Cybersecurity in small and medium-sized enterprises

As technology is evolving so is the cybercrime, there are new tools and techniques for cyberattacks being developed continuously (Bendovschi, 2015, p. 24). Every business, no matter what size it is, faces some form of digital threat every day. Without knowledge about these threats a business can very quickly find itself in a tough situation with consequences that can shut down a business for good in a matter of hours. The digitalization has progressed quickly and may have created room for threats that we don’t necessarily have control over. A couple of very simple cybersecurity measures can sometimes be a deciding factor in preventing a cyberattack. The aim of this thesis is to discover how significant the cybersecurity risks are for SMEs (small and medium-sized enterprises), whether the SMEs are aware of these risks, and to present a framework which can help SMEs incorporate a strategy to manage cybersecurity risks. The most common causes of a successful cyberattack in SME sector are based around not having enough competence or technical tools in this field. Not only does successful cyberattack affect a business financially, but usually also comes with reputational damage if the case of a cyberattack was to go public. In addition, through the eyes of cyber criminals SMEs are seen as an easy target since attacking these organization brings in hardly any attention of media or law enforcement. The SMEs are therefore completely on their own in this battle, and therefore need to take responsibility themselves instead of allowing their “fate to rest on someone else’s hands”. There can be seen a slight increase in awareness towards cybersecurity risks, but not nearly as much as it should be considering how impactful these risks can be. It is very difficult to say for sure what the reason behind it is, but it seems that the lack of “talk” about successful cyberattacks in the business world contributes to it greatly. But on the other hand, it is understandable that businesses won’t go public with information about being targeted by cyber criminals since everyone wants to keep their reputation intact. This thesis offers a framework which SMEs can use to build a resilient system against cybersecurity risks. The framework that is presented also addresses the challenge most SMEs have which is very limited resources to devote to cybersecurity. Therefore this framework offers a simple process which can benefit an organization significantly. The framework incorporates risk science and is inspired by an international standard for information security management and emphasizes three key points which can point an organization in the right direction: risk assessment, leadership, and employee awareness and training

Information Security Assessment of the Norwegian SMB-Sector: A Study of Culture, Leadership and Cost

The aim of this study was to contribute to the understanding of information security practices and challenges in small and medium-sized businesses in Norway. The research focuses on organizational culture and leadership practices related to information security. Additionally, the study has been interested in mapping the number of security incidents, as well as their associated costs. The study collected a fresh set of data by conducting a survey of 236 small and medium-sized businesses across various industries and between the 11 Norwegian counties. The findings reveal that a significant number of Norwegian SMBs have experienced information security incidents over the past four years. While some incidents were severe and resulted in substantial costs, the median cost of incidents was found to be moderate and manageable for most businesses. However, it is emphasized that businesses should constantly raise their security levels to prepare for worst- case scenarios. Furthermore, the study highlights the role of cyber insurance in protecting businesses against data breaches. Approximately one out of every six participants reported that their organization had purchased cyber insurance and the findings show an increased likelihood to invest in such coverage for organizations that had experienced data breaches. This may indicate that the organizations recognize the importance of increasing security measures following a security incident. Interestingly, the research does not find a statistically significant relationship between the “Culture Security Level” and the probability or cost of incidents. The study acknowledges limitations in the methodology used to assess the “Culture Security Level” and highlights the need for further research. Based on the findings, it is concluded that the Norwegian SMB sector on average does not possess sufficient security measures to mitigate information security risk adequately. Overall, this thesis provides valuable insight into the information security landscape of Norwegian SMBs, highlights the challenges and offers recommendations for improving security practices

A digitalized society in front of the cyberwar - are we prepared? A case study of four Norwegian organizations

Masteroppgave i økonomistyring (MSc) 201

The Global Risks Report 2016, 11th Edition

Now in its 11th edition, The Global Risks Report 2016 draws attention to ways that global risks could evolve and interact in the next decade. The year 2016 marks a forceful departure from past findings, as the risks about which the Report has been warning over the past decade are starting to manifest themselves in new, sometimes unexpected ways and harm people, institutions and economies. Warming climate is likely to raise this year's temperature to 1° Celsius above the pre-industrial era, 60 million people, equivalent to the world's 24th largest country and largest number in recent history, are forcibly displaced, and crimes in cyberspace cost the global economy an estimated US$445 billion, higher than many economies' national incomes. In this context, the Reportcalls for action to build resilience – the "resilience imperative" – and identifies practical examples of how it could be done.The Report also steps back and explores how emerging global risks and major trends, such as climate change, the rise of cyber dependence and income and wealth disparity are impacting already-strained societies by highlighting three clusters of risks as Risks in Focus. As resilience building is helped by the ability to analyse global risks from the perspective of specific stakeholders, the Report also analyses the significance of global risks to the business community at a regional and country-level

Policing Global Hubs: Balancing the Imperatives of Security and Trade

Global hubs such as airports and maritime ports are geographical centers where immense flows converge, and are characterized by speed, time and efficiency in linking local markets and global economic trade networks. Being symbolic infrastructures of capitalism, global hubs may attract criminal exploitation and be exposed to security risks. Drawing on extensive interview material from those involved in Norwegian airport and port security, this article explores how policing agencies experience the balancing of the imperatives of security and trade. It reveals how policing agencies are affected by, and seek to adapt to, the demands for efficiency and speed intrinsic to the trade regime, thereby highlighting the importance of the temporal dimension to understanding the complexities of contemporary security governance.publishedVersio

Cyber-threats against the Norwegian financial sector

Technological development affects most of the industries in the world, and the Norwegian financial sector is no exception. We use our digital tools every day, and these tools make footsteps of personal information. Norway is one of the most digitalized countries, and digitalization has brought new ways of thinking and made the sector more effective. However, this also brings new challenges with new vulnerabilities and risks. All this has made a need for understanding and managing cyber-risk. This thesis investigates how the Norwegian financial sector handles the risk of losing personal information when drawing on cyber-attacks by performing a content analysis based on relevant documents and articles. Discussion and analysis of the dominant documents and articles contribute to achieving the thesis goal of answering the research question. We do this intending to generate awareness of the cyber-risk in the sector when it comes to handling personal information. Additionally, we aim to create an understanding and knowledge base of the topic to understand the development better and be capable of being resilient to this type of risk. The content analysis of cyber-risk and cyber-threat in this thesis reveals that the risk of losing personal information is in constant flux. The reason is compound, but the analysis shows that our main findings can summarize it; Implementation and enactment of complexity in existing material, Speedy development and an arduous environment, and Endorsement of robustness, relicense, and redundancy. We were especially boggled over the neglection of integrating complexity as a risk in both the current NIST-framework and the ISO27001 standard. Also, the rapid development of technology and different types of actors may force the sector to take measures, but the long value chains increase the complexity

Cyber-threats against the Norwegian financial sector

Technological development affects most of the industries in the world, and the Norwegian financial sector is no exception. We use our digital tools every day, and these tools make footsteps of personal information. Norway is one of the most digitalized countries, and digitalization has brought new ways of thinking and made the sector more effective. However, this also brings new challenges with new vulnerabilities and risks. All this has made a need for understanding and managing cyber-risk. This thesis investigates how the Norwegian financial sector handles the risk of losing personal information when drawing on cyber-attacks by performing a content analysis based on relevant documents and articles. Discussion and analysis of the dominant documents and articles contribute to achieving the thesis goal of answering the research question. We do this intending to generate awareness of the cyber-risk in the sector when it comes to handling personal information. Additionally, we aim to create an understanding and knowledge base of the topic to understand the development better and be capable of being resilient to this type of risk. The content analysis of cyber-risk and cyber-threat in this thesis reveals that the risk of losing personal information is in constant flux. The reason is compound, but the analysis shows that our main findings can summarize it; Implementation and enactment of complexity in existing material, Speedy development and an arduous environment, and Endorsement of robustness, relicense, and redundancy. We were especially boggled over the neglection of integrating complexity as a risk in both the current NIST-framework and the ISO27001 standard. Also, the rapid development of technology and different types of actors may force the sector to take measures, but the long value chains increase the complexity

Characterisation framework of key policy, regulatory and governance dynamics and impacts upon European food value chains: Fairer trading practices, food integrity, and sustainability collaborations. : VALUMICS project “Understanding Food Value Chains and Network Dynamics” funded by EU Horizon 2020 G.A. No 727243. Deliverable D3.3

The report provides a framework that categorises the different European Union (EU) policies, laws and governance actions identified as impacting upon food value chains in the defined areas of: fairer trading practices, food integrity (food safety and authenticity), and sustainability collaborations along food value chains. A four-stage framework is presented and illustrated with examples. The evidence shows that European Union policy activity impacting upon food value chain dynamics is increasing, both in terms of the impacts of policies upon the chains, and, in terms of addressing some of the more contentious outcomes of these dynamics. A number of policy priorities are at play in addressing the outcomes of food value chain dynamics. unevenness of the distribution of profit within food value chains, notably to farmers. Regulation of food safety and aspects of authenticity has been a key focus for two decades to ensure a functioning single market while ensuring consumer health and wellbeing. A food chain length perspective has been attempted, notably through regulations such as the General Food Law, and the rationalisation of the Official Controls on food and feed safety. However, there are still gaps in the effective monitoring and transparency of food safety and of food integrity along value chains, as exemplified by misleading claims and criminal fraud. This has led to renewed policy actions over food fraud, in particular. EU regulations, policies and related governance initiatives provide an important framework for national-level actions for EU member states and for EEA members. The more tightly EU-regulated areas, such as food safety, see fewer extra initiatives, but where there is a more general strategic policy and governance push, such as food waste reduction or food fraud, there is greater independent state-level activity. Likewise, there is much more variation in the application of both national and European (Competition) law to govern unfair trading practices impacting upon food value chains. This report presents the findings of a survey of members from the VALUMICS stakeholder platform, that were policy facing food value chain stakeholders across selected European countries, including both EU and EEA Member States. The survey was conducted to check the significance of the main policies identified in the mapping exercise at EU and national levels and so to incorporate the views of stakeholders in the research. The responses suggest the policy concerns identified in EU and national-level research resonate with food value chain stakeholders in participating nations. The report concludes by exploring in more detail how the themes of fairness and of transparency are being handled in the policy activities presented. Highlighted are the ways that both fairness and transparency can be extended within the existing frameworks of EU policy activity. The findings in this report provide an important context for further and detailed research analysis of the workings and dynamics of European food value chains under the VALUMICS project

Preparing for the Future: An Analysis of Norwegian Customs Intelligence Workers’ Perspectives on Intelligence

This study delved into the relationship between risk management and the intelligence operation within the Norwegian Customs, the role of intelligence in border controls, and explores perceptions of intelligence workers within Norwegian Customs concerning the future of intelligence practices. The purpose of the thesis is to examine how intelligence professionals in the Norwegian Customs work and envision intelligence gathering and analysis to develop further and what resources and strategies they believe will be necessary to effectively meet challenges in the future. Firstly, the problems are explained based on background information such as a presentation of the Norwegian Customs Agency, intelligence, the current risk and threat picture in our society, and hybrid threats. Furthermore, theoretical frameworks linked to intelligence and the concepts of risk, characteristics of national security are presented, and various figures such as the intelligence cycle, risk management approach, and the compliance pyramid are included. This study is based on a qualitative method, and to answer the research questions the data was obtained through 5 semi-structured interviews with experts within the intelligence environment in the Customs Agency. After completion, the interviews were transcribed, and thematic analysis was chosen as the method of analysis to interpret the data. Findings in this study reinforce that, as traditionally, risk management and intelligence are separate domains in the Customs Agency. Intelligence workers in the Norwegian Customs characterise the role of intelligence as a help to customs officers to choose the proper objects and goods in controls, as the importance lies in the intelligence’s ability to offer full insight perspectives that go beyond the raw data or other forms of information alone. As the processes to collect, process, and analyse intelligence are strictly confidential, this thesis does not provide any insight into how this takes place in practice. The future perceptions from the experts touch areas such as national security, intelligence work in the future, key characteristics expected from future intelligence workers, collaboration, access to resources, movement of goods, digitalisation, development and technological tools, and the intelligence cycle