A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs

Renaud, Karen; Ophoff, Jacques

doi:10.1108/ocj-03-2021-0004

Cited by 20 publications

(21 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Since the first wave of Covid-19, studies highlight that SMEs do not consider themselves favorable targets for cybercrime since they are 'small' [5], [13]. Among the causes of the increased exposure of small businesses are factors ranging from low cybersecurity awareness of personnel, † The Digital Attacks Observatory (OAD) is the only independent online survey in Italy concerned with collecting data regarding digital attacks on IT systems witnessed by companies and public bodies.…”

Section: Cybersecurity: the Context Of Smesmentioning

confidence: 99%

“…The Allianz Risk Barometer (2022) [4], to which 2,650 risk management experts from 89 countries contributed, reflects this development: cyber incidents have replaced 'business and supply chain interruption' as the top risk. Furthermore, numerous previous studies revealed that SME respondents have reported cyberattacks (e.g., [5]). Consequently, businesses risk millions in damages, reputational losses [6], and business interruptions that jeopardize their continuity and sustainability.…”

Section: Introductionmentioning

confidence: 99%

“…In contrast to large-size organizations, SMEs typically suffer from a lack of knowledge, expertise, and resources [3], [10]. In general, due to their low level of awareness with respect to cyber threat reality, they seldom perform thorough cyber-risk assessments and have been shown to have poor cybersecurity adoption [5].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

CyberSecurity Readiness: A Model for SMEs based on the Socio-Technical Perspective

Perozzo¹,

Zaghloul²,

Ravarini³

2022

CSIMQ

View full text Add to dashboard Cite

Like most companies, small and medium-sized enterprises (SMEs) have become reliant on digital technology for their day-to-day business operations. While valuable, this comes with challenges; one of which is the rise in cybercrime. In terms of their cybersecurity resilience and risk, SMEs are among the most vulnerable and least mature. This article addresses a gap in the literature that has neglected cybersecurity readiness in SMEs. The study proposes a CyberSecurity Readiness Model for SMEs (CSRM-SME) based on a Socio-Technical view of organizations. The model was applied to three SMEs to assess their cybersecurity readiness and further understand the environment and strategies adopted to prevent and manage cyber-attacks.

show abstract

Section: Cybersecurity: the Context Of Smesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

CyberSecurity Readiness: A Model for SMEs based on the Socio-Technical Perspective

Perozzo¹,

Zaghloul²,

Ravarini³

2022

CSIMQ

View full text Add to dashboard Cite

show abstract

“…Small and Medium Businesses (SMBs) are significant to economic development in most countries, especially within the western world, as they represent the majority of businesses (Renaud & Ophoff, 2021;Ward, 2021). Gafni and Pavel (2019) noted that SMBs, a term usually used in the United States (U.S.), while in Europe it is known as Small and Medium Enterprises (SME), may vary in size between countries.…”

Section: Introductionmentioning

confidence: 99%

Towards the quantification of cybersecurity footprint for SMBs using the CMMC 2.0

Levy

Gafni

2022

OJAKM

View full text Add to dashboard Cite

Organizations, small and big, are faced with major cybersecurity challenges over the past several decades, as the proliferation of information systems and mobile devices expand. While larger organizations invest significant efforts in developing approaches to deal with cybersecurity incidents, Small and Medium Businesses (SMBs) are still struggling with ways to both keep their businesses alive and secure their systems to the best of their abilities. When it comes to critical systems, such as defense industries, the interconnectivities of organizations in the supply-chain have demonstrated to be problematic given the depth required to provide a high-level cybersecurity posture. The United States (U.S.) Department of Defense (DoD) with the partnership of the Defense Industry Base (DIB) have developed the Cybersecurity Maturity Model Certification (CMMC) in 2020 with a third-party mandate for Level 1 certification. Following an outcry from many DIB organizations, a newly revised CMMC 2.0 was introduced in late 2021 where Level 1 (Fundamental) was adjusted for annual self-assessment. CMMC 2.0 provides the 17 practices that organizations should self-assess. While these 17 practices provide initial guidance for assessment, the specific level of measurement and how it impacts their overall cybersecurity posture is vague. Specifically, many of these practices use non-quantifiable terms such as “limit”, “verify”, “control”, “identify”, etc. The focus of this work is to provide SMBs with a quantifiable method to self-assess their Cybersecurity Footprint following the CMMC 2.0 Level 1 practices. This paper outlines the foundational literature work conducted in support of the proposed quantification Cybersecurity Footprint Index (CFI) using 26 elements that correspond to the relevant CMMC 2.0 Level 1 practices.

show abstract

“…In order to sustain its growth and contribution to the economic growth value-chain system, it is required that MSEs report any cybersecurity incidents that occur in their business operations to the CSIRT or SOC in their sector. However, many MSEs are seen to have a very weak defence against cyber-attacks and lack the importance of cybersecurity; thus, they do not have good knowledge of the precautions to adopt in the face of cyber incidents [8][9][10][11]. For cybersecurity incidents to be reported, stakeholders of MSEs need to know the medium of reporting, and the organisations they should report attacks to.…”

Section: Introductionmentioning

confidence: 99%

Improving cybersecurity incidents reporting in Nigeria: micro and small enterprises perspectives

Ikuero¹,

Zeng²

2022

Nig. J. Tech.

View full text Add to dashboard Cite

Leveraging on the provisions of the internet enhances the productivity of Micro and Small Enterprises (MSEs), increases industrial growth and their contributions to national prosperity. Every cyber-attack against their businesses should be reported to the requisite incident response body through the appropriate channels for quick recovery from attack. This research examines how the MSEs in Nigeria report cybersecurity incidents. This study surveyed 100 MSEs. The outcome of the research shows that 72% of the MSEs is unaware of the channel of reporting cyber incidents and does not report cyber incidents. Participants totaling 90% believe that the Sectoral Computer Security Incident Response Team (CSIRT) could improve on reporting of cybersecurity incidents through sensitisation. Amongst others, we recommended the Sectoral CSIRTs were to develop an Incident Report and Response Plan (IRRP) for managing cybersecurity incidents in MSEs.

show abstract

A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs

Cited by 20 publications

References 43 publications

CyberSecurity Readiness: A Model for SMEs based on the Socio-Technical Perspective

CyberSecurity Readiness: A Model for SMEs based on the Socio-Technical Perspective

Towards the quantification of cybersecurity footprint for SMBs using the CMMC 2.0

Improving cybersecurity incidents reporting in Nigeria: micro and small enterprises perspectives

Contact Info

Product

Resources

About