I need help identifying the risks and vulnerabilities in this case scenario, in terms of improving the Cyber Security Department in this organization. Note the quotes, that's where you will find the potential risks or vulnerabilities. Thank you !

Business Case Scenario: Waver Inc. Waver Investment Holdings Inc. was founded in 1968 by Sir Donald Waverly who watched his father work hard all his life, yet reap little financial reward for his efforts. This struggle ignited in him the overwhelming belief that all people should have the opportunity to grow their wealth and leave a proud legacy for their family. Nearly 60 years later, and with a presence in 28 countries, we have grown from being a Norwegian life insurer to a multi-national financial services company, offering asset management, investment, insurance and health products to 10.2 million people across the globe. Waver Incorporated (henceforth referred to as Waver) is a Norwegian financial services and wealth management firm listed on the Oslo Stock Exchange. With a market capitalization of NOK 31.6 billion and an embedded value of NOK 53.5 billion as at 30 June 2020, Waver remains one of Norway's largest investment and integrated financial services companies and offers the following products and services for both individuals and companies: Wealth management, investments, and savings Long and short-term Insurance Asset and property management Client engagement solutions, including the Waver SURF Wellness and rewards program Waver's current operational strategy, as articulated in the 2019 year-end results presentation, reflects a reset and growth strategy with a focus on delivery and implementation. This is spearheaded by dynamic new leadership and operational changes from within the Waver Group in 2019. Waver's strategy remains focused on client centricity, growth, and excellence. Purpose and Vision Waver's strategic goals and objectives are based on the aspiration to be recognized as a distinctive financial service and wealth manager. This distinction is embodied in our entrepreneurial culture, which is balanced by a strong risk management discipline, client-centric approach and an ability to be nimble, flexible and innovative. We do not seek to be all things to all people and aim to build well-defined, value-added businesses focused on serving the needs of select market niches where we can compete effectively. The key principles underpinning Waver's IT strategy are: Aligning architecture across the group Reducing our application and data footprint . Commoditizing common functions and processes Leveraging our digital offering In a recent sitting of the Executive Steering Committee (ExCo), the executive of Waver expressed concern in the growing number of cyber incidents within the financial services sector. Many of Waver's competitors have in recent times fallen victim to such incidents, negatively affecting operations, revenue, and brand reputation. Your email be BUSINESSTECH fin 24 Search by Com E BANKING BUSINESS FINANCE MOTORING INDUSTRY NEWS IT SERVICES Load Shedding Schedules Find insburg Durban Clipe Town and the Lockdown Once radiod will Old Mutual targeted in data breach Opinion companies - Ency Market - Metry Tech Business Insider Stall Writer 30 May 2017 ZARES ZAR/GRP ZAR/IPY ZAR/USD ZARAD As such, Waver has appointed you as the newest member of their management team, heading up their information security department. Your duties will include building up an information security team, implementing information security controls and management structures and embedding an information security culture in the organization. The executive has taken these steps, to harden their security resilience and hope to not become part of the statistics. The Waver organogram has therefore been expanded with the new information security function, and your role within the management structures: Chief Executive Officer Chief Audit Executive Chief Financial Officer Chiel Information Chief Operating Officer Chief Marketing Officer Officer II Gaeration Manager IT Infrastructure Manager IT Change Innovation Manager Information Security Manager "... when an insurance claim has been processed on ClaimHub, it is sent to our client relations team in Kristiansand. We set up an ftp link with the waverpay system so the two systems can communicate and share data. The team in Kristiansand can therefore easily view newly processed claims and make any payouts to clients..." "...all employees have access to the claimHub system, we did of course lock down the Admin account, about 8 of us in the infrastructure team have access to the Admin account so we can easily implement changes to the system code and so forth when we're having issues..." "... We are running monthly backups to our onsite server on our ClaimHub system, which stores and processes all insurance claims. Our data center is quite impressive, didn't even need to set up a secondary site, got all we need here..." "... we had some issues with processing timeframes for new life insurance applications, so we resorted to just setting up a network share drive for all the guys in the life insurance department so they could copy the application and supporting docs like ID's, Passports etc. to the network for everyone to access easily, we sent an email to the department telling people they should respect privacy and only work on their own client documents..." Business Case Scenario: Waver Inc. Waver Investment Holdings Inc. was founded in 1968 by Sir Donald Waverly who watched his father work hard all his life, yet reap little financial reward for his efforts. This struggle ignited in him the overwhelming belief that all people should have the opportunity to grow their wealth and leave a proud legacy for their family. Nearly 60 years later, and with a presence in 28 countries, we have grown from being a Norwegian life insurer to a multi-national financial services company, offering asset management, investment, insurance and health products to 10.2 million people across the globe. Waver Incorporated (henceforth referred to as Waver) is a Norwegian financial services and wealth management firm listed on the Oslo Stock Exchange. With a market capitalization of NOK 31.6 billion and an embedded value of NOK 53.5 billion as at 30 June 2020, Waver remains one of Norway's largest investment and integrated financial services companies and offers the following products and services for both individuals and companies: Wealth management, investments, and savings Long and short-term Insurance Asset and property management Client engagement solutions, including the Waver SURF Wellness and rewards program Waver's current operational strategy, as articulated in the 2019 year-end results presentation, reflects a reset and growth strategy with a focus on delivery and implementation. This is spearheaded by dynamic new leadership and operational changes from within the Waver Group in 2019. Waver's strategy remains focused on client centricity, growth, and excellence. Purpose and Vision Waver's strategic goals and objectives are based on the aspiration to be recognized as a distinctive financial service and wealth manager. This distinction is embodied in our entrepreneurial culture, which is balanced by a strong risk management discipline, client-centric approach and an ability to be nimble, flexible and innovative. We do not seek to be all things to all people and aim to build well-defined, value-added businesses focused on serving the needs of select market niches where we can compete effectively. The key principles underpinning Waver's IT strategy are: Aligning architecture across the group Reducing our application and data footprint . Commoditizing common functions and processes Leveraging our digital offering In a recent sitting of the Executive Steering Committee (ExCo), the executive of Waver expressed concern in the growing number of cyber incidents within the financial services sector. Many of Waver's competitors have in recent times fallen victim to such incidents, negatively affecting operations, revenue, and brand reputation. Your email be BUSINESSTECH fin 24 Search by Com E BANKING BUSINESS FINANCE MOTORING INDUSTRY NEWS IT SERVICES Load Shedding Schedules Find insburg Durban Clipe Town and the Lockdown Once radiod will Old Mutual targeted in data breach Opinion companies - Ency Market - Metry Tech Business Insider Stall Writer 30 May 2017 ZARES ZAR/GRP ZAR/IPY ZAR/USD ZARAD As such, Waver has appointed you as the newest member of their management team, heading up their information security department. Your duties will include building up an information security team, implementing information security controls and management structures and embedding an information security culture in the organization. The executive has taken these steps, to harden their security resilience and hope to not become part of the statistics. The Waver organogram has therefore been expanded with the new information security function, and your role within the management structures: Chief Executive Officer Chief Audit Executive Chief Financial Officer Chiel Information Chief Operating Officer Chief Marketing Officer Officer II Gaeration Manager IT Infrastructure Manager IT Change Innovation Manager Information Security Manager "... when an insurance claim has been processed on ClaimHub, it is sent to our client relations team in Kristiansand. We set up an ftp link with the waverpay system so the two systems can communicate and share data. The team in Kristiansand can therefore easily view newly processed claims and make any payouts to clients..." "...all employees have access to the claimHub system, we did of course lock down the Admin account, about 8 of us in the infrastructure team have access to the Admin account so we can easily implement changes to the system code and so forth when we're having issues..." "... We are running monthly backups to our onsite server on our ClaimHub system, which stores and processes all insurance claims. Our data center is quite impressive, didn't even need to set up a secondary site, got all we need here..." "... we had some issues with processing timeframes for new life insurance applications, so we resorted to just setting up a network share drive for all the guys in the life insurance department so they could copy the application and supporting docs like ID's, Passports etc. to the network for everyone to access easily, we sent an email to the department telling people they should respect privacy and only work on their own client documents