Cybersecurity in small and medium-sized enterprises

As technology is evolving so is the cybercrime, there are new tools and techniques for cyberattacks being developed continuously (Bendovschi, 2015, p. 24). Every business, no matter what size it is, faces some form of digital threat every day. Without knowledge about these threats a business can very quickly find itself in a tough situation with consequences that can shut down a business for good in a matter of hours. The digitalization has progressed quickly and may have created room for threats that we don’t necessarily have control over. A couple of very simple cybersecurity measures can sometimes be a deciding factor in preventing a cyberattack. The aim of this thesis is to discover how significant the cybersecurity risks are for SMEs (small and medium-sized enterprises), whether the SMEs are aware of these risks, and to present a framework which can help SMEs incorporate a strategy to manage cybersecurity risks. The most common causes of a successful cyberattack in SME sector are based around not having enough competence or technical tools in this field. Not only does successful cyberattack affect a business financially, but usually also comes with reputational damage if the case of a cyberattack was to go public. In addition, through the eyes of cyber criminals SMEs are seen as an easy target since attacking these organization brings in hardly any attention of media or law enforcement. The SMEs are therefore completely on their own in this battle, and therefore need to take responsibility themselves instead of allowing their “fate to rest on someone else’s hands”. There can be seen a slight increase in awareness towards cybersecurity risks, but not nearly as much as it should be considering how impactful these risks can be. It is very difficult to say for sure what the reason behind it is, but it seems that the lack of “talk” about successful cyberattacks in the business world contributes to it greatly. But on the other hand, it is understandable that businesses won’t go public with information about being targeted by cyber criminals since everyone wants to keep their reputation intact. This thesis offers a framework which SMEs can use to build a resilient system against cybersecurity risks. The framework that is presented also addresses the challenge most SMEs have which is very limited resources to devote to cybersecurity. Therefore this framework offers a simple process which can benefit an organization significantly. The framework incorporates risk science and is inspired by an international standard for information security management and emphasizes three key points which can point an organization in the right direction: risk assessment, leadership, and employee awareness and training

Challenges of rapid migration to fully virtual education in the age of the Corona virus pandemic: experiences from across the world

The social disruption caused by the sudden eruption of the Corona Virus pandemic has shaken the whole world, influencing all levels of education immensely. Notwithstanding there was a lack of preparedness for this global public health emergency which continues to affect all aspects of work and life. The problem is, naturally, multifaceted, fast evolving and complex, affecting everyone, threatening our well-being, the global economy, the environment and all societal and cultural norms and our everyday activities. In a recent UNESCO report it is noted that nearly a billion and a quarter (which is 67,7 % of the total number) of learners have been affected by the Corona Virus pandemic worldwide. The education sector at all levels has been one of the hardest hit sectors particularly as the academic/school year was in full swing. The impact of the pandemic is widespread, representing a health hazard worldwide. Being such, it profoundly affects society as a whole, and its members that are, in particular, i) individuals (the learners, their parents, educators, support staff), ii) schools, training organisations, pedagogical institutions and education systems, iii) quickly transformed policies, methods and pedagogies to serve the newly appeared needs of the latter. Lengthy developments of such scale usually take years of consultation, strategic planning and implementation. In addition to raising awareness across the population of the dangers of the virus transmission and instigating total lockdown, it has been necessary to develop mechanisms for continuing the delivery of education as well as demanding mechanisms for assuring the quality of the educational experience and educational results. There is often scepticism about securing quality standards in such a fast moving situation. Often in the recent past, the perception was that courses and degrees leading to an award are inferior if the course modules (and sometimes its assessment components) were wholly online. Over the last three decades most Higher Education institutions developed both considerable infrastructure and knowhow enabling distance mode delivery schools (Primary and Secondary) had hardly any necessary infrastructure nor adequate knowhow for enabling virtual education. In addition, community education and various training providers were mainly delivered face-to-face and that had to either stop altogether or rapidly convert materials, exercises and tests for online delivery and testing. A high degree of flexibility and commitment was demanded of all involved and particularly from the educators, who undertook to produce new educational materials in order to provide online support to pupils and students. Apart from the delivery mode of education, which is serving for certificated programmes, it is essential to ensure that learners’ needs are thoroughly and continuously addressed and are efficiently supported throughout the Coronavirus or any other future lockdown. The latter can be originated by various causes and reasons that vary in nature, such as natural or socioeconomical. Readiness, thus, in addition to preparedness, is the primary key question and solution when it comes to quality education for any lockdown. In most countries, the compulsory primary and secondary education sectors have been facing a more difficult challenge than that faced by Higher Education. The poor or in many cases non-existent technological infrastructure and low technological expertise of the teachers, instructors and parents, make the delivery of virtual education difficult or even impossible. The latter, coupled with phenomena such as social exclusion and digital divide where thousands of households do not have adequate access to broadband Internet, Wi-Fi infrastructure and personal computers hamper the promising and strenuous virtual solutions. The shockwaves of the sudden demands on all sectors of society and on individuals required rapid decisions and actions. We will not attempt to answer the question “Why was the world unprepared for the onslaught of the Coronavirus pandemic” but need to ascertain the level of preparedness and readiness particularly of the education sector, to effect the required rapid transition. We aimed to identify the challenges, and problems faced by the educators and their institutions. Through first-hand experiences we also identify best practices and solutions reached. Thus we constructed a questionnaire to gather our own responses but also experiences from colleagues and members of our environment, family, friends, and colleagues. This paper reports the first-hand experiences and knowledge of 33 co-authors from 27 institutions and from 13 different countries from Europe, Asia, and Africa. The communication technologies and development platforms used are identified; the challenges faced as well as solutions and best practices are reported. The findings are consolidated into the four areas explored i.e. Development Platforms, Communications Technologies, Challenges/Problems and Solutions/Best Practices. The conclusion summarises the findings into emerging themes and similarities. Reflections on the lasting impact of the effect of Coronavirus on education, limitations of study, and indications of future work complete the paper

Cyber Situational Awareness and Cyber Curiosity Taxonomy for Understanding Susceptibility of Social Engineering Attacks in the Maritime Industry

The maritime information system (IS) user has to be prepared to deal with a potential safety and environmental risk that can be caused by an unanticipated failure to a cyber system used onboard a vessel. A hacker leveraging a maritime IS user’s Cyber Curiosity can lead to a successful cyber-attack by enticing a user to click on a malicious Web link sent through an email and/or posted on a social media website. At worst, a successful cyber-attack can impact the integrity of a ship’s cyber systems potentially causing disruption or human harm. A lack of awareness of social engineering attacks can increase the susceptibility of a successful cyber-attack against any organization. A combination of limited cyber situational awareness (SA) of social engineering attacks used against IS users and the user’s natural curiosity create significant threats to organizations. The theoretical framework for this research study consists of four interrelated constructs and theories: social engineering, Cyber Curiosity, Cyber Situational Awareness, and activity theory. This study focused its investigation on two constructs, Cyber Situational Awareness and Cyber Curiosity. These constructs reflect user behavior and decision-making associated with being a victim of a social engineering cyber-attack. This study designed an interactive Web-based experiment to measure an IS user’s Cyber Situational Awareness and Cyber Curiosity to further understand the relationship between these two constructs in the context of cyber risk to organizations. The quantitative and qualitative data analysis from the experiment consisting of 174 IS users (120 maritime & 54 shoreside) were used to empirically assess if there are any significant differences in the maritime IS user’s level of Cyber SA, Cyber Curiosity, and position in the developed Cyber Risk taxonomy when controlled for demographic indicators. To ensure validity and reliability of the proposed measures and the experimental procedures, a panel of nine subject matter experts (SMEs) reviewed the proposed measures/scores of Cyber SA and Cyber Curiosity. The SMEs’ responses were incorporated into the proposed measures and scores including the Web-based experiment. Furthermore, a pilot test was conducted of the Web-based experiment to assess measures of Cyber SA and Cyber Curiosity. This research validated that the developed Cyber Risk taxonomy could be used to assess the susceptibility of an IS user being a victim of a social engineering attack. Identifying a possible link in how both Cyber SA and Cyber Curiosity can help predict the susceptibility of a social engineering attack can be beneficial to the IS research community. In addition, potentially reducing the likelihood of an IS user being a victim of a cyber-attack by identifying factors that improve Cyber SA can reduce risks to organizations. The discussions and implications for future research opportunities are provided to aid the maritime cybersecurity research and practice communities

Blockchain potential and disruptors for South Africa towards 2030

Blockchain (also called distributed ledger technology), the technology that underpins cryptocurrencies, is resulting in a new era of openness, decentralisation and global inclusion (World Economic Forum, 2017). Blockchain technology is set to complement another emerging field or group of technologies which are collectively defined as the Fourth Industrial Revolution. This revolution is characterised by a “range of new technologies that are blending the physical, digital and biological worlds, impacting all disciplines, economies and industries, and even challenging ideas about what it means to be human” (World Economic Forum, 2017). Certain features of Blockchain technology namely; decentralisation, implied anonymity, transparency and immutability presents people with a technology that may well transform business models and indeed entire industries in the world and in South Africa. Some of these industries are explored further in this research, delving into ideas of how Blockchains may add value to them. This research effort approaches Blockchain technology from a future studies perspective, and assesses whether South Africa is ready to embrace the technology. The research also explores what South African stakeholders can do to be better prepared for expected disruptors and opportunities that the technology will bring. South Africa is seen as a developing nation in the global context and can well benefit from strategic use of emerging technologies such as Blockchain. This research effort will implement Inayatullah’s (2008) six pillars methodology, incorporating the various tools and methodologies within each pillar, in an effort to describe and present possible future scenarios for Blockchains in South Africa. This insight will be used to provide well thought out strategic recommendations for South Africa to prepare for adoption of Blockchain technologies, which could ultimately provide a competitive advantage for the country in the global marketplace

Risk Management Framework 2.0

The quantification of risk has received a great deal of attention in recently published literature, and there is an opportunity for the DoD to take advantage of what information is currently available to fundamentally improve on current risk assessment and management processes. The critical elements absent in the current process are the objective assessment of likelihood as part of the whole risk scenario and a visual representation or acknowledgement of uncertainty. A proposed framework would incorporate selected elements of multiple theories and axiomatic approaches in order to: (1) simultaneously examine multiple objectives of the organization, (2) limit bias and subjectivity during the assessment process by converting subjective risk contributors into quantitative values using tools that measure the attack surface and adversarial effort, (3) present likelihood and impact as real-time objective variables that reflect the state of the organization and are grounded on sound mathematical and scientific principles, (4) aggregate and function organization-wide (strategic, operational, and tactical) with maximum transparency, (5) achieve greater representation of the real scenario and strive to model future scenarios, (6) adapt to the preferred granularity, dimensions, and discovery of the decision maker, and (7) improve the decision maker’s ability to select the most optimal alternative by reducing the decision to rational logic. The proposed solution is what I term Risk Management Framework 2.0 , and the expected results of this modernized framework are reduced complexity, improved optimization, and more effective management of risk within the organization. This study introduces a Decision Support System (DSS) concept to aid implementation, maximize transparency and cross-level communication, and keep members operating within the bounds of the proposed framework

South American Expert Roundtable : increasing adaptive governance capacity for coping with unintended side effects of digital transformation

This paper presents the main messages of a South American expert roundtable (ERT) on the unintended side effects (unseens) of digital transformation. The input of the ERT comprised 39 propositions from 20 experts representing 11 different perspectives. The two-day ERT discussed the main drivers and challenges as well as vulnerabilities or unseens and provided suggestions for: (i) the mechanisms underlying major unseens; (ii) understanding possible ways in which rebound effects of digital transformation may become the subject of overarching research in three main categories of impact: development factors, society, and individuals; and (iii) a set of potential action domains for transdisciplinary follow-up processes, including a case study in Brazil. A content analysis of the propositions and related mechanisms provided insights in the genesis of unseens by identifying 15 interrelated causal mechanisms related to critical issues/concerns. Additionally, a cluster analysis (CLA) was applied to structure the challenges and critical developments in South America. The discussion elaborated the genesis, dynamics, and impacts of (groups of) unseens such as the digital divide (that affects most countries that are not included in the development of digital business, management, production, etc. tools) or the challenge of restructuring small- and medium-sized enterprises (whose service is digitally substituted by digital devices). We identify specific issues and effects (for most South American countries) such as lack of governmental structure, challenging geographical structures (e.g., inclusion in high-performance transmission power), or the digital readiness of (wide parts) of society. One scientific contribution of the paper is related to the presented methodology that provides insights into the phenomena, the causal chains underlying “wanted/positive” and “unwanted/negative” effects, and the processes and mechanisms of societal changes caused by digitalization