Cybersecurity and the unbearability of uncertainty

Renaud, Karen and Weir, George R S; (2016) Cybersecurity and the unbearability of uncertainty. In: 2016 Cybersecurity and Cyberforensics Conference (CCC). IEEE, JOR, pp. 137-143. ISBN 9781509026579 (https://doi.org/10.1109/CCC.2016.29)

[thumbnail of Renaud-Weir-CCC-2016-Cybersecurity-and-the-unbearability]
Preview
Text. Filename: Renaud_Weir_CCC_2016_Cybersecurity_and_the_unbearability.pdf
Accepted Author Manuscript

Download (408kB)| Preview

Abstract

Cyber criminals increasingly target Small and Medium Sized Businesses (SMEs) since they are perceived to have the weakest defences. Some will not survive a cyber attack, and others will have their ability to continue trading seriously impaired. There is compelling evidence that, at present, SMEs do not seem to be implementing all the advisable security measures which could help them to resist such attacks. Many in the security industry believe that this is because SMEs do not take the threat seriously. This paper reports on a study to find out whether this is the case, or not. The primary finding is that most SMEs do care about the threat but that very few implement even a small subset of the available security precautions. One contributory factor seemed to be the uncertainty caused by the wealth of conflicting and confusing online advice offered by industry and official bodies. This seemed to be hindering rather than helping SMEs so that they did not know what actions to take to improve their resilience. The conclusion is a recommendation for actions to be taken to better inform SMEs and help them to secure their systems more effectively.