Larry,
There have been some risk statements identified within the annual report. These statements are cyber-attacks could affect our business; disruptions in our computer systems could adversely impact our business, and a chance of liability if third-party equipment related to failing to provide adequate security for our clients. It is important to clearly express the importance and achieve clarity in the explanation to shareholders. The reason for this is that shareholders hold power and directly affect the profitability of an organization (Horton, 2015). All these statements express risk associated with our renovation and rehabilitation of residential buildings. Each of these statements offers broad risk events and different potential levels of impact. Each of these statements should be taken seriously as statics like 70% of directors surveyed indicate the significant concerns from the risk of un-trustworthy third-party software (VERACODE, 2015). This paper will discuss the potential risk events and impacts.
How cyber attacks affect business
Cyber attacks can bring a company of any size to its knees with one successful attack. One example of an attack that can be detrimental to a companys future is ransomware attacks. Ransomware is an attack where malicious software takes a computer, or certain services, ransom by denying user access (Fruhlinger, 2018). The attacker usually demands some form of ransom in exchange for access restoration. A mass ransomware attack launched on multiple machines, especially critical ones, can impact a business tremendously with the work stoppage, loss of revenue, reputational loss and more. A somewhat recent example of this is an attack on Russias biggest oil company in 2017. This ransomware attack affected over 300,000 machines and was capable of shutting down critical infrastructure and crippling the oil company and associated businesses (Stubbs, 2017). The company is now out to recover about $2.9 billion in losses from the attack. This is a substantial amount for any organization.
Computer system disruptions
Computer system disruptions can equate to a loss of productivity, opportunities, data loss and more. While many companies are transitioning or currently using, cloud computing, storage, and services, there is still a probability for system disruptions or downtime (Felter, 2018). Fortunately for Red Clay Renovations, all the equipment and services are maintained onsite. This alleviates the probability that a 3rd party computer system is disrupted causing company downtime. This doesnt mean the business is safe from disruptions as Red Clay Renovations are still at risk for attacks. According to Gartner research (Lerner, 2014), the hourly cost for downtime can range from $140,000 to $540,000, depending on the size and scope of an organization. An example of a system disruption that causes downtime could be Slack, a workplace chat and collaboration platform, that went out for about 4 hours in June of 2018 (Gyarmathy, 2018). Slack is used by over 500,000 organizations and 65 Fortune 500 companies. This unscheduled outage caused all of these organizations to hemorrhage revenue. Computer system disruptions can cause potential impact from different angles.
Third party equipment risk
Recommending and installing third-party equipment comes with risk, as this equipment may not be the most secure. The smart home remote and other devices dont offer almost any security besides a single-factor authentication. This authentication is common but the least secure; merely a username and password and can be discovered fairly easy depending on the encryption methods of the device (CWE, 2018). The equipment brands vary which means that interoperability is in question for functions and security of devices. Interoperability is critical in the use of third-party devices or services because if one device security system fails, it could lead to other devices being compromised (NIST, 2018). Overall, Red Clay Renovations can be held liable for their recommendations and installation of third-party equipment in the event it fails to provide adequate security.
Conclusion
Almost every cybersecurity attack has the ability to impact and damage the company by financial loss, reputational loss, client trust, and loss of opportunity. Any instance of unscheduled downtime can lead to the loss of revenue for the organization (Lerner, 2014). While cyber attacks are an everyday occurrence for larger companies, attacks being accomplished will cause reputational loss. Customers frequently encountering outages due to cyber attacks will eventually stop using or avoid services by that company (Gyarmathy, 2018). When data is lost due to attacks or downtime the trust of clients will diminish since they may have information within company systems like address and payment information. When an organization is unable to offer or provide services, the loss of opportunity occurs because a potential client cannot purchase or possibly contact the company in interest (Gyarmathy, 2018). In conclusion, the potential risk and impacts faced by this company are important and can be detrimental to the survival and growth of this organization, however, it is possible to mitigate these risk to the lowest denominator.