Cost benefits of using machine learning features in NIDS for cyber security in UK small medium enterprises (SME)

Cyber security has made an impact and has challenged Small and Medium Enterprises (SMEs) in their approaches towards how they protect and secure data. With an increase in more wired and wireless connections and devices on SME networks, unpredictable malicious activities and interruptions have risen. Finding the harmony between the advancement of technology and costs has always been a balancing act particularly in convincing the finance directors of these SMEs to invest in capital towards their IT infrastructure. This paper looks at various devices that currently are in the market to detect intrusions and look at how these devices handle prevention strategies for SMEs in their working environment both at home and in the office, in terms of their credibility in handling zero-day attacks against the costs of achieving so. The experiment was set up during the 2020 pandemic referred to as COVID-19 when the world experienced an unprecedented event of large scale. The operational working environment of SMEs reflected the context when the UK went into lockdown. Pre-pandemic would have seen this experiment take full control within an operational office environment; however, COVID-19 times has pushed us into a corner to evaluate every aspect of cybersecurity from the office and keeping the data safe within the home environment. The devices chosen for this experiment were OpenSource such as SNORT and pfSense to detect activities within the home environment, and Cisco, a commercial device, set up within an SME network. All three devices operated in a live environment within the SME network structure with employees being both at home and in the office. All three devices were observed from the rules they displayed, their costs and machine learning techniques integrated within them. The results revealed these aspects to be important in how they identified zero-day attacks. The findings showed that OpenSource devices whilst free to download, required a high level of expertise in personnel to implement and embed machine learning rules into the business solution even for staff working from home. However, when using Cisco, the price reflected the buy-in into this expertise and Cisco’s mainframe network, to give up-to-date information on cyber-attacks. The requirements of the UK General Data Protection Regulations Act (GDPR) were also acknowledged as part of the broader framework of the study. Machine learning techniques such as anomaly-based intrusions did show better detection through a commercially subscription-based model for support from Cisco compared to that of the OpenSource model which required internal expertise in machine learning. A cost model was used to compare the outcome of SMEs’ decision making, in getting the right framework in place in securing their data. In conclusion, finding a balance between IT expertise and costs of products that are able to help SMEs protect and secure their data will benefit the SMEs from using a more intelligent controlled environment with applied machine learning techniques, and not compromising on costs.</p

Detection and Minimization of Malware by Implementing AI in SMEs

The malware can threaten personal privacy by opening backdoors for attackers to access user passwords, IP addresses, banking information, and other personal data, whilst some malware extracts personal data and sends them to people unknown to the users. In this chapter, the authors will present recent case studies and discuss the privacy and security threats associated with different types of malwares. The small medium enterprises (SMEs) have a unique working model forming the backbone of the UK economy and malware affects SMEs’ organizations. Also, the use of Artificial Intelligence (AI) as both an offense and defense mechanism, for the hacker, and the end user will be investigated further. In conclusion, finding a balance between IT expertise and the costs of products that are able to help SMEs protect and secure their data will benefit the SMEs by using a more intelligent controlled environment with applied machine learning techniques and not compromising on costs will be discussed

Exploration of the Impact of Cybersecurity Awareness on Small and Medium Enterprises (SMEs) in Wales Using Intelligent Software to Combat Cybercrime

Intelligent software packages have become fast-growing in popularity for large businesses in both developed and developing countries, due to their higher availability in detecting and preventing cybercrime. However, small and medium enterprises (SMEs) are showing prominent gaps in this adoption due to their level of awareness and knowledge towards cyber security and the security mindset. This is due to their priority of running their businesses over requiring using the right technology in protecting their data. This study explored how SMEs in Wales are handling cybercrime and managing their daily online activities the best they can, in keeping their data safe in tackling cyber threats. The sample collected consisted of 122 Welsh SME respondents in a collection of data through a survey questionnaire. The results and findings showed that there were large gaps in the awareness and knowledge of using intelligent software, in particular the uses of machine learning integration within their technology to track and combat complex cybercrime that perhaps would have been missed by standard cyber security software packages. The study&rsquo;s findings showed that only 30% of the sampled SMEs understood the terminology of cyber security. The awareness of machine learning and its algorithms was also questioned in the implementation of their cyber security software packages. The study further highlighted that Welsh SMEs were unaware of what this software could do to protect their data. The findings in this paper also showed that various elements such as education and the size of SME made an impact on their choices for the right software packages being implemented, compared to elements such as age, gender, role and being a decision maker, having no impact on these choices. The study finally shares the investigations of various SME strategies to help understand the risks, and to be able to plan for future contingencies and preparation in keeping data safe and secure for the future

Machine Learning Cybersecurity Adoption in Small and Medium Enterprises in Developed Countries

In many developed countries, the usage of artificial intelligence (AI) and machine learning (ML) has become important in paving the future path in how data is managed and secured in the small and medium enterprises (SMEs) sector. SMEs in these developed countries have created their own cyber regimes around AI and ML. This knowledge is tested daily in how these countries’ SMEs run their businesses and identify threats and attacks, based on the support structure of the individual country. Based on recent changes to the UK General Data Protection Regulation (GDPR), Brexit, and ISO standards requirements, machine learning cybersecurity (MLCS) adoption in the UK SME market has become prevalent and a good example to lean on, amongst other developed nations. Whilst MLCS has been successfully applied in many applications, including network intrusion detection systems (NIDs) worldwide, there is still a gap in the rate of adoption of MLCS techniques for UK SMEs. Other developed countries such as Spain and Australia also fall into this category, and similarities and differences to MLCS adoptions are discussed. Applications of how MLCS is applied within these SME industries are also explored. The paper investigates, using quantitative and qualitative methods, the challenges to adopting MLCS in the SME ecosystem, and how operations are managed to promote business growth. Much like security guards and policing in the real world, the virtual world is now calling on MLCS techniques to be embedded like secret service covert operations to protect data being distributed by the millions into cyberspace. This paper will use existing global research from multiple disciplines to identify gaps and opportunities for UK SME small business cyber security. This paper will also highlight barriers and reasons for low adoption rates of MLCS in SMEs and compare success stories of larger companies implementing MLCS. The methodology uses structured quantitative and qualitative survey questionnaires, distributed across an extensive participation pool directed to the SMEs’ management and technical and non-technical professionals using stratify methods. Based on the analysis and findings, this study reveals that from the primary data obtained, SMEs have the appropriate cybersecurity packages in place but are not fully aware of their potential. Secondary data collection was run in parallel to better understand how these barriers and challenges emerged, and why the rate of adoption of MLCS was very low. The paper draws the conclusion that help through government policies and processes coupled together with collaboration could minimize cyber threats in combatting hackers and malicious actors in trying to stay ahead of the game. These aspirations can be reached by ensuring that those involved have been well trained and understand the importance of communication when applying appropriate safety processes and procedures. This paper also highlights important funding gaps that could help raise cyber security awareness in the form of grants, subsidies, and financial assistance through various public sector policies and training. Lastly, SMEs’ lack of understanding of risks and impacts of cybercrime could lead to conflicting messages between cross-company IT and cybersecurity rules. Trying to find the right balance between this risk and impact, versus productivity impact and costs, could lead to UK SMES getting over these hurdles in this cyberspace in the quest for promoting the usage of MLCS. UK and Wales governments can use the research conducted in this paper to inform and adapt their policies to help UK SMEs become more secure from cyber-attacks and compare them to other developed countries also on the same future path

Exploration of the Impact of Cybersecurity Awareness on Small and Medium Enterprises (SMEs) in Wales Using Intelligent Software to Combat Cybercrime

Intelligent software packages have become fast-growing in popularity for large businesses in both developed and developing countries, due to their higher availability in detecting and preventing cybercrime. However, small and medium enterprises (SMEs) are showing prominent gaps in this adoption due to their level of awareness and knowledge towards cyber security and the security mindset. This is due to their priority of running their businesses over requiring using the right technology in protecting their data. This study explored how SMEs in Wales are handling cybercrime and managing their daily online activities the best they can, in keeping their data safe in tackling cyber threats. The sample collected consisted of 122 Welsh SME respondents in a collection of data through a survey questionnaire. The results and findings showed that there were large gaps in the awareness and knowledge of using intelligent software, in particular the uses of machine learning integration within their technology to track and combat complex cybercrime that perhaps would have been missed by standard cyber security software packages. The study’s findings showed that only 30% of the sampled SMEs understood the terminology of cyber security. The awareness of machine learning and its algorithms was also questioned in the implementation of their cyber security software packages. The study further highlighted that Welsh SMEs were unaware of what this software could do to protect their data. The findings in this paper also showed that various elements such as education and the size of SME made an impact on their choices for the right software packages being implemented, compared to elements such as age, gender, role and being a decision maker, having no impact on these choices. The study finally shares the investigations of various SME strategies to help understand the risks, and to be able to plan for future contingencies and preparation in keeping data safe and secure for the future

Perspective of small and medium enterprise (SME's) and their relationship with government in overcoming cybersecurity challenges and barriers in Wales

Small and medium enterprises (SMEs) have adapted their working methods in response to cyber threats, including security checks on internet-connected devices and securing social media accounts. To safeguard their data, SMEs are increasingly adopting intelligent software packages, despite the additional costs and need for skilled personnel. This study examines the perspectives of SMEs in Wales regarding their collaboration with the government to overcome cybersecurity challenges. Through qualitative research involving 34 SMEs, the study explores current cybersecurity practices, challenges faced, and interactions with government agencies. Wales, with its thriving economy and significant number of SMEs, provides a suitable context for the research. The findings will shed light on barriers and challenges encountered by SMEs in implementing effective cybersecurity measures, while also examining their perceptions of government agency involvement. By contributing insights to SME cybersecurity and government policy, the study aims to enhance government initiatives in supporting SMEs to tackle cybersecurity challenges effectively

Enhancing Cyber Security Governance and Policy for SMEs in Industry 5.0: A Comparative Study between Saudi Arabia and the United Kingdom

The emergence of Industry 5.0 has revolutionized technology by integrating physical systems with digital networks. These advancements have also led to an increase in cyber threats, posing significant risks, particularly for small and medium-sized enterprises (SMEs). This research investigates the resistance of SMEs in Saudi Arabia and the United Kingdom (UK) to cyber security measures within the context of Industry 5.0, with a specific focus on governance and policy. It explores the cultural and economic factors contributing to this resistance, such as limited awareness of cyber security risks, financial constraints, and competing business priorities. Additionally, the study examines the role of government policies and regulations in promoting cyber security practices among SMEs and compares the approaches adopted by Saudi Arabia and the UK. By employing a mixed methods analysis, including interviews with SME owners and experts, the research highlights challenges and opportunities for improving cyber security governance and policy in both countries. The findings emphasize the need for tailored solutions due to the differing cultural and economic contexts between Saudi Arabia and the UK. Specifically, the study delves into the awareness and implementation of cyber security measures, focusing on SMEs in Saudi Arabia and their adherence to the Essential Cyber Security Controls (ECC-1:2018) guidelines. Furthermore, it examines the existing cyber security awareness practices and compliance in the UK, while also comparing official guidance documents aimed at supporting SMEs in achieving better cyber security practices. Based on the analysis, greater engagement with these documents is recommended in both countries to foster awareness, confidence, and compliance among SMEs, ultimately enhancing their cyber security posture. This paper offers a comparative research study on governance and policy between Saudi Arabia and the UK, presenting a set of recommendations to strengthen cyber security awareness and education, fortify regulatory frameworks, and foster public–private partnerships to combat cyber security threats in the Industry 5.0 landscape