With the recent report from the Federal Government showing that cyber-attacks are on the rise, I thought it would be a good time to go over the risks we face as a business. There are four main areas...

Respond to the discussions as if you are the CEO responding to the Chief Information Officer. A minimum of 75 words for each page.



With the recent report from the Federal Government showing that cyber-attacks are on the rise, I thought it would be a good time to go over the risks we face as a business. There are four main areas that I will go over with you and the risks imposed on each area.  Supply Chain Our supply chain is at a risk due to the multiple sources required to make it successful. The more companies and software in use will increase the risk for attacks to happen or for passwords to be leaked. These other companies are at risk of targeted phishing attacks and if they are compromised then in return our supply chain will be compromised as well. There is always a risk for vulnerabilities in software as well so we need to stay vigilant.  Public Relations If there is ever any leaks of private information or our social media accounts are compromised, this would pose a huge threat to our public image. If we have any private information leak such as credit card information or our database of customers, then we face a huge potential backlash from our customer base.  Finance Finance is a major part of a company that needs to be protected. Our records are at a risk to ransomware attacks. If we get hit with a ransomware attack without proper backups then our finances will be lost. Our employees need to be aware of the possible targeted attacks and phishing attempts that could happen. If our passwords get out to the malicious attackers then they could inflict serious damage.  Human Resources Our human resources database is at a risk for a data breach. It is imperative that we keep our HR staff up to date and provide proper training. If we have any breaches in that department then a lot of private information would be leaked and it would be detrimental.  First, anything that is connected to the internet is vulnerable to a cyber security attack. I am sure the supply chain, public relations, finance and human resources have some sort of application or multiple applications that require internet access. Supply chain: The supply chain obviously deals with tangible items; items that are ordered from a vender and sent to the store’s location. Supply chain application to order supplies is also linked to some sort of bank account, so that when the store orders supplies from the vendor, they are able to pay when the order is placed…sort of how like a person would link a paypal account or a credit card to their Amazon or ebay account.  Cyber security threats can affect the supply chain because the accounts of both the retail store and their suppliers can be compromised by someone hacking into the supply side of the application and stealing their inventory or the banking side of the application and steal the money. Public relations:  Being that this is a major retail store, I’m sure they have a mailing list of customers that they send emails to every month or every time there is a sale or some other kind of special event involving the store.  The customers can be victims of phishing scams where a fake email is sent to the customers disguised as an advertisement email from the store and steal the customer’s log in information for their accounts.  Also, the intruder may hack into the database and steal other information such as customer names, physical addresses and email addresses.   Finance:  Both company and customers of the retail store chain are vulnerable to  this attack.  Again, being that this is a major retail store chain, it is safe to assume that this store has it’s own charge card.  The customers’ name, address, social security number, and charge card number could all be compromised. The company’s account could also be compromised and money stolen from both customer and company. Human Resources: Employee data and applicant data can be compromised with a cyber attack.  The intruder could hack into the company database and obtain sensitive information such as names, addresses, and social security numbers, phone numbers, employee ID’s and salary information.