Vedant Sachdeva (2K20/BBA/172)

BBA, Section-C

iPremier Assignment

Q1) According to me, iPremier performed really well in the 75-minute denial of
service attack or the DoS. Although, they were totally unprepared for this
unpleasant situation, but they managed it in a professional manner. The company’s
Chief Information Officer (CIO) was in New York yet he made various calls to
solve the problem and also listened to the viewpoints of every people related to the
company.
If I was Bob Turley, I would have pulled the plug and disconnected all the
communication lines as all the essential information related to customers’ credit
cards was stored in the company’s servers so if it would have been a serious
intrusion in the company’s server channels then it would have caused a big
problem for the company. Also, one thing I would like to highlight is that the
company didn’t have the necessary technology to detect whether it was a serious
intrusion or a simple DoS attack, therefore it was necessary to shut down the
systems.

Q2) Yes definitely the company lacked in having a good operational procedure in
handling the attack. The reason corresponding to that is their inefficiency to detect
whether it was an intrusion in the company’s servers or a DoS attack and if it was a
DoS attack, they didn’t know how to tackle it. Moreover, the CIO, Bob Turley was
himself asking Joanne about the emergency procedures so it highlights the
company didn’t have any contingency plans in this regard.
iPremier can also discontinue the services offered by Qdata and move on as they
proved to be inefficient. Rather than focusing on profit maximization, the company
should invest more on cyber security.
Q3) In my opinion, the company should focus on modifying their policies by
including various contingency strategies or plans so that they are prepared for any
kind of attack.
The company can arrange workshops as well to spread knowledge about the same
so that their employees are competent enough to tackle such situations.
Moreover, they can develop a mechanism that detects whether it is an intrusion in
the company’s servers or a DoS attack.

Q4) My biggest concern after the incident would be the customer information that
is being stored in the server channels because in a Business-to-Consumer (B2C)
business, the main interaction is with the customers and if the company proves to
be incompetent in handling such an essential information, then the company will
not be trusted by the customers in future purchases.
I would recommend that the company should focus more on protecting the
customer related information by making necessary policies & strategies in that
regard so that they don’t lose the customer’s trust in the future.
Also, the company can outsource or make an internal team of few people to
monitor such attacks from time to time.

Q5) Yes, iPremier should definitely disclose to customers about the intrusion in
the company’s servers or the potential breach because if the customer information
regarding the credit cards is being stolen from the company’s server, then the
customers would know that such an act is about to take place. The customers can
therefore contact their banks to deactivate their credit cards.
This will also help the company in building trust with their customers and they
will be encouraged to purchase from iPremier in the future.
Q6) Hello iPremier family, today is not the kind of day that we expected. We
would like brief you that there was a disturbance caused in our company’s server
or the Denial-of-Service attack better known as DoS attack. There is a possibility
of a potential breach which may have led to credit card information of our dearly
customers being stolen. We are working closely with our service providers to get
this sorted as soon as possible. Sorry for the inconvenience caused.
We look forward to your continued trust and support.
Regards.

Q7) During the Crisis

 While iPremier was at the stage of tackling the crisis, they could have
pulled the plug and disconnected all its communication channels so
that there was no possibility of a potential breach which could have
led to leaking the credit card details of customers. Facilitating this
option meant resuming the company operations after the situation was
in control which could have been less detrimental as compared to what
happened with the company in the end.

After the Crisis

 After the crisis, one of options with iPremier is to move on from
Qdata to some another company for the purpose of outsourcing its IT
operations which have latest technology and advance mechanism to
handle such DoS attacks. Another option is to modify their policies in
which they give more importance to cyber security than profit
maximization. Moreover, having more contingency strategies would
work for the company so as to counter such situations.
Q8) According to me, the Chief Information Officer (CIO), Bob Turley did his
best to control the situation and adopted all the measures to get everything sorted.
With the limited resources that iPremier employees had during the crisis, I think
they showcased good leadership skills as they all were very focused to solve the
issue so that the company does not suffer any consequences. Bob Turley was very
diligent and coordinated very well with everyone whether it was the CEO, Jack
Samuelson, or the tech people and this is what a good leader does.
Also, there were few flaws that I would like to address.
If someone is at fault, it is the founders of iPremier who considered profit
maximization superior to cyber security. They continued to outsource their IT
operations to Qdata for old time’s sake which proved to be incompetent to handle
the crisis.
Moreover, Qdata was lacking advance technology and mechanism to counter the
situation and this is where iPremier was at fault.
The founders ruined it for the company just to make the connections with Qdata
sustainable which eventually made the company’s condition even worse.