On small-scale IT users' system architectures and cyber security: A UK case study

Osborn, Emma; Simpson, Andrew

doi:10.1016/j.cose.2017.05.001

Cited by 19 publications

(12 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The inability to gather data from diverse small businesses is a significant barrier to cyber-security research [16,57,58,59,22]. Consistently low response rates to broad-based voluntary surveys highlight the difficulty in obtaining a comprehensive sample.…”

Section: The Elusive Cohortmentioning

confidence: 99%

“…Valli et al [16] survey Western Australian SMEs and call for cyber-security education for SMEs, while Dojkovki et al [17,18,19] highlight the influence of Australian culture on SME cyber-security. Internationally, reviews of SME cyber-security (albeit with different size definitions) emphasise ineffective security management practices [20] and differences between SMEs and large corporations [21,22]. Other research offers global insights into culture [23], strategies [24], policies [25] and specific technologies [26].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

The Good, The Bad and The Missing: A Narrative Review of Cyber-security Implications for Australian Small Businesses

Tam,

Rao,

Hall

2021

Preprint

View full text Add to dashboard Cite

Small businesses (0-19 employees) are becoming attractive targets for cyber-criminals, but struggle to implement cyber-security measures that large businesses routinely deploy. There is an urgent need for effective and suitable cyber-security solutions for small businesses as they employ a significant proportion of the workforce.In this paper, we consider the small business cyber-security challenges not currently addressed by research or products, contextualised via an Australian lens. We also highlight some unique characteristics of small businesses conducive to cyber-security actions.Small business cyber-security discussions to date have been narrow in focus and lack re-usability beyond specific circumstances. Our study uses global evidence from industry, government and research communities across multiple disciplines. We explore the technical and non-technical factors negatively impacting a small business' ability to safeguard itself, such as resource constraints, organisational process maturity, and legal structures. Our research shows that some small business characteristics, such as agility, large cohort size, and piecemeal IT architecture, could allow for increased cyber-security.We conclude that there is a gap in current research in small business cyber-security. In addition, legal and policy work are needed to help small businesses become cyber-resilient.

show abstract

Section: The Elusive Cohortmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

The Good, The Bad and The Missing: A Narrative Review of Cyber-security Implications for Australian Small Businesses

Tam,

Rao,

Hall

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Several barriers can be extrapolated from the literature that the U.K. SMEs need to face when trying to achieve positive cybersecurity postures [27,7,2,23]. These barriers include: lack of time or financial resource; lack of understanding the risks or threats; lack of incentives to undertake standards or change behaviours; lack of pressure for cyber security within their supply chain or via consumers; lack of compliance drivers; lack of trust in experts or quality of information (including a single source); lack of expertise within the business; and unclear or confusing legislation requirements.…”

Section: Information Availability and Its Dispersion To Smesmentioning

confidence: 99%

Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K.

Rae

Patel

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The 5.7 million small to medium enterprises (SMEs) in the U.K. play a vital role in the national economy, contributing 51% of the private sector. However, the cyber threats for SMEs are increasing with four in ten of businesses experiencing a cyber attack in the last twelve months. One significant treatment of this growing concern is in the implementation of long-established information security standards and bestpractices. Yet, most SMEs are not undergoing the certication process, even though the current threats are now widely published by the government. In this paper, we look at the disconnect of cyber threats faced by SMEs considering their current security postures and perceptions. We also identify the influencing factors needed to improve security behaviours and engagements with information security best-practices. We then propose a new foundational composite cybersecurity rating scheme aimed at SMEs. The focus of our scheme is to ascertain and measure the security behaviours, perceptions and risk propensity of each SME, as well as their technical systems. To that end, we define our 5x5 matrices based scheme by combining the measurements ascertained from the behavioural as well as technical audits. The preliminary evaluation results demonstrate that this approach provides a higher level of insight, engagement and accuracy as to an SME's individual security posture.

show abstract

“…Kaušpadien_ e, Ramanauskait_ e and Cenys (Kaušpadien_ e et al, 2019) assessed existing information security frameworks to evaluate their suitability for small and medium enterprises (SMEs) and defined which criteria are the most relevant for SMEs. Several studies focused on identifying what SMEs had done regarding cybersecurity risks and decisions (Yildirim et al, 2011;Osborn and Simpson, 2017;Berry and Berry, 2018).…”

Section: Introductionmentioning

confidence: 99%

What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case

Yudhiyati

Putritama

Rahmawati

2021

JICES

View full text Add to dashboard Cite

Purpose This study aims to identify and analyse the issues faced by internet-based small businesses in developing countries regarding cybersecurity and document how these businesses address the risks. Design/methodology/approach This study used the qualitative method. Respondents were internet-based small businesses selected by using theoretical sampling. Data were collected by using interviews and observations. The validity of the analysis was ensured by using triangulation and member checking. Findings This study reveals that small businesses managed to identify the loss of physical and monetary assets as possible damage. However, only a few businesses identified loss of intangible assets as possible cyber risks. Most small businesses had used basic cybersecurity measures to protect data access and some primary business activities. Unfortunately, they rarely take initiatives in preventing and early detecting cyber risks. Research limitations/implications Findings of this study cannot be generalised as it aims to obtain new insights and document unexplored findings. Thus, if this study’s findings are going to be generalised, it is necessary to conduct an additional study. Secondly, this study did not assess how far small business had fulfilled the relevant information security framework as assessment required additional research, and this study only aimed to map the current situation in small businesses. Practical implications This study emphasised the importance of identifying valuable assets or resources when implementing cybersecurity measures. Focusing on security measures to protect identified assets from cyber risk will make the efforts more efficient and effective than using standardised cybersecurity measures. Third-party developers can also use this study to understand small businesses’ current cybersecurity implementation and their characters to design online platforms that suit these needs. Governments can also design educational activities that address small businesses’ lack of knowledge. Originality/value Most studies which focus on small businesses and information technology (IT) usually only discuss how they use IT. This study also brings new contributions by focusing on developing countries and specifically addresses internet-based technology cyber risk faced by e-commerce businesses. The qualitative method is used as most studies in e-commerce adoption were positivistic in nature, and inductive-based studies were rarely found on the topic.

show abstract

On small-scale IT users' system architectures and cyber security: A UK case study

Cited by 19 publications

References 30 publications

The Good, The Bad and The Missing: A Narrative Review of Cyber-security Implications for Australian Small Businesses

The Good, The Bad and The Missing: A Narrative Review of Cyber-security Implications for Australian Small Businesses

Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K.

What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case

Contact Info

Product

Resources

About