| dc.description.abstract | As technology is evolving so is the cybercrime, there are new tools and techniques for cyberattacks being developed continuously (Bendovschi, 2015, p. 24). Every business, no matter what size it is, faces some form of digital threat every day. Without knowledge about these threats a business can very quickly find itself in a tough situation with consequences that can shut down a business for good in a matter of hours. The digitalization has progressed quickly and may have created room for threats that we don’t necessarily have control over. A couple of very simple cybersecurity measures can sometimes be a deciding factor in preventing a cyberattack. The aim of this thesis is to discover how significant the cybersecurity risks are for SMEs (small and medium-sized enterprises), whether the SMEs are aware of these risks, and to present a framework which can help SMEs incorporate a strategy to manage cybersecurity risks.
The most common causes of a successful cyberattack in SME sector are based around not having enough competence or technical tools in this field. Not only does successful cyberattack affect a business financially, but usually also comes with reputational damage if the case of a cyberattack was to go public. In addition, through the eyes of cyber criminals SMEs are seen as an easy target since attacking these organization brings in hardly any attention of media or law enforcement. The SMEs are therefore completely on their own in this battle, and therefore need to take responsibility themselves instead of allowing their “fate to rest on someone else’s hands”. There can be seen a slight increase in awareness towards cybersecurity risks, but not nearly as much as it should be considering how impactful these risks can be. It is very difficult to say for sure what the reason behind it is, but it seems that the lack of “talk” about successful cyberattacks in the business world contributes to it greatly. But on the other hand, it is understandable that businesses won’t go public with information about being targeted by cyber criminals since everyone wants to keep their reputation intact.
This thesis offers a framework which SMEs can use to build a resilient system against cybersecurity risks. The framework that is presented also addresses the challenge most SMEs have which is very limited resources to devote to cybersecurity. Therefore this framework offers a simple process which can benefit an organization significantly. The framework incorporates risk science and is inspired by an international standard for information security management and emphasizes three key points which can point an organization in the right direction: risk assessment, leadership, and employee awareness and training. | |
