Cybersecurity for SMEs: Introducing the Human Element into Socio-technical Cybersecurity Risk Assessment

Boletsis, Costas; Halvorsrud, Ragnhild; Pickering, J. Brian; Phillips, Stephen; Surridge, Mike

doi:10.5220/0010332902660274

Cited by 12 publications

(17 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The information could be about national investments, defence plans, or citizen identity, among other things. Attempts by adversaries or hackers to breach SMEs companies' computers and gain access to public data, such as an adversary country obtaining defence blueprints through a breach of SMEs companies' system, are also possible in the future (Bilodeau et al, 2019;Boletsis et al, 2021). As a result, the companies' overall security is jeopardised, proving once again that cyber security is critical and required to protect sensitive personal data (Antunes et al, 2021;Benz & Chatterjee, 2020).…”

Section: The Importance Of Cyber Security In Smes Companiesmentioning

confidence: 99%

“…There are several recommended solutions and measures to consider, and cybersecurity does not have to be expensive to implement and maintain for SMEs. Cybersecurity training is required for SMEs to manage and maintain their IT systems by employees who do not have formal cybersecurity training (Boletsis et al, 2021). SMEs typically prefer in-house IT expertise over outsourced IT expertise.…”

Section: Solutions For Cybersecurity Among Smes Companiesmentioning

confidence: 99%

See 1 more Smart Citation

CYBER SECURITY IN SMALL AND MEDIUM ENTERPRISES (SMEs)

Wallang

Shariffuddin

Mokhtar

2022

jgd

View full text Add to dashboard Cite

The Fourth Industrial Revolution (IR4.0) has provided immense benefits for the sustainability of businesses, with many businessesutilising websites to sell their products and services internationally. Cybersecurity has nonetheless emerged as one of the most significant global challenges posed by this new digitization trend. Currently, more than sixty percent of commercial transactions are conducted online or via digital wallets, necessitating exceptional security for transparent and secure transactions. Individuals are unable to maintain the security of their private data because of these evolving technologies, and cybercrime is on the rise. Information security is one of the most complex issues currently. Cybercrimes, which are increasing at an alarming rate, are the first thing that comes to mind when we think about cyber security. Consequently, numerous governments and corporations are enhancing their cybersecurity tools to combat cybercrime. Despite numerous precautions, cyber threats remain a major concern not only for government and large businesses, but also for Small and Medium-Sized Businesses (SMEs) companies. This paper examines the challenges and solutions faced by small and medium-sized enterprises (SMEs) in relation to cyber security issues. In addition, it also examines the Malaysian context that may hinder the cybersecurity adoption gap for risk mitigation and high security in operational and development business environments.

show abstract

Section: The Importance Of Cyber Security In Smes Companiesmentioning

confidence: 99%

Section: Solutions For Cybersecurity Among Smes Companiesmentioning

confidence: 99%

CYBER SECURITY IN SMALL AND MEDIUM ENTERPRISES (SMEs)

Wallang

Shariffuddin

Mokhtar

2022

jgd

View full text Add to dashboard Cite

show abstract

“…Regarding the impact of cyberawareness in Small-Medium Enterprises (SME), Boletsis et al [23] and Antunes et al [24] have pointed out the key factors and the cyberawareness best practices that should be adopted in this type of organization. In healthcare institutions, Nunes et al [25] evaluated the cybersecurity awareness level of health practitioners in hospitals and identified the associated risk.…”

Section: Literature Reviewmentioning

confidence: 99%

An Integrated Cybernetic Awareness Strategy to Assess Cybersecurity Attitudes and Behaviours in School Context

2021

View full text Add to dashboard Cite

Digital exposure to the Internet among the younger generations, notwithstanding their digital abilities, has increased and raised the alarm regarding the need to intensify the education on cybersecurity in schools. Understanding of the human factor and its influence on children, namely their attitudes and behaviors online, is pivotal to reinforce their awareness towards cyberattacks, and to promote their digital citizenship. This paper aims to present an integrated cybersecurity and cyberawareness strategy composed of three major steps: (1) Cybersecurity attitude and behavior assessment, (2) self-diagnosis, and (3) teaching/learning activities. The following contributions are made: Two questionnaires to assess risky attitudes and behaviors regarding cybersecurity; a self-diagnosis to measure students’ skills on cybersecurity; a lesson plan addressing cyberawareness to be applied on Information and Communications Technology (ICT) and citizenship education curricular units. Cybersecurity risky attitudes and behaviors were evaluated in a junior high school population of 164 students attending the sixth and ninth grades. The assessment focused on two main subjects: To identify the attitudes and behaviors that raise the risk on cybersecurity among the participating students; to characterize the acquired students’ cybersecurity and cyberawareness skills. Global and individual scores and the histograms for attitudes and behaviors are presented. The items in which we have observed significant differences between sixth and ninth grades are depicted and quantified by their corresponding p-values obtained through the Mann–Whitney non-parametric test. Regarding the results obtained on the assessment of attitudes and behaviors, although positive, we observed that the attitudes and behaviors in ninth grade students are globally inferior compared to those attained by sixth grade students. The deployed strategy for cyberawareness was applied in a school context; however, the same approach is suitable to be applied in other types of organizations, namely enterprises, healthcare institutions and public sector.

show abstract

“…While the socio-technical nature of information technology (IT)-use [13], [14], security [15], and more specifically, ISP-compliance [16] calls for the simultaneous consideration of the social and technical sides of security, these two have been studied mostly in isolation [16], [17]. As Gwebu et al [18, pp.…”

Section: Introductionmentioning

confidence: 99%

Employees' Compliance with ISP: A Socio-Technical Conceptual Model

Falahati¹,

Lapointe²,

Beaudry³

2022

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Employees' compliance with Information Systems Security Policies (ISP) is critical for protecting organizational data. Both the technical side and the social aspects of IT-use were shown to have significant influence on ISP-compliance. However, they have been mostly studied in isolation, despite the literature's emphasis on the socio-technical nature of security. Also, while the technical side has been extensively explored, there is a scarcity of research on the social mechanisms that underlie ISP-compliance. Here, we aim at bridging the gap between the technical and social sides of compliance. We also build upon Social Impact Theory to provide a more nuanced understanding of the social influence on ISP-compliance. We suggest that transparency of use is associated with the three pivotal elements of social influence, namely, perceived strength, immediacy, and number of influencing sources, which trigger normative and informational forces towards compliance. The influence of organizational ISP-compliance culture is also discussed.

show abstract

Cybersecurity for SMEs: Introducing the Human Element into Socio-technical Cybersecurity Risk Assessment

Cited by 12 publications

References 22 publications

CYBER SECURITY IN SMALL AND MEDIUM ENTERPRISES (SMEs)

CYBER SECURITY IN SMALL AND MEDIUM ENTERPRISES (SMEs)

An Integrated Cybernetic Awareness Strategy to Assess Cybersecurity Attitudes and Behaviours in School Context

Employees' Compliance with ISP: A Socio-Technical Conceptual Model

Contact Info

Product

Resources

About