Executive Summary
Since 1997, Amazon has been delivering top-quality services to its customers. Today, Amazon is a multinational company that operates in several markets e-commerce, cloud computing, digital streaming, and artificial intelligence markets. It employs 1.3 million people and serves hundreds of millions of customers around the globe (Amazon, 2021). It has created more than $1.6 trillion of wealth for shareowners, which makes it one of the world’s largest corporations (Amazon, 2021).
Amazon is considered one of the best employers and the world’s safest place of work (Amazon, 2021). The most famous products and services of Amazon include Amazon Prime, Amazon Marketplace, Alexa, and Amazon Web Services (AWS). The company is known for its support of sustainable development principles and takes high social responsibility (Amazon, 2021). In summary, Amazon is an international company that competes in several markets using the latest technology.
Amazon was started in Washington in 1994 before reconsolidating in Delaware in 1996. Amazon has strengthened its selling mechanism in its SEC Form 10K filing with the United States Securities and Exchange Commission (Amazon, 2021). The corporation is led by four ideologies: a customer-centric style instead of a competitor-focused approach, a craving for creativity, a commitment to operational distinction, and long-term performance.
The company went through an initial public offering (IPO) in 1997, which allowed it to transform the business from selling books to selling different products (Amazon, 2021). Despite high initial investments, Amazon was unable to make any profit for four years, showing first profit only in the fourth quarter of 2001 (CNN Money, 2002). Other important dates include launching Amazon Prime in 2005, moving to the cloud computing market with AWS in 2005-2011, and announcing Alexa Voice Service in 2014 (Amazon, 2021). In short, the company has a rich history of success in several markets.
The service discussed in the present paper is the retail platform used by the company to compete in the e-commerce business. The platform allows companies and individuals to sell their products. At the same time, Amazon uses the platform to sell its own products, acting both like an e-commerce retailer and an online marketplace. This implies that Amazon uses both B2C and B2B models, which allows it to have a large customer base with diversified revenue streams.
Amazon focuses on standardization of quality and procedures around the globe to ensure minimal deviations, which allowed it to create a strong brand image (Amazon, 2021). At the same time, the company adjusts its marketing to the needs of local individuals, which ensures the company’s strong customer relations. In short, Amazon maintains a high level of operations quality which allows it to successfully compete in the e-commerce market.
Since Amazon provides all services online, it is extremely sensitive to any problems with cyber security. Therefore, it is crucial for the company to continuously assess cybersecurity risks and implement necessary policies to ensure a steady flow of operations. The present paper aims at analyzing the cyber security risks Amazon faces and describing mitigation strategies to address the risks. Additionally, the paper provides an acquisition forecast that describes all the technologies, services, and products that need to be purchased to mitigate the identified risks.
Risk Management Profile
The analysis of risks revealed that Amazon faces six risks, including two types of hacking, phishing, ransomware, human error, and insider threats. Several strategies were identified to mitigate these risks. These strategies included using encryption of data at rest and data in transition, using security software, such as antivirus and firewalls, conducting cyber security training, controlling privileges of users, monitoring unusual activity, and ensuring the physical safety of assets.
All the risks and mitigation strategies are organized in Table 1 below. The table lists all the risks provides mitigation strategies and lists the required technologies, services, and products to implement the strategy. Additionally, the table includes the category of the threat according to the Framework for Improving Critical Infrastructure Cybersecurity developed by the National Institute of Standards and Technology (NIST, 2018).
This framework “focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes” (NIST, 2018, p. v). The mitigation strategies were advised by Big Commerce (2020).
Table 1. Risk Management Profile Table
The table demonstrated that several risks have similar mitigation strategies, such as using and updating security software, making frequent backups, and providing necessary training to employees. For instance, protection measures from phishing and ransomware are absolutely identical, as seen in Table 1. This implies that the risks should be addressed in their complexity rather than trying to mitigate one risk at a time. The acquisition forecast provided in the next section was created with this idea in mind.
Acquisition Forecast
Proposed Acquisition List
The present section aims at summarizing the products, services, and technologies. Amazon needs to mitigate the cyber security risks discussed in the previous section. The list provided below includes a minimum of technologies needed to address the identified risks. It should be expanded and moderated in the future to maximize cyber security at Amazon.
- Antivirus. The antivirus software aims at detecting and deleting viruses from a computer along with preventing viruses from entering. Modern antivirus software can also be used for defending against malware (software used to disrupt or damage the computer), ransomware, and phishing. Amazon needs to purchase, install, and use antivirus software to defend all its computer and network equipment from malicious users. Table 1 demonstrates that antivirus is expected to defend against database breaches, phishing, and ransomware (Risks 2, 3, and 4).
- Firewall. Firewalls monitor the incoming and outgoing traffic to allow or deny access using a set of defined security rules. Today, firewalls are often sold in tandem with antivirus software to maximize integrity between the products. Thus, it is always best to purchase these two products from the same vendor. According to the Risk management profile table, Amazon needs a firewall to protect it from database breaches, phishing, and ransomware (Risks 2, 3, and 4).
- SSL/TLS certificates. The SSL/TLS technology is used to encrypt the data in transit between the remote server and the browser. This technology allows addressing Risk 1 (loss of sensitive information from online transactions).
- Cyber security training tools for employees. These tools allow online training of employees to increase their level of awareness about cyber security risks. While Amazon can develop its own cyber security courses that would be very specific to Amazon’s culture, operations, and environment, it can also purchase out-of-the-box solutions. This product will help to minimize human errors and insider threats (Risks 5 and 6).
Discussion of Possible Vendors
Antivirus and Firewall
Antivirus software is considered a crucial aspect of the cyber security of any company. There are numerous vendors that sell antiviruses and firewalls, including Kaspersky, ESET, McAfee, Avast, Norton, and Bitfinder. All of these vendors provide similar packages of services for a relatively similar price. US News evaluated the antivirus solutions to create a list of Top 9 antivirus vendors. The three best antivirus and firewall vendors are Bitifinder (first place), Kaspersky (second place), and Webroot (third place) (Kinny, 2021).
Since Amazon is one of the largest companies in the world highly sensitive to cybersecurity risks, it would be appropriate for the company to use the best provider regardless of the price of the solution. Among the top three providers, it is best to select Kaspersky as an antivirus/firewall provider. Even though Bitfinder is considered the top provider, it does not have identity theft protection, which is crucial for Amazon (Kinny, 2021). Webroot also lacks identity theft protection and a virtual private network, which is crucial to mitigate the identified risks (Kinny, 2021). Thus, even though using Kaspersky may be expensive, it is the best option for Amazon.
SSL/TLS Certificates
The encryption certificates protect data in transit, which is one of the central cyber security risks of Amazon. The most widely known vendors include Comodo, DigiCert, GeoTrust, and GlobalSign (Pickavance, 2021). All the certificates have a similar level of protection regardless of the vendor. Therefore, Amazon should seek the best deal it can get in terms of pricing when selecting the vendor.
Cyber Security Training Tools
Cyber security training tools are crucial for preventing human errors and protecting against insider threats. Additionally, training helps to avoid phishing, ransomware, and malware, which is crucial for Amazon.
According to eSecurity Planet, the top three vendors of cyber security training programs are KnowBe4, Cofense, and CybSafe (Robb, 2021). All these companies provide similar services; however, CybSafe can tailor itself according to the level of knowledge of the employees. This feature is crucial for Amazon, as it is a multinational company with more than a million employees that have different levels of cyber security awareness.
It is crucial that training is personalized to take into account the personal needs and skills of the employees. Thus, CybSafe is the preferred vendor among the out-of-the-box solutions for cyber security training. However, it may still be appropriate for Amazon to develop its own training courses to meet the specific needs of the company.
Conclusion
Amazon is one of the world’s largest e-commerce companies operating around the globe. Since the majority of its business is conducted online, the company is highly sensitive to disruptions associated with cyber security.
The present paper identified strategies for mitigating six cyber security risks, which included installing and maintaining security software, conducting cybersecurity awareness courses, encrypting data in transit and at rest, controlling privileges of users, monitoring unusual activity, and ensuring physical safety of assets. In order to implement these strategies, the company will need to purchase antiviruses, firewalls, TLS/SSL certificates, and cyber security training tools.
References
Amazon. (2021). Annual report 2020. Web.
Big Commerce. (2020). What you need to know about securing your eCommerce site against cyber threats. Web.
CNN Money. (2002). Amazon posts a profit. Web.
Kinny, J. (2021). The best antivirus software of 2021. US News. Web.
National Institute of Standards and Technology. (2018). Framework for improving critical infrastructure cybersecurity. NIST. Web.
Pickavance, M. (2021). Best SSL certificate services to buy from in 2021: Get the cheapest price today. Tech Radar. Web.
Robb, D. Best cybersecurity awareness training for employees in 2021. eSecurity Planet. Web.