SMEs’ Confidentiality Concerns for Security Information Sharing

Shojaifar, Alireza; Fricker, Samuel

doi:10.1007/978-3-030-57404-8_22

Cited by 2 publications

(5 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Especially the sharing of threat [16][17][18] and incident [19] information gained acceptance and popularity. Privacy concerns still remain regarding the sharing of cybersecurity intelligence [20,21]. However, the focus has now shifted to finding solutions rather than simply detailing problems [22][23][24].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Shared Cyber Threat Intelligence Solution for SMEs

Haastrecht

Golpur²,

Tzismadia³

et al. 2021

Electronics

View full text Add to dashboard Cite

Small- and medium-sized enterprises (SMEs) frequently experience cyberattacks, but often do not have the means to counter these attacks. Therefore, cybersecurity researchers and practitioners need to aid SMEs in their defence against cyber threats. Research has shown that SMEs require solutions that are automated and adapted to their context. In recent years, we have seen a surge in initiatives to share cyber threat intelligence (CTI) to improve collective cybersecurity resilience. Shared CTI has the potential to answer the SME call for automated and adaptable solutions. Sadly, as we demonstrate in this paper, current shared intelligence approaches scarcely address SME needs. We must investigate how shared CTI can be used to improve SME cybersecurity resilience. In this paper, we tackle this challenge using a systematic review to discover current state-of-the-art approaches to using shared CTI. We find that threat intelligence sharing platforms such as MISP have the potential to address SME needs, provided that the shared intelligence is turned into actionable insights. Based on this observation, we developed a prototype application that processes MISP data automatically, prioritises cybersecurity threats for SMEs, and provides SMEs with actionable recommendations tailored to their context. Subsequent evaluations in operational environments will help to improve our application, such that SMEs are enabled to thwart cyberattacks in future.

show abstract

Section: Introductionmentioning

confidence: 99%

“…SMEs have their own concerns regarding information sharing [21], and certainly require different treatments and solutions than other enterprise types [31]. This is perhaps most true for the least digitally mature SME categories: start-ups and digitally dependent SMEs.…”

Section: Introductionmentioning

confidence: 99%

A Shared Cyber Threat Intelligence Solution for SMEs

Haastrecht

Golpur²,

Tzismadia³

et al. 2021

Electronics

View full text Add to dashboard Cite

show abstract

“…An important facet in harbouring user trust is adequately addressing confidentiality concerns [45]. The GEIGER indicator is computed for each employee and no sharing -to the employees' supervisor or the GEIGER cloud -is allowed before the consent of this employee.…”

Section: Discussion and Limitationsmentioning

confidence: 99%

“…Yet, we wish to go further than just compliance. Since the accuracy of the GEIGER indicator is largely determined by the amount of data underlying its value, it will be necessary to create a comfortable environment for the user to provide consent to information sharing [45]. However, we recognise that it will be challenging to find the right balance between pushing users to share data and providing a comfortable setting, as these are somewhat conflicting goals.…”

Section: Discussion and Limitationsmentioning

confidence: 99%

See 1 more Smart Citation

A Threat-Based Cybersecurity Risk Assessment Approach Addressing SME Needs

Haastrecht

Sarhan

Shojaifar

et al. 2021

Proceedings of the 16th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Cybersecurity incidents are commonplace nowadays, and Smalland Medium-Sized Enterprises (SMEs) are exceptionally vulnerable targets. The lack of cybersecurity resources available to SMEs implies that they are less capable of dealing with cyber-attacks. Motivation to improve cybersecurity is often low, as the prerequisite knowledge and awareness to drive motivation is generally absent at SMEs. A solution that aims to help SMEs manage their cybersecurity risks should therefore not only offer a correct assessment but should also motivate SME users. From Self-Determination Theory (SDT), we know that by promoting perceived autonomy, competence, and relatedness, people can be motivated to take action. In this paper, we explain how a threat-based cybersecurity risk assessment approach can help to address the needs outlined in SDT. We propose such an approach for SMEs and outline the data requirements that facilitate automation. We present a practical application covering various user interfaces, showing how our threat-based cybersecurity risk assessment approach turns SME data into prioritised, actionable recommendations. CCS CONCEPTS• Security and privacy → Systems security; Human and societal aspects of security and privacy.

show abstract

SMEs’ Confidentiality Concerns for Security Information Sharing

Cited by 2 publications

References 21 publications

A Shared Cyber Threat Intelligence Solution for SMEs

A Shared Cyber Threat Intelligence Solution for SMEs

A Threat-Based Cybersecurity Risk Assessment Approach Addressing SME Needs

Contact Info

Product

Resources

About