"The Wirecutter (TW): Hackers Pulled the Rug from Under TW" [NOTE: This introductory section to The Wirecutter was lifted in its entirety from the website of the firm. Minor edits were made to give this section of the caselet a "third person" voice.]

"The Wirecutter (TW) is a list of the best gear and gadgets for people who want to save the time and stress of figuring out what to buy. Whatever sort of thing anyone needstableware or TV or air purifierTW makes shopping for it easy by telling you the best one to get. The site was founded in September 2011 and was acquired by The New York Times Company in October 2016.

TW's recommendations are made through vigorous reporting, interviewing, and testing by teams of veteran journalists, scientists, and researchers. Consider the website a best-of list for everyday things; a curated gallery filled with only interesting, useful objects; a thank-you note to the designers and engineers who create the stuff that makes our lives better; a geeky friend with next-level research skills who tests everything they buy so you don't have to. The point is to make buying great gear quickly easier so that everyone can get on with living your life.

The Wirecutter prides itself for following rigorous journalistic standards and ethics, and maintaining editorial independence from business operations. Recommendations are always made entirely by TW's editorial team without input from our revenue team, and our writers and editors are never made aware of any business relationships.

TW looks for what we think is best for most people, not the most feature-packed gadget, or the finest finishes in home goods. TW picks the things that will fit best into the lives of everyday people who are shopping for itand that's what takes work.

The choices TW made took weeks or months of research and years of experience with a wide variety of gear. In addition to TW's own expertise, TW includes interviews and data from the best editorial sources around. TW also employs the help of engineers, scientists, and other subject-matter experts. And TW's researchers pore over customer reviews to find out what matters to regular people. Most gear TW features aren't top-of-the-line models that are overpriced and loaded with junk features; TW aims to recommend items that are of high enough quality to warrant the price....

TW's writers and editors are never made aware of which companies may have established affiliate relationships with our business team prior to making their picks. If readers choose to buy the products TW recommends as a result of its research, analysis, interviews, and testing, TW's work is often (but not always) supported through an affiliate commission from the retailer when readers make a purchase. If readers return their purchases because they're dissatisfied or the recommendation is bad, TW makes nothing. There's no incentive for TW to pick inferior products or respond to pressure from manufacturersin fact, it's quite the opposite. TW thinks that's a pretty fair system that keeps us committed to serving our readers first...."

TW as it operates today, was a result of the acquisition of The Wirecutter and The Sweethome by The New York Times Company in 2016 and integrated the online resources of both sites into what it is today.

[This part of the caselet was taken from: the website of The Wirecutter/About Us and the article from the weblink below:

https://www.subscriptioninsider.com/business-operations-it/new-york-times-co-combines- wirecutter-and-sweethome-into-single-site

[Note: Text from this point on is fictional and is a combination of materials obtained from various sources. This section also "retrofitted" fictional data to fulfill the requirements of this caselet.]

Due to great success of TW since it was acquired in 2016, the CEO of The New York Times Mark Thompson acquired more online firms doing the same kind of product recommendations to expand TW's capacity and market reach: BuzzFeed, The Strategist, and Reviewed.com.

TW has an IT staff that is overseeing the IT platforms of the original TW firm and those of the recently acquired firms. At the time of the acquisition of the last three online firms, TW's IT performed the most basic tasks involved to ensure that information and data could be exchanged among the multiple platforms. Security concerns were addressed, but only, at the most basic level. TW, at the time of the most recent acquisitions, also did not really have a dedicated security team within the IT staff.

In today's marketplace that supports intense competition, there are frequent corporate mergers and acquisitions taking place. Thus, multiple diverse IT platforms often need to be managed by IT staffs of the resultant merged firms. The skills needed, though, to competently "splice" a hodge podge of IT platforms are not widely available. Usually, members of typical IT staffs are trained in understanding basic networking concepts and practices, and are usually familiar with one IT environment under a dominant networking vendor platform. It is truly difficult to find skilled networking specialists trained across networks operating under various platforms such as Windows, Mac OS, Linux, Unix, mainframe systems, etc. In addition, network security, by itself, is a different skill set altogether. An ideal security staff member should have a foundation in basic security concepts related to networking and built-in security mechanisms of each platform and how it behaves within the context of a specific vendor solution.

The onset of mobile computing and ubiquity of mobile devices such as laptops, tablets, and smartphones has also exacerbated the security challenges in multi-platform heterogeneous networks.

TW Network Breach

On August 15, 2019, a TW customer made a frantic telephone call to the customer support service line of TW and reported that she was seeing a random scrolling list of customers on the TW homepage. The information that scrolled dynamically up and down the homepage included customer names, payment details such as credit card numbers, contact information such as cell and phone numbers, addresses, transaction history, etc. The customer support staff immediately contacted Ronald Stewart, the Chief Information Officer (CIO) of TW, who, then, convened his staff for an urgent meeting to assess the situation and do whatever it took to prevent any more damage. The IT staff's initial step was to shut down TW's network temporarily. The team unanimously attributed the incident, now brewing into a disaster, to the firm's new challenge of dealing with a multi-platform IT environments. The timing for the attack was also fortuitous --- it took place immediately after the acquisitions. Clearly, the hackers figured out that if they jumped the gun, TW wouldn't have enough time to retrofit a solid enough security plan that would effectively glue the holes in what was clearly a patchwork of IT systems they would have had to deal with.

In the meantime, TW Ronald Stewart swiftly advised the TW CEO to approve a formal statement to the press in order to protect the integrity of the firm's brand name, which the firm has so well built up and invested in since 2016. A statement was quickly crafted by the firm's public relations staff and released two days later.

Sources of Information Used for Fictional Part of Caselet: + Neuts, Dana E., "New York Times Co. Combines Wirecutter and Sweethome Into Single Site," October 16, 2017. See weblink: https://www.subscriptioninsider.com/business-operations-it/new-york-times-co-combines- wirecutter-and-sweethome-into-single-site + Shinder, Deb,"Securing your Multi-Platform Network," December 2, 2009. See weblink: http://techgenix.com/securing-your-multi-platform-network/

QUESTION: Take the role of a consultant contacted by Ronald Stewart to study what happened to TW. You are asked to do the following: 1) Evaluate possible causes for the security incident at TW. 2) Recommend a comprehensive course of action that TW and its IT staff should seriously consider undertaking to be better prepared to face future security threats and attacks.

Instructions for Submission: 4) Please answer all questions SEPARATELY. Copy the question and then, respond to it. The minimum of three pages EXCLUDES the space devoted to copying the questions.