Question

1. Discuss at least three ways that the ransomware attack harmed Indigo. Identify and discuss at least two reasons that Indigo may have been particularly vulnerable to a cyberattack.

2. What approaches can Indigo use in the future to assess risk and improve decisions around
cybersecurity investment (provide at least 2 approaches and provide details on what they would
constitute)? Describe at least 3 controls (general or application) that Indigo can implement or
strengthen to reduce risk and mitigate the possibility that cybersecurity breaches could happen
again in the future.
3. Drawing on your knowledge of e-commerce features and benefits, and using the Indigo cyberattack
to inform your answer, explain the harms for businesses when their e-commerce channel is not
available to customers. Provide at least 3 examples.
4. Which of the four basic competitive strategies outlined in Chapter 3 of the textbook do you think best describes Indigo’s approach? Explain your reasoning and provide two examples of how Indigo uses or can use information systems and technologies to support that strategy. How effective is Indigo in using information systems and technologies to gain or maintain competitive advantage?

Answer 1

The ransomware attack on Indigo could lead to operational disruptions, data breaches, and financial loss. To enhance cybersecurity, Indigo should consider frameworks like CMMC, employ strategic controls, and regularly assess risks. The unavailability of their e-commerce channel could result in revenue loss, reputation damage, and competitive disadvantage.

Step-by-step explanation:

Impact of Ransomware Attack on Indigo

Ransomware attacks can cripple an organization's operations. For Indigo, three possible ways in which such an attack could cause harm include: disruption of daily operations, loss of sensitive customer data leading to a breach of trust, and financial costs related to ransom payments and recovery efforts. Indigo may have been vulnerable due to insufficient cybersecurity measures and potentially lax employee training on cyber threats.

Improving Indigo's Cybersecurity

To mitigate future risks, Indigo could adopt a comprehensive cybersecurity framework and conduct regular risk assessments. Two such approaches might be the implementation of a Cybersecurity Maturity Model Certification (CMMC) and the utilization of Red Team exercises to simulate attacks. As for controls, Indigo could strengthen network security through the use of firewalls, encryption, and multi-factor authentication.

E-commerce Disruption Harm

When an e-commerce channel is compromised, businesses may experience direct revenue loss, a damaged reputation causing customer churn, and competitive disadvantage due to decreased availability. These outcomes impede the efficiency and trustworthiness that customers expect from online shopping experiences.

Indigo's Competitive Strategy and Information Systems

As for Indigo's competitive strategy, assuming it emphasizes customer experience and tailored services, it could be pursuing a differentiation strategy. Information systems supporting this strategy may include personalized marketing tools and a robust CRM system for tailored interactions. Effectiveness in leveraging these systems may provide Indigo with a significant competitive edge.