IQP 2020

IT Security Improvements for Small and Medium Size Businesses

(Cyber Wars video to be inserted here)

Up until a couple of years ago, it was mostly large organizations that were targets for attacks on IT infrastructure. The large companies have improved their defenses in the meantime, so attackers started shifting their focus on the large number of small and medium size companies. They have developed more powerful tools that can target many environments concurrently in a semi-automated way. These smaller businesses have very little experience, know-how, financial capacity and risk awareness. They are therefore easy targets. Many have suffered severe business outages due to hacking attacks such as crypto-locking or DDOS, both typically as part of extortion attempts. Slowly their awareness of the risks and their efforts have improved. However, their pace of protection is still falling short of the faster pace of the attackers. Therefore, we ask how we can improve risk awareness and overcome the challenges in small and medium businesses that limit the current rate of security improvements.

 

Project goals or questions:

  • Identify typical deficits in IT security for small and medium companies
  • Describe the limiting factors that prevent the necessary adjustments to technology, processes and people
  • Propose a set of measures that help small and medium companies overcome the above limitations

Desired skills or interest areas of students:  basic technology knowledge, some IT security expertise is a plus, basic psychology, business management / finance, marketing

Location:  We can accommodate 4-5 students working on-site at our office in Zurich, Switzerland

Name, position, department of on-site mentor:  Bertram Dunskus, M. Sc. Computer Science, WPI 1994

Mentor’s email address(es): bertram@aristoconsulting.ch