Amazon Executive Summary
Amazon’s History and Background
Amazon is the largest online marketplace in the world, known for its disruption of the retail industry through technology. Based in Seattle, the United States, the company operates physical and online stores internationally, selling products and content obtained from third-party sellers. Jeffery Bezos founded Amazon as an online bookstore in his garage in July 1995, and the business quickly succeeded in the market, outperforming its competition (Kenny, 2019). From the very beginning, the company was customer-oriented and aimed to deliver compelling value. In 1998, Amazon began to diversify and enter new markets, such as online video retail, electronics, toys, household tools, software, video games, and kitchenware.
The 1-Click technology patent was secured as another order winner that attracted customers and allowed the company to collect their data (DePillis & Sherman, 2021). Furthermore, Amazon introduced its products, such as Fire tablets, Kindle e-readers, Fire TVs, Echo, Alexa, and other devices. The startup had grown significantly over the first decade since its emergence and continued to evolve into a multinational e-commerce giant.
Amazon has leveraged technology to enhance its logistics distribution, web services, merger, and acquisition models. The corporation keeps acquiring companies and currently owns over 40 subsidiaries, including IMDb, Shopbop, Audible, Zappos, AbeBooks, Amazon.ae, Woot, Ring, Zoox, Goodreads, Amazon China, and CreateSpace. In 2018, the tech giant reached a $1 trillion market cap due to the investors’ enthusiasm for growing profits (DePillis & Sherman, 2021). Amazon’s technological innovation, business model, and marketing strategy make it one of the world’s most innovative companies.
Amazon is known as a customer-centric company, and its operations are aligned with this principle. Over the recent years, the corporation made a number of acquisitions to strengthen its segments and take up new opportunities. In the current era of globalization, Amazon adopted digital innovation and informational technology to improve service delivery and expand its market reach. Since its inception as an online bookstore, the company has extended its operations beyond e-commerce, and its current activities involve supply chain, manufacturing, cloud computing, logistics, consumer technology, media, and entertainment (DePillis & Sherman, 2021).
The Amazon Web Services (AWS) model was applied to modify the supply chain, and the associated information privacy risks are eliminated, maintaining a favorable reputation of the company. Furthermore, innovative programs are designed to integrate public space, innovation, and payment. Overall, Amazon continues to expand and enhance its operations in its North American, International, and AWS segments, aiming to attract customers and generate more revenue.
E-Commerce Risks that Amazon Must Address
As a multinational technology company, Amazon deals with a number of security risks. In particular, system dependability, privacy issues, data breaches, card fraud, and network disruption are attacks, such as malware, phishing, email hacking, and distributed denial-of-service (DDoS) attacks, pose threats to the corporation and its customers (Taylor, 2020). Cyberattacks not only put client information at risk but also imply tremendous financial losses and lawsuits filed against the business.
The sources of cybersecurity risks for Amazon include individuals and organizations that develop attack vectors, hackers, unhappy insiders, business competitors, and bot-network operators (Taylor, 2020). Malware can be used to destroy or overwrite data, while stolen personal information can be misused by internal and external stakeholders. The tech giant utilizes the Secure Sockets Layer (SSL), DNS Protection, CEO and company rating, and secure cookies to eliminate insider and outsider data security threats. Cyberattacks can interrupt online operations and damage the corporation’s database affecting business investments. With the constant emergence of new risks and numerous sources of cybersecurity threats, Amazon must address the issues and provide reasonable solutions to mitigate them.
Risk Management Profile
Amazon, like any other company, operates under various internal and external risk factors. To identify and address security threats, appropriate risk mitigation strategies must be implemented. E-commerce security is continuously challenged with new emerging dangers and tools aiming to compromise and misuse the company’s data. The consequences of cybersecurity breaches range from significant revenue losses to reputational damage, which can put off the existing and potential customers. Furthermore, for Amazon as a company that operates internationally, it is necessary to comply with various requirements since customers are found in different jurisdictions.
Breaches of legal obligations and professional standards undermine clients’ trust and might result in fines and lawsuits filed against the organization (Le et al., 2019). Hence, the risks involved in the e-commerce sector can imply severe consequences for both the service provider and its customers. The risk mitigation strategy suggested for Amazon includes the assessment of risks and their common causes and the identification of methods and tools to eliminate threats.
In terms of data protection and cybersecurity, Amazon has the following key areas of focus: securing users’ identifiable information and providing cloud computing services through AWS. The company works on improving data security to mitigate the associated risks for its clients. The Big Five tech giants are often targeted by a third party interested in personally identifiable, financial, competition, and IT security information (Le et al., 2019). As a result, Amazon needs to have appropriate security measures in place to ensure data protection.
NIST Cybersecurity Framework
In this regard, the NIST Cybersecurity Framework (CSF) aims to help businesses improve their risk management strategies. It guides detecting, preventing, and mitigating cyberattacks for private sector companies. In particular, the CSF integrates five core functions, such as identifying, protecting, detecting, responding, and recovering (“Cybersecurity framework,” n.d.). The NIST Framework helps identify the company’s assets and cybersecurity policies, protect organizational resources and the confidentiality of information, detect events and anomalies, and respond to cybersecurity incidents based on analysis and mitigation strategies. Furthermore, the recovery function implements improvements and ensures appropriate communication. This paper utilizes the NIST CSF core functions as part of its risk management strategy for Amazon.
Risk Profile Table Explanation
The risk profile table aims to determine the risks for Amazon and suggest mitigation strategies, along with the technologies, products, and services required for the company. Furthermore, the NIST Cybersecurity subcategories are listed for each risk, along with the description. This table should be used as a practical tool to address the threats and implement the risk management strategy for Amazon. It was developed based on the risk factors for the tech giant and the cybersecurity activities which can be used to control or eliminate the identified risks. Using such a profile can help managers evaluate the potential threats and implement methods to counteract them.
As a highly innovative company, Amazon faces global competition and is at risk of data breaches and misuse from both internal and external stakeholders. Malware attacks are among the most common and most serious risk factors for large corporations. They can take the form of spyware, adware, ransomware, phishing, trojan horses, worms, and other threats, and the mitigation strategy involves the implementation of anti-malware software and raising awareness of the dangers among employees. Industrial espionage refers to the illegal theft of a company’s data by an insider (Le et al., 2019). To eliminate this threat, security policies must be implemented in human resources practices.
Corporate and customer data theft endangers the company’s clients, financial state, and global reputation. There are several Amazon’s data breach cases associated, in particular, with AWS, and the corporation must continuously improve its security services to avoid harm (DePillis & Sherman, 2021). Furthermore, Amazon needs to address the security issues of companies utilizing its AWS servers, such as Uber, and provide better data protection instead of leaving it to the customer. A proactive approach is needed along with practices aimed at identifying threats and protecting data.
Other cybersecurity risks for Amazon involve bad bots, DDoS attacks, credit card fraud, data loss, and customer journey hijacking. According to Razzak (2020), bots and Distributed Denial of Service attacks aim to decline sales and revenue. To address the risks, honeypots should be implemented along with a verified sign-in procedure to block bots without affecting the user experience. Moreover, inbound traffic should be analyzed, and firewalls established to prevent service failure as a result of flood attacks (Razzak, 2020).
Credit card fraud is common in the e-commerce sector, and the company must ensure the implementation of multifactor authentication for purchases. Data loss can happen due to numerous reasons, and appropriate data loss prevention (DLP) software can help recover the information if needed. Another risk, customer journey hijacking, refers to unauthorized advertisements being injected into the client’s browser (lrshivangini, 2020). To prevent this scenario, Amazon should monitor the network for potential threats and block such activities on the customer’s side.
Finally, the theft of physical devices, such as computers or external hard drives, and miscommunication or poor communication between the stakeholders can put Amazon at risk. The recommended practice is inventorying the devices and systems within the company and using software to track who uses business inventory. Despite being disregarded at times, miscommunication is a significant cybersecurity threat that needs to be addressed to avoid adverse consequences, such as financial losses and operational inefficiency. Amazon needs to conduct training for employees to raise their awareness of security threats and ensure they know how to respond to such events.
Table 1. Risk Profile Table.
|Risk ID||Risk||Risk Mitigation Strategy (description)||Implementation: Required Technologies, Products, or Services||NIST Cybersecurity Framework Category and Sub Category Identifier (e.g. ID.AM-1)||Sub-Category Description|
|001||Malware threats||Utilize antivirus software to prevent attacks; raise employee awareness of threats||Implement Antivirus and Anti-Malware Software (e.g., Malwarebytes); provide training on cybersecurity for employees||PR.DS-6 |
|Integrity checking mechanisms are used to verify software, firmware, and information integrity |
All users are informed and trained
Malicious code is detected
|002||Industrial espionage||Establish security policies in human resources practices||Utilize employee monitoring software, conduct employee background checks||PR.IP-11 |
|Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening) |
Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access
|003||Corporate and customer data theft||Limit privileged access to corporate and customer data||Implement authentication procedures and monitor employees with access to sensitive resources||PR.DS-1 |
|Data-at-rest is protected |
Data-in-transit is protected
Protection processes are improved
|004||Bad bots||Protect the company’s web presence against bad bots through procedures with minimized impact on user experience||Block bad traffic and implement honeypots and verified sign in procedure||PR.AC-6||Identities are proofed and bound to credentials and asserted in interactions|
|005||DDoS attacks||Implement network monitoring procedures and ensure server capacity||Analyze inbound traffic and establish firewalls||DE.AE-1||A baseline of network operations and expected data flows for users and systems is established and managed|
|006||Credit card fraud||Implement multifactor authentication||Require address verification service (AVS) and card verification value (CVV)||PR.DS-5||Protections against data leaks are implemented|
|007||Theft of physical devices (computers; external hard drives)||Implement an inventory management system||Utilize inventory management software to track the use of inventory by employees||ID.AM-1||Physical devices and systems within the organization are inventoried|
|008||Data loss||Ensure backups and data recovery strategies||Use data loss prevention (DLP) software to ensure that data is recoverable||PR.IP-4||Backups of information are conducted, maintained, and tested|
|009||Customer journey hijacking||Implement client-side protection||Identify and block unauthorized advertising on the client side||DE.CM-1 |
|The network is monitored to detect potential cybersecurity events|
|010||Miscommunication and lack of communication||Provide training to raise employee awareness of security risks||Train employees on security awareness and clarify the stakeholders’ responsibilities||PR.IP-8 |
|Effectiveness of protection technologies is shared |
Incidents are reported consistent with established criteria
The risk profile table provides an overview of the strategies aimed at mitigating cybersecurity risks for Amazon, and choosing the appropriate technology is critical to handling the threats effectively. First, it is crucial to implement antivirus software to prevent malware attacks. In this regard, Malwarebytes can be purchased to identify adware and unwanted programs (“Destroys adware, restores performance,” n.d.). This product falls under the protect and respond functions of the NIST Framework. Besides, McAfee Total Protection can be used by Amazon to reduce data loss risks and conduct remediation actions (“McAfee Total Protection,” n.d.).
It enables data protection and recovery, addressing two of the NIST core functions. Cisco ASA is a tool suitable for big businesses that protect corporate networks and gives highly secure access to data to its users (“Cisco Adaptive Security Appliance (ASA) software,” n.d.). This software meets the needs of the data center and the network, falling under the category of detection and protection, as per the NIST framework functions. Finally, the Zoho Inventory tool can be utilized to keep track of Amazon’s inventory and address the associated risk of device theft. This technology helps increase sales, integrates accounting and CRM, and manages warehouse transfer (“Inventory management software,” n.d.). Therefore, the Zoho Inventory tool uses the protect and respond functions under the NIST categorization.
To identify and qualify appropriate sources of technologies, products, and services, one can turn to the official suppliers and get familiarized with other clients’ reviews. Furthermore, according to Chen (2020), the due diligence process can help the company identify potential issues before signing a contract or purchasing a product or service. The search engine was used to determine the products and vendors recommended in the previous paragraph. In this regard, it is crucial to consider the specific needs of a company and the reach of the services it provides.
For Amazon, it is critical to utilize software able to offer complex solutions and address multiple issues due to the complexity of operations in the company’s warehouses and online. For e-commerce security, malicious software poses significant risks, along with numerous sources of cyber threats. As a result, efficient solutions are required to handle problems and improve the company’s efficiency. The products suggested in this paper are suitable for large corporations and can be adjusted to Amazon’s needs.
To conclude, risk management strategy is paramount for technology-oriented and customer-driven companies, such as Amazon. Eliminating threats and addressing potential issues is crucial to ensure efficient operations and excellent customer service. Amazon is known as the world’s largest online marketplace, and a cloud computing service provides, which implements significant security risks for the company and its clients. Therefore, addressing cyberthreats and harmful events is required to ensure long-term profitability and success.
This paper utilized the NIST CSF to identify functions and technology needed to mitigate security risks for Amazon. The suggested risk management strategy involves addressing such threats as malware, industrial espionage, data theft, bad bots, DDoS attacks, credit card fraud, theft of physical devices, data loss, customer journey hijacking, and miscommunication. The implementation of these strategies will help Amazon identify and mitigate risks, minimize financial losses, avoid lawsuits filed against the corporation, and eliminate reputational damage. The risk profile table offers an overview of the primary threats for the tech giant and suggested implementations to mitigate them.
Chen, J. (2020). Due diligence. Investopedia. Web.
Cisco Adaptive Security Appliance (ASA) software. (n.d.). Web.
Cybersecurity framework. (n.d.). Web.
DePillis, L., & Sherman, I. (2021). Amazon’s extraordinary evolution. CNN Business. Web.
Destroys adware, restores performance. (n.d.). Web.
Inventory management software for growing businesses. (n.d.). Web.
Kenny, Sarah E. (2019). Strategic audit of Amazon.com, Inc (Publication No. 188) [Honors Thesis, University of Nebraska-Lincoln]. Digital Commons @ UNL.
Le, D.-N., Kumar, R., Mishr, B. K., Chatterjee, J. M., & Khari, M. (Eds.). (2019). Cyber security in parallel and distributed computing: Concepts, techniques, applications and case studies. Wiley-Scrivener Publisher.
lrshivangini. (2020). E-commerce security: 5 ways to enhance data protection during the shopping season. Security Boulevard. Web.
McAfee Total Protection for data loss prevention. (n.d.). Web.
Razzak, S. (2020). Ecommerce security and protection plan for your online store. Cloudways. Web.
Taylor, H. (2020). What are cyber threats and what to do about them. Prey. Web.