Advanced Persistent Threats and Cloud Security in Finnish Small and Medium -sized Enterprises
Mölsä, Valtteri (2018-02-21)
Advanced Persistent Threats and Cloud Security in Finnish Small and Medium -sized Enterprises
Mölsä, Valtteri
(21.02.2018)
Tätä artikkelia/julkaisua ei ole tallennettu UTUPubiin. Julkaisun tiedoissa voi kuitenkin olla linkki toisaalle tallennettuun artikkeliin / julkaisuun.
Turun yliopisto
Tiivistelmä
Advanced Persistent Threats (APT) has become more common over the last few.years. In the past, this kind of information security threats and attacks were aimed mainly against large business but over the last few years the small and medium-sized enterprises have become a possible target too. One reason for this, for example, is that executing the attacks is relatively cheap. The aim of this master's thesis is to show the reader how Advanced Persistent Threats try to put small and medium-sized enterprises to account and how cloud services can be seen as significant breakpoints in the chain of events.
The empirical research part of the thesis is based on cooperation between the University of Turku and a Finnish information security company. The research was carried out between fall 2014 and spring 2015. The aim of the research was to map the usage of Finnish small and medium -sized enterprises regarding their use of public cloud services and their level of security and protection, especially towards Advanced Persistent Threats.
The research conclusions are based on interviews of six small and middle-sized enterprises located in Finland. Based on these, the research team created different possible scenarios and suggestions for new security solutions. The scenarios are based on different views of the situation and divided to two main categories whether or not the small or medium-sized enterprise understands the threats, and whether or not they care about the potential threats. Suggested solutions acknowledge the limited resources of small and middle-sized enterprises.
The study show that the interviewed small and middle-sized enterprises are not concerned about Advanced Persistent Threats or the consequences that may follow the attacks. Ba.sed on the research, I also present a two-step approach which goal is to improve the information security of an enterprise.
The empirical research part of the thesis is based on cooperation between the University of Turku and a Finnish information security company. The research was carried out between fall 2014 and spring 2015. The aim of the research was to map the usage of Finnish small and medium -sized enterprises regarding their use of public cloud services and their level of security and protection, especially towards Advanced Persistent Threats.
The research conclusions are based on interviews of six small and middle-sized enterprises located in Finland. Based on these, the research team created different possible scenarios and suggestions for new security solutions. The scenarios are based on different views of the situation and divided to two main categories whether or not the small or medium-sized enterprise understands the threats, and whether or not they care about the potential threats. Suggested solutions acknowledge the limited resources of small and middle-sized enterprises.
The study show that the interviewed small and middle-sized enterprises are not concerned about Advanced Persistent Threats or the consequences that may follow the attacks. Ba.sed on the research, I also present a two-step approach which goal is to improve the information security of an enterprise.