization stopping all the important operations (Kessler, 2014). This
could result in delay in the important operations of the organization. Apart from this, the
electronic document keeping is prone to malicious attack where an intruder aims at hacking the
important information of the company. The online transaction also possesses a threat associated
with the loss of private and confidential information such as details of the credit and debit cards.
Furthermore, the internet and web is prone to botnet attack, where a hacker can access all the
computers connected with a common network (Dillman, Smyth & Christian, 2014). The
hackers, for obtaining the private information about the participants of the communication, can
also compromise the communication channels. This is known as phishing. Phishing frauds can
appear as a guise of email messages that are intelligently designed to appear as if they are
coming from a legitimate source. Therefore, proper protection against these frauds is necessary
in order to protect the vital information of the organization.
2. WannaCry Threat: Ransomware Attack 2017
In this digital world, where every information is stored digitally, proper protection of
information is necessary. Digitization has no doubt improved the life and style of the computer
users. However, the wannacry attack was totally unforeseen. Wannacry attack was the worst
attack that the world has seen over the time.

3
IT RISK MANAGEMENT
Wannacry ransomware is a malware that blocks the users’ access to their own files and
systems by encrypting all the files that are present in a system. The files could only be decrypted
once the victim pay and ransom in form of bit coins. Victims on finding no other alternatives
were forced to pay a huge amount to the attackers. The malware first appeared in May 12th 2017
and spread like a forest fire all over the world. It targeted the unpatched computes working on an
old version of windows operating system (Mohurle & Patil, 2017). It mainly targeted large
organizations in order to spread rapidly through the organization’s internal network. The most
dangerous feature of this malware was that it could spread even without involvement of any
human by exploiting the vulnerabilities of the windows operating system running on the
computer. The malware had infected over 230000 computers over the world. The malware attack
spread by various methods that include email spam or phishing emails sent on the system that is
running on an older version of Microsoft windows. It was identified later that the systems that
were targeted by the attack were still running on an outdated version of windows XP.
The attack could have been prevented if certain preventive measures were ensured on the
system. Considering the systems that are used for carrying out the most vital operations, proper
security measures was essential. The risk of such ransomware can be mitigated by having a
updated antivirus installed in the system. Spam messages should be blocked without reading or
the spam settings can be personalized. The patches in the operating system should be kept up to
date and windows firewall should be always turned on (O'dowd, 2017). A proper and reputable
security suite should be installed in the system and proper measures should be taken while
accessing any Wi-Fi network. The users should prevent themselves from visiting any unreliable
website in order to prevent any malware infection in the computer system. Furthermore, the .exe
files should be filtered in the email. Apart from this, the Microsoft office components should be

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
IT RISK MANAGEMENT
kept secured apart from disabling the remote services. These preventive measures can help in
preventing the type of attack in future. Apart from this, it is never a good idea to pay a ransom to
the attackers, how small the amount might be (Gordon, Fairhall & Landman, 2017). This
instigates the attacker in launching this type of crime in future as well. Another good idea for
preventing such attacks is to keep a back up of the important files on a regular basis, so that even
if this type of attack breaks in, the victim could use an alternate option for restoring their data.

5
IT RISK MANAGEMENT
References
Baker, J. (2012). The technology–organization–environment framework. In Information systems
theory (pp. 231-245). Springer New York.
Dillman, D. A., Smyth, J. D., & Christian, L. M. (2014). Internet, phone, mail, and mixed-mode
surveys: the tailored design method. John Wiley & Sons.
Gordon, W. J., Fairhall, A., & Landman, A. (2017). Threats to Information Security—Public
Health Implications. New England Journal of Medicine, 377(8), 707-709.
Kessler, G. C. (2014). Denial‐of‐Service Attacks. Computer Security Handbook, Sixth Edition,
18-1.
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack
2017. International Journal, 8(5).
O'dowd, A. (2017). Major global cyber-attack hits NHS and delays treatment. BMJ: British
Medical Journal (Online), 357.