PART A

Cybersecurity threats refer to potential risks that individuals, businesses and others in the
corporate world are exposed to, these risks in a business setting significantly affect or
compromise the confidentiality, integrity, and availability of computer systems, networks, and
data. These threats are caused by cybercriminals who have identified a loophole within a
company’s way of operating with a motive to exploit various techniques and tools to gain
unauthorized access, companies’ data, disrupt services, or cause other forms of damage.

Type of Cybercrime Threats

1. Malware: Malicious software is designed to disrupt or damage systems or gain unauthorized

access. Examples include viruses, worms, Trojans, ransomware, and spyware. For example,
encrypting users' data.

2. Phishing: Phishing is a social engineering attack that tricks individuals into revealing sensitive
information, such as passwords or credit card details. Attackers often send fake emails or create
non-existing websites to deceive users. For example, using unauthorized links, tricking users
into granting access to their accounts.

3. Denial of Service and Distributed Denial of Service: These attacks overwhelm systems,
networks, or websites with excessive traffic, rendering them inaccessible to legitimate users.
Attackers use networks of private computers infected with malicious software and controlled as
a group without the owners’ knowledge, resulting in widespread internet outages.

4. Man-in-the-Middle Attacks: this attack disrupts or alters communication between two parties
without them realizing such act. This allows the attacker to manipulate the information being
exchanged between two related parties. An example is when an attacker intercepts unsecured
Wi-Fi networks to capture data transmitted between a user and a website.

5. Social Engineering: It involves manipulating individuals to obtain confidential information

though impersonating a trusted entity. For instance, an employee might receive a phone call
from an attacker pretending to be from IT support, asking for login credentials.

6. Insider Threats: These threats come from within an organization, often by current or former
employees with authorized access (having company’s details and passwords). For example, an
employee may steal data) or unintentionally leak sensitive information.
PART B

Cybercrime can have a significant impact on the business operations of retailers and
wholesalers. The impact of cybercrime on the business:

1. Financial Loss: Cybercriminals can gain unauthorized access to payment systems or

steal customer payment card information, leading to financial losses for the business.
This can include fraudulent transactions, chargebacks, fines, and legal expenses related
to the breach.

Forever Butchery Pty (Ltd) is a large retail company with a wide range of clients and a
preferred meat supplier for retail customers or large-scale industries. Given the size of
the company and its nature, the company has a large data base of its customers and
suppliers which contain important confidential information such as credit card details,
passwords and emails. Therefore, the company is more exposed to the risk of losing
customer information as a result of its huge data base as it is of high interest to
cybercriminals.

2. Reputation Damage: A cyber-attack can result in negative publicity and damage the
reputation of a retailer or wholesaler. Customers may lose trust in the company's ability
to protect their personal information, leading to a loss of customers and a decline in
sales.

In this instance, Forever Butchery Pty (Ltd) is a reliable and reputable meat retailer and
wholesaler butchery business with a philosophy of quality goods, friendly customer
service and community-centered values. A cyber-attack on the company will affect its
customer base, customers may no longer want to associate themselves with the
company, therefore, there is a risk of loss of trust by customers in the company which
will impact the profitability of the company as result of loss of sales. If the company loses
80% of its customers, the company might experience a going-concern problem affecting
the day-to-day operations of the entity.

Furthermore, Forever Butchery Pty (Ltd) is a listed company in the JSE, negative
publicity will certainly affect its trading in the market resulting in a loss of potential
investors provided the company has been the most preferred meat supplier in the
industry since its establishment in 2010.
3. Operational Disruption: Successful cyber-attacks can disrupt the normal operations of a
business. Forever Butchery Pty (Ltd) is a huge company with branches all over the
country being the most preferred meat supplier. Due to its large customer base, it is
certain that it has an online ordering system to accommodate a wide range of customer
orders. Therefore, there is a risk of disruption of normal operations of the business as
cyber attackers may overload the system making it inaccessible to customers and
resulting in lost sales and customer dissatisfaction.

4. Intellectual Property Theft: Forever Butchery Pty (Ltd) is making a wide range of quality
meat and other products available to its customers, while also offering competitive
pricing across the board. Retailers and wholesalers often have valuable intellectual
property, such as product designs, trade secrets, and customer databases.
Cybercriminals may steal this information and use it to their advantage or sell it to
competitors, leading a risk of loss of competitive advantage and potential litigation.

5. Supply Chain Disruption: Forever Butchery Pty (Ltd) rely on supply chains to deliver
products to customers. A cyber-attack targeting a supplier or logistics partner can disrupt
the flow of goods, leading to delays, increased costs, and customer dissatisfaction.

6. Risk of non-compliance with the regulatory bodies in the industry: Forever Butchery Pty
(Ltd) as a well-known listed company may be subjected to specific regulations regarding
data protection and privacy. A cyber-attack resulting in a data breach can lead to non-
compliance with these regulations, resulting in a risk of facing fines, legal penalties, and
reputational damage to the entity.

7. Risk of incurring Increased Security Costs: due to internet thieves being well skilled day
by day, retailers and wholesalers often need to invest in enhanced cybersecurity
measures to prevent future attacks. This can include upgrading systems, implementing
advanced security solutions, and training employees, resulting in increased operational
costs.
8. Insider Threats: These attacks often come from current or previous employees of a
company who have been granted access and possess company information and
passwords. There is a chance that an employee might obtain data.) or unintentionally
leak sensitive information other companies within the market.

9. System damage/collapse: if the company uses an online ordering system and a cyber-
attack is launched, there is a risk of losing information pertaining to the customer orders
due to corruption of data, being hacked, virus contamination or internet leakages.
PART C

Cyber Risk Mitigations

It is crucial for businesses to continually evolve their security strategies and stay vigilant against
emerging threats in the ever-changing cyber landscape

To mitigate the business risks identified in part B, Forever Butchery Pty (Ltd) should prioritize
cybersecurity measures such as:

1. Implement strong security measures: This includes using robust firewalls, updating
antivirus software regularly and intrusion detection systems to protect against
unauthorized access and malware attacks.

2. Implement strong access controls: Implement strong password policies, enforce multi-
factor authentication, an extra layer of security by requiring users to provide multiple
forms of identification, such as a password and a unique code sent to their mobile
device. Limit access to sensitive systems and data so that only authorized individuals
can access them.

3. Encrypting sensitive data: Utilize encryption techniques to protect sensitive data both in
transit and at rest. This includes encrypting customer payment information, employee
data, and any other confidential information.

4. Implement secure payment processing: Use secure payment gateways and comply with
Payment Card Industry Data Security Standard (PCI DSS) requirements to protect
customer payment information during transactions.

5. Regularly update software and systems: Utilizing the most recent security patches on
software and systems helps to correct vulnerabilities and defend against known threats.

6. Educate and train employees: Educating employees about cybersecurity hazards will
assist them in understanding the dangers posed by cybercrime’s and how one can
identify and respond to potential threats, such as phishing emails or social engineering
attacks.

7. Regularly backup data: Regularly backing up critical data (customers information such
as ordering and payments records) helps to mitigate the impact of ransomware attacks
or data breaches. It ensures that data can be restored in case of an incident.

8. Monitor and analyze network traffic: Employing network monitoring tools allows for the
detection of suspicious activities or glitches that may indicate a cyber-attack. This
enables timely response and mitigation.
9. Establish an incident response plan: develop a well-structured incident response plan
that outlines the steps to be taken in the event of a cybersecurity incident. This includes
roles and responsibilities, communication protocols, and steps for containment,
investigation, and recovery. Having a well-defined incident response plan in place helps
organizations respond effectively to cyber incidents.

10. The company should partner with trusted IT security providers: Stay informed about
emerging threats, stay updated on the latest cybersecurity trends, vulnerabilities, and
best practices through industry resources, security advisories, and partnerships with
cybersecurity organization.