The iPremier Company (A)

Distributed Denial of Service Attack

Question – How Well did the iPremier Company Perform during the seventy five minutes attack? If you were BOB Truley, what might you
have done differently during the attack

With respect to the case, we are of the opinion that iPremier is lucky during those seventy five minutes of the attack if they atall getaway
from attack without much damage. Attack started at 4.31 AM and stopped at 5.46 AM on its own without any action from anybody in
iPremier. They are not even able to access whether there has been any damage done due to the attack. Following points highlight behind
our assessment of poor performance of iPremier.
1. Ipremier team completely failed to detect the problem. One person was informing to other employees about the attact without
knowing the exact situation while CIO himself wanted to keep it secret.
2. There was no coordination between management team. There was no clear picture what should be priority to handle such attack
whenever situation arise. Different people were suggesting different response to minimize the impact in their respective work area.
While CTO was concerned about action so as logging data can be protected for further investigation, VP business head Warren was
concerned about customer data breach while legal team was concerned about legal implication of attack. CEO wanted to work as
per plan however plan itself was missing.
3. Missing Emergency Response Plan – First line of defence in such situations is Emergency response plan. Very few in iPremier were
aware of Emergency response. Even BOB had not seen such a plan and assumed it to part of larger Business continuity plan. BCP
was outdated and not many people in the organization were trained to take action as per the plan. Even incident reporting was not
carried out on proper manner.
4. Business continuity plan come along with disaster recovery plan and incident reporting plan however concerned persons were not
aware of it including BOB and few are trained to take actions.
5. iPremier data is hosted by Qdata databases which was not technically superior and was not aggressive in investing in advance
technology and also trouble in retaining staffs.
6. Qdata supposed to provide 24X7 services to resolve any services however its relationship manager was not reachable during the
time of attack and and other employees were not cooperative which delayed the entry of Joanne and subsequent action she have
taken to minimize the damage. BOB didn’t have contact details of escalation matrix.
BOB Truly would have taken following actions in such a situation.

1. Communication and Transparency – Communication was completely missing from BOB end he was only at
receiving end one after the other. We would have inform all members of management committee
altogether without any delay and sought for their advice and priorities. It would have avoided smoothen
communication and unnecessary confusion among top management.
2. Even though BCP was outdated, we would have referred the BCP plan to handle the situation which would
have given some basic ideas on immediate actions in appropriate and timely manner. People or technology
can change but basic philosophy to handle situation like this would remain same and it. BCP was acceptable
to internal as well as external stakeholders and actions under that would not enforce personal and
organization liability.
3. Clarity of thoughts should be paramount in such situation rather than carried away with other’s
expectations. Different stakeholders responds differently to situation. We should have prioritize various
actions and take decisions in timely manner. If it were to protect customer data, he should have given
immediate instruction to take server down from the internet even if at the cost of business and other
investigations.
4. Immediate response action on hosting company is required for no response or service at the time of need.
Question 2 - The iPremier Company CEO, Jack Samuelson, had already expressed to Bob Turley his concern that the company might
eventually suffer from a “deficit in operating procedures.” Were the company’s operating procedures deficient in responding to this attack?
What additional procedures might have been in place to better handle the attack?
It is clear from the incident that iPremier there is complete deficiency of normal operating procedures to handle the situation. Company
should have similar extensive disaster recovering plan put in place with tested on regular basis and trained employees to handle situation
like this. A disaster recovering plan may have following component.
1. Business Continuity Plan - A business continuity plan (BCP) is a document that outlines how a business will continue to operate during
an unexpected and unplanned disruption in services. It will chart out plan to communicate with the customers and employees to
handle the various aspects of business without creating confusion and carried away by rumors.
2. Data Protection Plan – A thorough assessment should be carried out and put under the plan to minimize access of critical data to
hackers reducing the threat of data loss. Back up data would able to assist in bring business live again as soon as attack is over.
3. Loss Minimization procedures – It is important to minimize losses during such events. These losses can be financial losses, legal
liabilities and reputational ones. Most organization are concerned about reputational damages due to break of systems.
4. Emergency Communication Plan - An emergency communications plan is a document that provides guidelines, necessary contact
details and procedures of how information should be shared with internal and external stake holders during all phases of an
unexpected event that requires immediate action like in case of Cyber Attacks. A strong EC plan provides step-by-step instructions for
how to deal with a crisis.
5. Restoration Plan – Thorough steps should be put in place to restore the systems as soon as threat has been mitigated or ended. It
provides solutions to bring systems live in fastest and most efficient manner.
6. Incident Response Process - When a cyber attack of such kind occurs, every second matters. Attacks like malware ransomware spread
very fast from device to device and can cause unparalleled damage to systems. It can also compromised accounts details and give
access to sensitive information like can have legal implications. Well planed Incident response is a structured methodology for handling
cyber attacks, breaches and other cyber threats. One the one hand, it allows to effectively identify risk, minimize damage and reduce
impacts of cyberattack while on the other hand it helps in finding and fixing the cause so that you can prevent future attacks.
7. Improvement Strategy – Every such incidents are great learning and organized learning methods can improve on systems and help
organization secure its systems in future.
Question 3 - Now that the attack has ended, what can the iPremier Company do to prepare for another such attack?

Prevention is best safeguard for breakdown. A details Disaster recover plan should be put in place and should be
reviewed , tested and trained to employees concerned annually. As discussion above, disaster recovery plan provides
details for immediate response in case of cyber attack however to avoid any future attacks, it requires visible culture
changes in organization the way it conducts its business and concern about cyber threats. Some of the following actions
can be taken to avoid future attacks.
1. Upgrade in technology or work with those service providers who can provide latest technology and systems which are
difficult to break by attackers. Incorporation of latest best practices can help company guard against the majority of
such threats.
2. Identify potential threats – It is important to carry out risk assessments periodically. It is important to identify the
potential hacks, attacks and breaches that can threaten the organization and understand the risks associated with those
events. It is important to appoint independent consultant and change consultants in regular manner to identify the left
out gaps. Once the likelihood and the consequences of a threat is known it is easy to work on improvements and
recover plan as well.
3. Detail Monitoring plan is required to ensure adherence to procedures set by the organization. A well-prepared
businesses will always have an ongoing monitoring program in place. It allows to notice when a breach is underway, or
identify a threat before stuck.
4. Roles and Responsibilities – It is important to have clearly defined the roles and responsibilities of employees who are
responsible to work on strengthening of systems and prevention of such attacks. There should be independent and
equally capable person for recovery plan as well. They should work in collaboration and identify their gaps to improve
systems and prevent such attacks in future.
5. Disaster Recover Plan – As discussion in slide number 4, it is important to have disaster recovery plan put in place to
deal with future threat of such attacks.
Question 4 - In the aftermath of the attack, what would you be worried about? What actions would you recommend?

iPremier response was not as good as it should have been. Some employees were giving suggestions to shut down the
server while other want to avoid it to investigate the cause of incident. Management was not able to make any decision
during the crisis. Its worrying state of affairs in the organization where process and procedure are not in place while on the
other hand management was not able to prioritize and make decisions. CEO foresee the situation that’s why he hired BOB
to improve on procedure and systems to bring company to next level of growth and sustainability. We would recommend
following steps for iPremier to take on immediate basis.

1. Change in Hosting Company Qdata – Qdata completely was neither providing superior technology with best practices
nor it met the expectation of need of the hour. It failed to retain its experience employees as well which also caused
poor customer service. So we suggest iPremier to search for New service provider who can provide latest technology
and given track record of providing excellence services in such situations.
2. iPremier can also explore the option of bringing hosting services in house so as appropriate time and resources can be
provided to protect servers from such cyber attacks. Since company has good financial strength, it can afford to spend
money on latest technology and expertise. It will also build in house capabilities to handle such situation within time
frame and tolerance level.
3. We would recommend to have disaster management committee within the organization who would be first to
communicate in case of such incidents. Committee should ensure appropriate resources and investment to strengthen
the preventive measures and delegate responsibilities to take actions on immediate basis in case of crisis.
4. Periodic risk assessment and regular Training process on Disaster recover plan is paramount to minimize threat to cyber
breach.
Question 4 - What is the learning from this case?

1. Invest in technology so as such failures can be prevented. It will also minimize risk of financial losses, legal liabilities and
reputational impact.
2. There should be control on service providers and their services and offering should be reviewed periodically.
Competitive advantages and disadvantages of their offering should be discussion and debated for healthy responsible
relationships.
3. Detail and thorough understanding of subject matter and appropriate plan put in place to understand the gaps.
4. Disaster recover Plan should always be in place and updated periodically and it should be living document ingrained in
the minds of all concerned stakeholders.
5. Roles and responsibilities should be clearly defined and persons should raise their concerns on appropriate forums.
6. Emergency Communication plan should be in place to address concerns of internal and external stakeholders.
7. Learning, assessment and recognize gaps, improvement and investment in technology to fill in GAPs. It’s a continuous
process and should have dedicated team to run critical systems smoothly.