Best Managed Cyber Security Service Minneapolis
One of the fundamental conditions for a social system to function lies in the development of a whole structure of guarantees that allows the people and organizations that operate in this structure to guarantee their identity and also other relevant information in their lives, such as what their belongings are, whether physical or simply rights; their qualifications, the fact that they have carried out certain activities... In short, every society has an information management system that makes it possible to identify its members and record many of the interactions between them. Thus, if a person goes to the bank to withdraw money, the bank must be able to identify the person, check that he or she has money, and record the transaction to record that the money has been withdrawn. The same is true when making any transaction with the government or other organizations.
An essential part of managed cybersecurity management of this information has traditionally been the Administrations' responsibility, which guaranteed the identity and other fundamental details of people and organizations. Making this whole system work reliably has always involved a large number of procedures, generally relatively rigid, which have given fundamental importance to accrediting the identity of individuals and for which various types of resources have been used: photos certified photocopies, certificates, biometric features, etc., which on many occasions require the activities to be carried out in person. Incorporating computer systems in this process brought new possibilities that have often been taken advantage of since adapting the procedures has been necessary.
We are currently experiencing an even more far-reaching change thanks to the widespread use of the Internet, the digitalization of the economy at all levels, and the emergence of new technologies, such as cloud computing. A revolution rather than an evolution, a global transformation of the economy in which data and information are the new raw material. Thus, users, both individuals, and companies can register immediately, interact with administrations, interact with each other, often involving economic transactions, without leaving home, and often using passwords as the only way to guarantee identity.
This new environment has enabled the exponential growth of the digital economy. However, it has also led to security problems, such as capturing passwords, which has led to money theft cases or the usurpation of users' identities. Individuals and organizations have become more aware of this situation as the number of activities carried out digitally has increased, and they have become more economical in nature. For example, 43% of Internet users make their purchases over the Internet1, or 96% of the procedures that companies carry out with the Administration are carried out electronically2. The continuous scandals that have occurred in recent months, affecting both individuals and companies, have heightened concern about security-related issues.
The Internet user, faced with privacy and security
This process of digitization of services and the economy, in general, involves fundamental challenges that concern different elements of the digital ecosystem. Among users, companies tend to have a greater capacity to face these challenges since they have more resources and usually have information technology specialists, so the individual Internet user can be considered the weakest part of this ecosystem. In this section, we analyze users' perceptions of security, the threats they face today, and their measures in response to this situation.
The company, faced with privacy and security
The problem of privacy and security in the corporate environment has many similarities with that of the individual user. However, what in one case may mean the loss of photos that have great sentimental value, in the case of a company may mean that the organization cannot carry out its work because the systems do not work, or even the loss of critical business information and, ultimately, industrial espionage. For these reasons, companies tend to be more aware of this type of situation.
As in the previous section, we will not dwell on the different types of threats since this is the subject of this monograph and will be dealt with in one way or another. It is worth mentioning that a clear distinction can be made between two different types of threats:
Attacks on your private network (computers where your employees work).
Attacks on your infrastructure (servers, networks, file repositories, etc.).
We can speak in the same terms as the user. However, as mentioned above, the effect is different: if a ransomware problem (a type of malicious software that restricts access to certain parts of files of the infected system and demands a ransom in exchange for removing this restriction) causes a user at home to lose the photos of a weekend in the countryside, a company can lose a year's turnover, and with it, customers.
If the attack is directed at the infrastructure, the problems can be espionage or information theft. Also, if they access, for example, social networks, they can damage the image. While it is true that social networks are part of the infrastructure, they are, after all, managed by a person sitting in front of a computer in the office, and the target may also be that person. To do this, they can access your system or somehow (social engineering) obtain your passwords.
Another threat is advanced persistent threats, also known by their acronym APT (Advanced Persistent Threat), a whole set of computer processes that are generally carried out stealthily and continuously. They are usually orchestrated by individuals and are aimed at breaching the security of a given entity. Such entities are traditional companies, organizations or nations, and are generally carried out for political reasons. This process is advanced in nature, as it involves sophisticated techniques that employ malicious software to exploit vulnerabilities in systems.
As mentioned above, cyber-attacks on companies generally have a more significant impact, at least economically, than when carried out on individuals. For this reason, companies usually define plans relating to technological security. However, smaller companies find it more challenging to implement these plans since they have fewer resources and less specific technical training. As shown in Fig, in companies with fewer than ten employees, only one in ten has defined a security policy.
While it is true that as companies grow in size, the number of companies that have defined this type of policy increases, it is striking that more than 30% of companies with more than 250 employees and almost half of those with between 50 and 249 employees have no security policy at all.