Company Alpha is located in the Midwest United States. It deals in medical supply sales to hospitals and clinics in the surrounding area.  The current number of employees stands at 75 people. Of those, the 5 people who work for the IT department are the only ones who receive annual training in cybercrime. What they learn at these trainings is not shared with other employees, simply because time is not put aside for internal password, MFA, and malware training.  At 6:00 am, all employees received an email from an account with a familiar company domain. The email came from john.clower@companyalpha.com, the usual address that tech information was sent through. It stated that updates needed to be installed before devices were used for the day. As salespeople, receptionists, and management logged in and checked their emails, they downloaded the attachment and installed.  They failed to notice a pretty common trick for phishing and ransomware scammers: Using a similar and familiar email address to fool victims into following their instructions. The actual tech supervisor’s email address was john.dower@companyalpha.com. More than 30 people downloaded a ransomware program onto their devices.  By 9:00 am, several computers were getting strange popups stating that all files on the device had been encrypted, and that the only way to regain access to them was by purchasing a decryption key through a website. Meanwhile, the ransomware continued its journey through the network, effectively shutting down every unsecured device logged into the WLAN.  Confidential customer data, employee email addresses, and personal information were skimmed and saved, to be sold on the dark web. It was a network blackout of massive proportions, and one that could only be solved by paying the creators of the ransom the sum of money they demanded. All employees were asked to log off and avoid accessing company data until further notice– Without the  network, critical functions, including sales documents, access to printers, and customer orders, were completely inaccessible.  After a week of failed attempts to remove the ransomware, it was decided that it would be more cost-effective to pay. As of now, the company had lost a week’s worth of sales, employees were unable to work, and many customers were questioning the reputation of a once-trusted supplier.  Company Alpha paid the RM 75,000 ransom, nearly draining company coffers. It took another 48 hours to receive the decryption keys. By the end of the incident, the company was out more than RM 100,000 in damages, compensation, and hiring a team to revamp the network security.  The story of Alpha company is fictional, but the situation and severity are very real. Without multilayered, adaptive security systems, a single misclicked attachment or unnoticed phishing email could bring a business to a grinding halt. 

(a) Discuss FIVE (5) threats/attack and vulnerabilities occur at the Alpha company.

(c) To strengthen the IT system security in the company (based on the case study above), propose and suggest the solution and countermeasure needed for the company to preserve their valuable assets. Your suggestions should relate to the threats/attack and vulnerabilities answered in Question 1(a).

   Your suggestion will be based on the following components:

1. Technology Used
2. Policy and Procedure