IPremier Website Case Study

At approximately 4:30 a.m. on January 12, 2009, iPremier’s website suffered a Distributed Denial of Service (DDoS) attack. A DDoS attack is a method used by mischievous hackers to force a computer resource to stop responding to legitimate users. The hacker achieves this by taking control of a fleet of remote computers, often referred to as “zombies”, in order to send a flood of network traffic to a specific target, in this case, iPremier’s website. The website quickly becomes so overwhelmed dealing with the attacker’s traffic that it essentially locks up, preventing users from accessing the site. (1) After discussing the attack with Bob Turley, CIO, and the IT department, it’s apparent that the website was not prepared for such an attack, as users couldn’t enter the website for approximately one hour and sixteen minutes. Management of iPremier must adjust the company’s IT protocol if the company is to prevent further cyber attacks. In order to accomplish a more secure data system, we suggest management hire a well-known IT specialist to evaluate the situation and give professional advice on how to implement a strong defense. We also advise management to dissolve iPremier’s relationship with Qdata and establish a search team to find a new top notch IT service provider. To combat future virtual attacks, we first advise management to hire, as mentioned above, an IT specialist to review iPremier’s IT infrastructure. The IT consultant can then pinpoint the high-risk areas in the company’s infrastructure and design a more appropriate system to prevent future attacks. We strongly encourage management to heed the advice of the IT consultant and have funds appropriated to fulfilling the consultant’s recommendations without delay. Although the costs might reduce profits, iPremier cannot afford an infiltration into a system that possesses thousands of users’ credit card information. This could lead to years of litigation and lawsuits, leading to a falling stock price, and potentially suffocating the company into bankruptcy. After discussing the attack with Mr. Turley, we discovered that the company’s cyber attack procedures were both outdated and not implemented in a timely manner. Although we hope the consultant’s preventative measures will impede any sort of future attack, it’s paramount that iPremier have procedures in place in order to mitigate the damage done by a virtual assault. In other words, the company must have a damage recovery system in place. Therefore, we will request the consultant to provide detailed reports on how to mitigate the more likely attacks on iPremier’s system. Such reports shall distributed throughout the IT department, and shall be updated every couple of years, in order to stay up to date with evolving technology. In addition, we advise the implementation of a security-training program for all of iPreimer’s staff in order to avoid common mistakes in computer security. We also advise management to approve a yearly cyber attack simulation, allowing employees to better prepare for a cyber attack. Lastly, we strongly advise iPremier to disassociate itself from Qdata as quickly as possible. We’re extremely displeased with the performance of Qdata during this crisis. Our contract with Qdata stipulates 24/7 support, however, we found no such support during the attack. If anything, Qdata prolonged the attack as they prevented Joanne Ripley, head of the IT department, from entering the data center to combat the attack, as Qdata’s own specialist was on vacation. Although the attack appears to not have infiltrated the data center, iPremier cannot risk losing credit card information due to an uncooperative “partner”. We’re aware that Mr. Raj, a founder of iPremier, has a strong relationship with Qdata, however, in order to protect the interests of our consumers and employees, iPremier simply cannot show bias. The company must find a provider who will provide the security and support necessary to sustain long-term success and growth, and it’s our belief that Qdata will not aid the company in achieving these objectives. Luckily for iPremier, it appears this was only a denial-of service attack, with no signs of infiltration. However, a lack of intrusion into the data system should not impede management from taking this matter seriously. In addition, the DDoS stopped the attack on its own, preventing the loss of sales throughout the day. We cannot hope to be as lucky during the next cyber attack. For too long, iPremier has shown minimal interest in protecting its systems. We cannot stand for this any longer. Although the suggestions above will not completely eliminate the risks associated with operating an online retailer, iPremier will at the very least be able to mitigate the attack to a low level.

Works Cited

1. What is DDoS denial of service | Overview | Distributed Denial of Service. (n.d.). Retrieved March 8, 2015, from http://www.prolexic.com/knowledge-center-what-is-ddos-denial-of-service.html

2. Striking the Balance: In-House vs. Outsourced IT. (n.d.). Retrieved March 8, 2015, from http://www.datacenterjournal.com/it/striking-balance-inhouse-outsourced/

Cited: 1. What is DDoS denial of service | Overview | Distributed Denial of Service. (n.d.). Retrieved March 8, 2015, from http://www.prolexic.com/knowledge-center-what-is-ddos-denial-of-service.html 2. Striking the Balance: In-House vs. Outsourced IT. (n.d.). Retrieved March 8, 2015, from http://www.datacenterjournal.com/it/striking-balance-inhouse-outsourced/