Name: Lisbon T Tsvarayi

Reg Number: R206557N

Course: Networking, Linux and Bioinformatics tools

Program: Medical Analytics and Informatics

Question

Econet has recently introduced a promotion where users who buy a daily social bundle for
RTGS$6 are awarded 300mb promotional data each time they buy. You are the Network
Administrator at Econet responsible for data services provision. You have heard that users are no
longer buying daily data packages instead they are opting for the promotional to get free 300mb.
The cheapest daily data bundle is going for RTGS$31 for 20mb. This scenario has greatly
affected the revenue generation from data sales and social media bundle sales as well. As the
Network Administrator, analyze the above scenario and interpret if it’s a cyber threat to our
service provision. Identify and list network related technical solutions that you can implement to
ensure that users that do not abuse this data facility. In your analysis also highlight policy
recommendations you can make to ensure future promotional services are not abused.

ASSIGNMENT TWO
Firstly, a cyber threat is any circumstance or event with the potential to harm a computer
network or system through unauthorized access, destruction, disclosure, modification of data,
and/or denial of service. These threats arise from human actions and natural events and common
ways to gain access to a computer network include removable media, brute force attack using
trial and error to decode encrypted data, web or email attacks, loss or theft of devices containing
confidential information and lastly, unauthorized use of an organization’s system privileges.

According to the above scenario, our company had introduced the Festive Chakachaya
promotion, where users were being awarded 300mb free data whenever they bought the daily
social bundle which cost RTGS$6. This was a way to promote business growth by turning
interested customers into loyal, long-term brand advocates and to attract more. However,
promotion abuse has surged and the question is, can we classify it as a cyber threat to our service
provision? We as a board only classify it as so only if the redemptions are as a result of fraud or
promotion abuse. This is because fraudsters have continued to milk our promotions for their own
gain even if they haven’t been loyal customers hence gaining unauthorized use of our
organization’s privileges and leaving us to pick up the tab.

Promotion fraud can take many forms, but fraudsters will try to find loopholes or any ways to
circumvent our rules to take advantage of our promotion for their own gain. For example, if we
were to run a one-time promotion for new user, a fraudster would try to register multiple
accounts to have access more than one time. In doing so, they violate the terms and conditions
we intended for our promotion. In many cases, this leads to higher operational costs for the
business, monetary losses associated with the promotion, and a lack of real, loyal customers that
the promotion was supposed to attract. The damage caused by promotion abuse may also
negatively impact our brand image, the service we provide to good customers, and our desire to
offer promotions in the future.

Clients are now opting for the promotion instead of purchasing the least expensive daily data
bundle going for $31. In such a scenario our competitor organizations can be much more
delighted as they can promote more clients to continue abusing the promotion with the aim of
negatively impacting our revenue generation from data sales to social media bundle sales. This
becomes an issue to our organization as it generates consequent loss of incomes and social

ASSIGNMENT TWO
information for the clients and so disturbing our system’s financial budget thus deferring any
plans for network and system development.

How then can we protect the organization from this kind of fraud and promo abuse? One of the
solutions we can implement is to limit the promotion duration and campaign budgets and number
of maximum purchases. This means introduction of the promotion for specified days i.e.
weekend days only or specific week days or implement a one-time purchase promo. This reduces
abuse as clients are restricted to only a few days of promotional access. This maintains revenue
generation as the company ensures that users can purchase normal bundles throughout the whole
week. This also improves service provision as it limits data traffic and encourages service
improvement due to availability of profit.

Other solutions include not fully disclosing the limitations of our promo code (as this might give
abusers enough knowledge to start fraudulent related activities), full use of firewalls, information
reinforcements, heavy encryption of information (private and public), having all out control
access of our frameworks, getting our Wi-Fi, and other small steps like running surveys can
gather essential information on abusers. We could also limit the number of user sim card
registrations to two per individual not the current system which allows up to a maximum of five
registrations.

Lastly, another method can be limiting the promotion to a particular area or location. This is
termed geo-targeting; it includes analyzing the areas which show high abuse and either
deactivating promotion in those areas or even use a location phased approach. This will be done
to shield our administrations from information overwhelm. This will address most digital
dangers from clients who are unlawful cybercriminals. Creating geo-targeted codes by zip-code,
city or town, offering free 300mb per purchase in different areas, then track when and how they
are used can be helpful. This can also be aided with utilizing network division, utilizing virtual
private network (VPN), utilizing IDS/IPS to follow potential bundle floods. These amongst
others can decrease the risks of falling into promotion traps.

ASSIGNMENT TWO