AirAsia has implemented few systems for marketing and sales activities like Yield Management System (YMS) and Computer Reservation System (CRS). Besides, Enterprise Resource Planning System (ERP) also implemented in operation activity.
YMS also known as Revenue Management System that used for AirAsia’s online seats system. This helps to maximize expected revenue by anticipates, understands and reacts to the customer’s behaviour. In order to allocate capacity of revenue, fixed number of available seats are selling at various prices in different period time. Commonly, a reservation that done early will be cheaper than lately booking. Besides, favourable route also will be adjusting price based on amount of customer demand. The higher demand for the route, the price more expensive.
In past couple years, CRS is an integrated web-based booking and inventory system by Navitaire and implemented to help AirAsia future grow (Navitaire, 2005). This system is using direct sales engine which is includes airport departure control, help and call centre by using internet access. It has successful eliminated the travel agents and sales commissions. Besides, AirAsia has introduced the first ticketless and advanced boarding passes through online booking. For mobile booking, Wireless Delivery System (WDS) can be implement.
To increase effectivity of AirAsia’s operation, a full ERP system is implemented to maintain process integrity, data retrieval processes and reduce processing times for financial report. (Microsoft Malaysia) With all IT strategies implementations, AirAsia is operated as low-cost model by maximizing revenue (YMS) and reducing operation costs (CRS, ERP). From the cost saving, AirAsia able reduced tickets price, discounts and others services for customers. In future, advanced planning and scheduling (APS) system is a potential strategy that can implement for tracking costs based on the operation activities and allocates costs based on resources demand.
1.0 Identification and Description of Security Threat
Major security threat that happed commonly in AirAsia is phishing scam which is known as cyber fraud. Nowadays, there have several kinds of phishing scam that using AirAsia brand can be found in email, WhatsApp, Facebook, Twitter and others. As we know that, phishing is the way of identical thefts want to steal user sensitive information like personal (name, address and other) and bank information (card detail and other) through email and instant message. Beside, phishing occurs when user enter a fake website or application that request user enter information.
There have six type of phishing attacks can be identified which are Deceptive Phishing, Malware-Based Phishing, DNS-Based Phishing (“Pharming”), Content-Injection Phishing, Man-in-the-Middle Phishing, and Search Engine Phishing. Deceptive Phishing is the common way when an email message is sent to user ask for verify the information. Next, Malware-Based Phishing is about scams that involve a malicious software in PC. Some hackers using a fake company’s domain name and host’s files to obtain user visit that fake website is known as pharming.
In additional, Content-Injection Phishing is the content of a site that replaced with false content to mislead the user enter confidential information. Man-in-the-Middle Phishing is the harder way to detect when hacker record and collect the information that user enter with the purpose of sell or use it. Last, Search Engine Phishing is phishers create fake attractive offers or websites that indexed with search engines to attract user click in.
To prevent phishing, it has several characterise can be observe which are contains unknown attachments that might have malware and phony links like www.18.104.22.168.com. Besides, we need to beware those mail or others that request need to submit confidential information like card number and others especially those urgent mail.
2.0 Statistical Risk Analysis of Security Threat
AirAsia is focus on internet service which are online sales system, feedback system, help centre and other that can be compromised by cyber intrusion. The higher integrity of information and data storage of business, the higher risk can be occurs security threats for AirAsia. The potential risks are analysed and given the impact score in table.
Webpage / system phishing
Social media scam
Fraudulent emails and instant messages
Table 1: IT threat of the Phishing Problem
The automated ticket touts manipulating our booking engine is the threat of webpage or system phishing. Besides, some fake websites or offers using AirAsia brand to attract customer to view it. Phishing is happened because customer mislead and misdirect to enter personal information.
Next, social media scam that are recently seen in our life. Social media like WhatsApp, Facebook, Twitter and others that usually contain fake URL or news to ensure customer open and view it. From the moment when user click in, the information might be steal by hidden method. For example, last year the Facebook post about AirAsia is offer free tickets to public through an online survey. In this, there some victims might be involve this and get steal their information.
Last, fraudulent emails and instant messages are the traditional way of phishing. Normally, it contains urgent information need user to verify with links or attachments. As an example, the Japan Airlines (JAL) has been hacked and obtained around 750K member details. In order to stop this, they blocked all the external system and found out all started from a phishing link in fraud email which causes JAL loss millions of Yens in 2014.
6.0 Conclusion and Recommendations
Conclusion, AirAsia has good strategies in marketing and operation to become the best and LCC in Asia which is allows everyone can fly around the world. AirAsia can understand what are their strength and weakness to operate it business in effective way. In order to earn highest profitability, a good cost leadership style of AirAsia has successful offered low-cost ticket to customer and reduced operation cost. Advanced planning and scheduling (APS) system is one of the strategy can be implement for the future of AirAsia to increase company performance and maintain service quality. This strategy can help AirAsia reduce the cost and allocate the cost well for each resources. Beside, effective management team by hire different region and skilled of staff also one of the strength of AirAsia that makes its business run smoothly outside Malaysia.
The IT threat of the AirAsia can train worker or hire centralised team that know IT policies and procedure to prevent the risk happen. The responsible of team is regularly reviews and monitors all security threats globally. The duties such as check the webpage or system is embedded another virus or another IT threat, such as the phishing scam same as other sources like twitter, Facebook and another social media. Besides, they need publish a public notice to inform their customer with through AirAsia website or social media to alert them. Specialised tools are implemented to mitigate the risk of automated ticket touts. A campaign of awareness on e-mail phishing can introduce to public attend it. Lastly, AirAsia must keep attention on latest IT threat issues and always backup data. Most important is a secure system that let customers use it with confidence.