Cybersecurity and the unbearability of uncertainty

Karen Renaud, George R S Weir

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

1 Citation (Scopus)

Abstract

Cyber criminals increasingly target Small and Medium Sized Businesses (SMEs) since they are perceived to have the weakest defences. Some will not survive a cyber attack, and others will have their ability to continue trading seriously impaired. There is compelling evidence that, at present, SMEs do not seem to be implementing all the advisable security measures which could help them to resist such attacks. Many in the security industry believe that this is because SMEs do not take the threat seriously. This paper reports on a study to find out whether this is the case, or not. The primary finding is that most SMEs do care about the threat but that very few implement even a small subset of the available security precautions. One contributory factor seemed to be the uncertainty caused by the wealth of conflicting and confusing online advice offered by industry and official bodies. This seemed to be hindering rather than helping SMEs so that they did not know what actions to take to improve their resilience. The conclusion is a recommendation for actions to be taken to better inform SMEs and help them to secure their systems more effectively.

LanguageEnglish
Title of host publication2016 Cybersecurity and Cyberforensics Conference (CCC)
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages137-143
Number of pages7
ISBN (Print)9781509026579
DOIs
Publication statusPublished - 20 Oct 2016
Event1st Cybersecurity and Cyberforensics Conference, CCC 2016 - Amman, Jordan
Duration: 2 Aug 20164 Aug 2016

Conference

Conference1st Cybersecurity and Cyberforensics Conference, CCC 2016
CountryJordan
CityAmman
Period2/08/164/08/16

Fingerprint

security industry
uncertainty
threat
resilience
Industry
industry
present
ability
evidence
Uncertainty

Keywords

  • measurement uncertainty
  • computer security
  • loss measurement
  • small to medium enterprises

Cite this

Renaud, K., & Weir, G. R. S. (2016). Cybersecurity and the unbearability of uncertainty. In 2016 Cybersecurity and Cyberforensics Conference (CCC) (pp. 137-143). Piscataway, NJ: Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CCC.2016.29
Renaud, Karen ; Weir, George R S. / Cybersecurity and the unbearability of uncertainty. 2016 Cybersecurity and Cyberforensics Conference (CCC). Piscataway, NJ : Institute of Electrical and Electronics Engineers Inc., 2016. pp. 137-143
@inproceedings{31e15b483d814f09a52a7273e33a8c13,
title = "Cybersecurity and the unbearability of uncertainty",
abstract = "Cyber criminals increasingly target Small and Medium Sized Businesses (SMEs) since they are perceived to have the weakest defences. Some will not survive a cyber attack, and others will have their ability to continue trading seriously impaired. There is compelling evidence that, at present, SMEs do not seem to be implementing all the advisable security measures which could help them to resist such attacks. Many in the security industry believe that this is because SMEs do not take the threat seriously. This paper reports on a study to find out whether this is the case, or not. The primary finding is that most SMEs do care about the threat but that very few implement even a small subset of the available security precautions. One contributory factor seemed to be the uncertainty caused by the wealth of conflicting and confusing online advice offered by industry and official bodies. This seemed to be hindering rather than helping SMEs so that they did not know what actions to take to improve their resilience. The conclusion is a recommendation for actions to be taken to better inform SMEs and help them to secure their systems more effectively.",
keywords = "measurement uncertainty, computer security, loss measurement, small to medium enterprises",
author = "Karen Renaud and Weir, {George R S}",
year = "2016",
month = "10",
day = "20",
doi = "10.1109/CCC.2016.29",
language = "English",
isbn = "9781509026579",
pages = "137--143",
booktitle = "2016 Cybersecurity and Cyberforensics Conference (CCC)",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

Renaud, K & Weir, GRS 2016, Cybersecurity and the unbearability of uncertainty. in 2016 Cybersecurity and Cyberforensics Conference (CCC). Institute of Electrical and Electronics Engineers Inc., Piscataway, NJ, pp. 137-143, 1st Cybersecurity and Cyberforensics Conference, CCC 2016, Amman, Jordan, 2/08/16. https://doi.org/10.1109/CCC.2016.29

Cybersecurity and the unbearability of uncertainty. / Renaud, Karen; Weir, George R S.

2016 Cybersecurity and Cyberforensics Conference (CCC). Piscataway, NJ : Institute of Electrical and Electronics Engineers Inc., 2016. p. 137-143.

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

TY - GEN

T1 - Cybersecurity and the unbearability of uncertainty

AU - Renaud, Karen

AU - Weir, George R S

PY - 2016/10/20

Y1 - 2016/10/20

N2 - Cyber criminals increasingly target Small and Medium Sized Businesses (SMEs) since they are perceived to have the weakest defences. Some will not survive a cyber attack, and others will have their ability to continue trading seriously impaired. There is compelling evidence that, at present, SMEs do not seem to be implementing all the advisable security measures which could help them to resist such attacks. Many in the security industry believe that this is because SMEs do not take the threat seriously. This paper reports on a study to find out whether this is the case, or not. The primary finding is that most SMEs do care about the threat but that very few implement even a small subset of the available security precautions. One contributory factor seemed to be the uncertainty caused by the wealth of conflicting and confusing online advice offered by industry and official bodies. This seemed to be hindering rather than helping SMEs so that they did not know what actions to take to improve their resilience. The conclusion is a recommendation for actions to be taken to better inform SMEs and help them to secure their systems more effectively.

AB - Cyber criminals increasingly target Small and Medium Sized Businesses (SMEs) since they are perceived to have the weakest defences. Some will not survive a cyber attack, and others will have their ability to continue trading seriously impaired. There is compelling evidence that, at present, SMEs do not seem to be implementing all the advisable security measures which could help them to resist such attacks. Many in the security industry believe that this is because SMEs do not take the threat seriously. This paper reports on a study to find out whether this is the case, or not. The primary finding is that most SMEs do care about the threat but that very few implement even a small subset of the available security precautions. One contributory factor seemed to be the uncertainty caused by the wealth of conflicting and confusing online advice offered by industry and official bodies. This seemed to be hindering rather than helping SMEs so that they did not know what actions to take to improve their resilience. The conclusion is a recommendation for actions to be taken to better inform SMEs and help them to secure their systems more effectively.

KW - measurement uncertainty

KW - computer security

KW - loss measurement

KW - small to medium enterprises

UR - http://www.scopus.com/inward/record.url?scp=84994894139&partnerID=8YFLogxK

U2 - 10.1109/CCC.2016.29

DO - 10.1109/CCC.2016.29

M3 - Conference contribution book

SN - 9781509026579

SP - 137

EP - 143

BT - 2016 Cybersecurity and Cyberforensics Conference (CCC)

PB - Institute of Electrical and Electronics Engineers Inc.

CY - Piscataway, NJ

ER -

Renaud K, Weir GRS. Cybersecurity and the unbearability of uncertainty. In 2016 Cybersecurity and Cyberforensics Conference (CCC). Piscataway, NJ: Institute of Electrical and Electronics Engineers Inc. 2016. p. 137-143 https://doi.org/10.1109/CCC.2016.29