IT Risk Management Report: Threats and Mitigation Strategies

Verified

Added on 2020/04/13

AI Summary

This report provides an overview of IT risk management in the context of internet and web usage within organizations. It highlights the benefits of internet integration, such as enhanced business operations, wider audience reach, and improved communication, while also emphasizing the associated risks. These risks include denial-of-service attacks, data breaches, malware, botnet attacks, and phishing. The report then delves into the WannaCry ransomware attack of 2017, detailing its impact on organizations globally, including the NHS, and the methods it employed to spread and encrypt data. Finally, the report offers crucial mitigation strategies, including implementing robust information security systems with updated antivirus software, patching operating systems, handling emails cautiously, and utilizing security suites. The importance of data backup is also stressed to recover from such attacks.

Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
IT RISK MANAGEMENT
1. The Internet and the Web in Organizations
Internet and the web occupy a larger part of the people’s life in today’s world as it is
completely unimaginable to lead a business without the involvement of the internet or the web.
The involvement of the internet in daily operations considerably helps in business enhancement
by automating the processes and complex business operations that can be seen within an
organization. The use of internet is more prevalent in nowadays as it not only helps in proper
management of the business operations running inside an organization, but also helps in reaching
a wider audience. This is particularly because the internet and the web is an important tool of
marketing. A company website can considerably help an organization in reaching a wider
audience. It can further help a business in achieving a perfect image. The web and internet helps
in reaching the customers of all age but more prominently helps in targeting the younger
audiences (Baker, 2012). Ensuring a proper communication with the customer is important for
any business, which can be more conveniently achieved with the help of the internet. Many
organizations are able to communicate with the customers via email or other similar medium,
which might not have been possible without internet. Furthermore, the use of internet and the
web have considerably simplified the way of collecting data and records that might be useful for
setting up a business goal. A proper and an extensive research can be carried out by searching on
the websites and the other available databases. This concept is called data mining. Its helps in
retrieving many vital information that might be very useful for a particular business. This
information includes, the latest market trends, stock exchange rate and so on. Furthermore, the
internet and the web help the business in reaching a wider audience in terms of global audience.
E-commerce website further helps in growth of business globally.

2
IT RISK MANAGEMENT
Apart from this, the internet helps in managing the communication with the people in an
organization that is based on different locations. Transactions can be carried out more
conveniently with the online tools and therefore it can conveniently be said that the internet and
the web plays a major role in organizations.
However, the use of internet and web in the organization is subjected to certain risks or
threats that may hamper the performance of the organization. Denial of the service attack is one
such threat that can freeze all the operations of a particular network for some time. Apart from
this, the storage and retrieval of data online is subjected to a number of risks that includes loss or
modification of the private and confidential information due to a malware (Kessler, 2014). This
might cause a huge loss to the company. Other threats include the botnet attack that is generally
initiated by an intruder in order to gain access or control all the systems connected in a particular
network. Phishing is another such threat that in prevalent in the organizations where the intruder
trying to interpret a communication by hacking a communication channel (Dillman, Smyth &
Christian, 2014). Therefore, an organization needs a proper information system in order to
mitigate the risks that a company might face while making use internet and the web.
2. WannaCry ransomware attack of 2017
WannaCry ransomware attack is one of the most sophisticated attacks of the recent time.
More than 200,000 victims all over the world have been infected by this malware, out of which
the NHS was one of the worst affected victims. This attack was launched on May 12 this year
that infected more than 230000 computers. The malware locked all the files present in a
computer system and demanded a ransom from the owner in form of bitcoins. If not paid within
a stipulated time, all the files from the computer are deleted permanently. The attack was

3
IT RISK MANAGEMENT
dangerous as the malware was able to transfer to the different systems connected over a single
network without human intervention (Mohurle & Patil, 2017). The WannaCry malware mainly
targeted a large organizations as it could spread through the organization’s internal network. A
malware can spread through a number of ways. The WannaCry ransomware targeted the
vulnerability of systems that were running on and older and un-patched version of the Microsoft
windows.
This global attack could have been prevented if proper measures were taken. The steps
that are needed to be taken in order to prevent this type of attack in future are as follows-
1. A proper information security system can be implemented in the organizations in order
to mitigate the risk of entry of any malware into the system. Every system should have a proper
antivirus installed in order to identify any malware invading the system. The antivirus should
undergo regular updates in order to mitigate the risk of viruses or malware infecting the system.
2. WannaCry ransomware targeted the systems that were not patched. Microsoft had
released the patch earlier and has asked its users to update to a newer version of the operating
system. Therefore, it is essential to keep the patches of the operating system up to date. Apart
from this, the windows firewall should never be turned off as it plays a vital role in detecting an
intruder into the system.
3. Phishing or spam emails is one of the major sources of malware propagation.
Therefore, the emails received from the unknown sender should be handled cautiously. The
unknown link or attachments should not be opened. The email spam setting should be
personalized in order to mitigate the risk of information theft.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
IT RISK MANAGEMENT
4. Use of a proper security suite may help in detecting and eliminating a malware present
in the system and can further help in browsing through a public network or WIFI (O'dowd,
2017).
The WannaCry ransomware would not have taken such a dangerous form if the ransom
were not paid. Therefore, it is always a good idea to keep a regular backup of the files, which can
be restored in emergency situation like this attack (Gordon, Fairhall & Landman, 2017).

5
IT RISK MANAGEMENT
Reference
Baker, J. (2012). The technology–organization–environment framework. In Information systems
theory (pp. 231-245). Springer New York.
Dillman, D. A., Smyth, J. D., & Christian, L. M. (2014). Internet, phone, mail, and mixed-mode
surveys: the tailored design method. John Wiley & Sons.
Gordon, W. J., Fairhall, A., & Landman, A. (2017). Threats to Information Security—Public
Health Implications. New England Journal of Medicine, 377(8), 707-709.
Kessler, G. C. (2014). Denial‐of‐Service Attacks. Computer Security Handbook, Sixth Edition,
18-1.
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack
2017. International Journal, 8(5).
O'dowd, A. (2017). Major global cyber-attack hits NHS and delays treatment. BMJ: British
Medical Journal (Online), 357.