Society is aware of the implications of using new technologies for its safety. They have accepted that price to pay. If we bring this same situation to the industry, can organizations afford failures in business cybersecurity ?
You may also be interested in: Master in Cybersecurity
What implications can this have for businesses, customers or employees? Do not miss this article where it is the experts who update us on the cybersecurity landscape. We started!
Index of contents
IT security for companies
First of all, and to know if computer security for companies is an issue on the table of organizations, we must ask ourselves why this area should concern institutions.
One of the reasons is Digital Transformation . Alejandro Guasch, professor of the Master in Blockchain and Fintech with more than 21 years of experience in the IT sector , explains it like this: “more and more the assets of valuable companies are digital and their modification or / and theft can entail large expenses or even in some cases the disappearance of it ”.
The financial reason is the most important when a company enters the world of digitization . Omar Jesús Orta, speaker of the Master in Blockchain and Fintech and Director of Digital Transformation at Oesia, explains: “companies are aware that cybersecurity is an important risk. Even some sectors identified cybersecurity as their main external risk . The main problem is that at the time of investing there is no concrete strategy and the cybersecurity teams are unable to “sell” the benefits of the investment for the business to the senior managers. Therefore, cybersecurity fails to reach the level suggested at the ‘senior table’ ”.
Radiography Study of the Digital Sector 2020
Cybersecurity: the main external risk of companies
Given that companies must worry about cybersecurity if they want to create a sustainable business over time, are there other reasons why they should integrate and avoid the threats that cybersecurity brings with it ?
For Omar, the concern for computer security for companies must be linked to its digitization: “companies are in an era of Digital Transformation, where they are adapting their business models to be more efficient, improve production and be competitive in a market influenced by new “digital native” customers. This “transformation” results in the use of new technologies in the different production processes of companies. From the use of mobile devices to be closer to the information and to be able to accelerate decision-making, through new digital channels ( social networks , internet, applications, etc.) to get closer to customers and to know them better, to the use of RFID or bulbs connected to internet to optimize the production ”.
So when does the conflict with IT security for companies arise? For Omar, at first glance, “the use of new technologies is interesting and it seems like the answer to the needs of this new“ digital ”revolution in the market. And it is! The problem is that, by adopting them, organizations are expanding the attack surface by having new “things” connected to the network and without appropriate security mechanisms ”.
SMEs, the main target of cybercrime
The expert Alejandro Guash, differentiates this concern in small or large companies: “the small and medium-sized companies less, but the large ones are becoming more aware. Many companies, regardless of size, and depending on the sector consider that this does not go with them. They may not be the target of an APT (Advanced Persistent Threat) attack , but ransomware can enter (PC’s hard drives are encrypted unless you pay a ransom), which can cause serious losses. Today few companies do not depend on computing.
Another important variable in computer security for companies is cybercrime. Omar Jesús Orta delves into the subject: “ cybercrime has become one of the most profitable businesses in the world. It already moves more money than drugs. Proof of this is that 95% of cyberattacks are directly motivated by money and business information. That is, information on users, bank accounts, strategic plans, etc. it has a very high cost in this market. The worrying thing is that it is not only large companies that are targeted. Cybercriminals look at their entire supply chain for the weakest link to attack. Hence, SMEs are the main target of cyberattacks in Spain ”.
“In the midst of this scenario, in which, thanks to digital transformation, the attack surface is widening and where organized crime has found a profitable business in cyberattacks , are companies. In the midst of a “perfect storm” that should concern them and over which they will have to take action to prevent loss of customers, impact on the brand or even economic losses ”.
We are all aware that computers and mobiles are easily hackable. We constantly face the theft of personal information. In the case of companies, what dangers do they face in terms of cybersecurity?
“Companies face significant risks that put their financial health at risk from the theft of confidential information through targeted attack techniques. For example, phishing is one of the most typical vectors to obtain information from users. And, from there, gain access to corporate systems in order to access confidential information of the companies. Mobile malware, mobile devices with corporate information are already the standard in companies. This attack vector allows access to the victim’s mobile device and obtain corporate information. It is also common to see attacks against the “innocence” of users and gain access to corporate systems. To do this, cybercriminals often make use of social engineering maneuvers ”, explains Omar Jesús Orta, an expert in digital transformation.
In addition, he adds: “on the other hand, when companies look for new digital channels as a means to get closer to their customers, we usually see attacks against the brand / corporate image. For this, cybercriminals often use defamation through hoaxes on the internet or social networks. Attacks against their end customers to discredit the brand, etc., which try to discredit companies in front of their customers and generate losses from them. “
Theft of digital assets
For his part, Alejandro Guasch continues in this line, highlighting that “companies face their digital assets being stolen to sell them to the competition. And, thus, you are benefiting from the differential elements and being able to have a competitive advantage. This information leak can come from internal personnel. In fact, most of the time it is. They can also be damaged by a ransomware attack, as we discussed earlier. Entry of malware that can use computers to mine cryptocurrencies. ‘
“It is obvious that companies when they do not have this security must take charge and invest in this infrastructure . However, when they feel safe they continue to face these problems. As Omar says: “Another danger is when companies feel safe, because they have advanced defense mechanisms, but they don’t look at their suppliers. Therefore, cybercriminals are looking at the entire supply chain looking for the weakest link to attack and then gain access ”.
“Another point to consider is presented in a certain way as a risk for the business is in turn the solution to other problems. I’m talking about regulatory compliance. Not having sufficient controls in terms of cybersecurity can lead to important reprimands and considerable fines for the business, ”concludes Omar.
“First by establishing security policies and following a roadmap resulting from a risk analysis. This will give us the order where to start and it will depend on each company ”, establishes Alejandro, an IT expert. He adds: “in all cases, good governance of safety and awareness of workers are basic common elements in cybersecurity.”
Lack of education in cybersecurity
Education in cybersecurity is a common point between the two invited experts. Omar, an expert in Digital Transformation, continues: “I believe that companies should start by educating and raising awareness about cybersecurity. Starting with its managers and then the rest of the employees. Through an awareness plan aimed at creating an environment of resilience and building a first defense barrier against cybercriminals.
“And before starting to invest, a strategic cybersecurity model should be defined. In other words, a Master Plan that allows identifying the controls necessary to develop and thus make a healthy investment in cybersecurity. Monitor all media or “things” (IT, OT and IoT networks). Adapt its processes to the applicable regulatory frameworks ”.
Tips to improve IT security for companies
Now we face the challenge of improving computer security for companies. One of the key points for Alejandro Guasch is the awareness of workers: “it has more protective effect in terms of cybersecurity than complex security elements.”
Another of his advice is: “if security equipment is purchased, it must be accompanied by highly qualified personnel to adapt it to the network and make it effective. With which, all these expenses must be taken into account, as well as the licenses that these teams require. In this sector, about 3 years of licensing costs can be equivalent to the initial cost of the equipment / s ”.
“On the other hand, and I have already mentioned it previously, it is very important to follow the result of a risk analysis. Treat it like any other project and not be “seduced” by the products that the commercials and pre-sales of the security companies teach us ”.
Finally, Omar Jesús Orta advises companies: “understand that cybersecurity cannot be solved only from within. You should look for a specialized partner that will generate confidence and accompany you in the development of your strategic cybersecurity model. Also worry about its image in the new digital channels and throughout its supply chain and raise awareness among all staff (focus on managers) ”.
Did you find this article about computer security for companies useful? Leave us your comments and share!
And if you want to become an expert in computer security for companies, train with our Master in Cybersecurity. Computer Security Management and Analysis . You will learn, among other things, to combat the main digital risks for the continuity and growth of companies. We will wait for you!
Master in Cybersecurity
Become a profile demanded by companies!
I want to find out!