Cybersecurity Strategies for SMEs in the Nordic Baltic Region
DOI:
https://doi.org/10.13052/jcsm2245-1439.1161Keywords:
Cybersecurity, Small and Medium Sized Companies (SMEs), Nordic Baltic Region, NIST Framework, Change ManagementAbstract
Cybercrime has become the most widespread kind of economic fraud and is a serious challenge for businesses around the world. The topic of this paper is how SMEs in the Nordic Baltic Region should face this challenge. Possible technical and organisational tasks to be performed by SMEs in order to ensure cybersecurity of their business are analysed. The paper looks at the different types of hackers and their motives. On this background, current cyberthreats and corresponding security measures are presented. It is concluded that awareness, training, and financial incentives are all important elements in defining a cybersecurity strategy for SMEs. The paper is based on research made in the DINNOCAP project funded by EU regional funds.
Downloads
References
PwC, “PwC’s Global Economic Crime and Fraud Survey 2022,” PwC, 2022.
M. Heidt, J. P. Gerlach and P. Buxmann, “Investigating the security divide between SME and large companies: How SME characteristics influence organizational IT security investments,” Information Systems Frontiers, pp. 1285–1305, 21(6) 2019.
“JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL The EU’s Cybersecurity Strategy for the Digital Decade, Join(2020)18,” 2020.
“NIS2 Directive,” 16 Dec. 2020. [Online]. Available: https://eur-lex.europa.eu/resource.html?uri=cellar:be0b5038-3fa8-11eb-b27b-01aa75ed71a1.0001.02/DOC_1&format=PDF.
Danish Business Authority, “Digital sikkerhed i danske SMV’er (Digital Security in Danish SMEs,” Danish Business Authority, Copenhagen, 2021.
A. Horn, “Why cybersecurity should be a top concern for middle-market companies,” SmallBizDaily, 2017.
T. Tam, A. Rao and J. Hall, “The good, the bad and the missing: A Narrative review of cyber-security implications for australian small businesses,” Computers & Security, 109, 102385. 2021.
“DINNOCAP,” [Online]. Available: https://www.diginnobsr.eu/dinnocap.
M. Lezzi, M. Lazoi and A. Corallo, “Cybersecurity for Industry 4.0 in the current literature: A reference framework.,” Computers in Industry, pp. 97–110, 2018.
A. Sarri, V. Paggio and G. Bafoutsou, “CYBERSECURITY FOR SMES – Challenges and Recommendations,” European Union Agency for Cybersecurity, ENISA, Heraklion, Greece, 2021.
European Commission, “EUROSTAT,” Brussels, 2022.
C. Paulsen and P. Toth, “Small Business Information Security: The Fundamentals. NISTIR 7621 Revision 1,” NIST, 2016.
“14 Types of Hackers to Watch Out For,” 10 5 2022. [Online]. Available: https://www.pandasecurity.com/en/mediacenter/security/14-types-of-hackers-to-watch-out-for/.
S. L. Hald and J. M. Pedersen, “An updated taxonomy for characterizing hackers according to their threat properties.,” in In 2012 14th International Conference on Advanced Communication Technology (ICACT), IEEE, 2012, pp. 81–86.
S. Chng, H. Y. Lu, A. Kumar and D. Yau, “Hacker types, motivations and strategies: A comprehensive framework.,” Computers in Human Behavior Reports, 5, 100167. 2022.
J. M. Pedersen, Writer, Teaching material. [Performance]. 2022.
“ENISA threat landscape 2021,” ENISA, 2021.
ENISA, “Guidelines for SMEs on the security of personal data,” ENISA, 2016.
“Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1,” 16 April 2018. [Online]. Available: https://www.nist.gov/cyberframework.
OECD, “OECD Policy Responses to Coronavirus (COVID-19): Teleworking in the COVID-19 pandemic: Trends and prospects,” OECD, 2021.
“Digital sikkerhed i danske SMV’er (in Danish),” Danish Business Authority, 2021.
DIGITAL SME Alliance 2020, “. European Digital SME alliance 2020. The EU cyber security Act and the role of standards for SMEs- Position paper. Technical report.,” Brussels.
M. van Haastrecht, I. Sarhan, A. Shojaifar, L. Baumgartner, W. Mallouli and M. Spruit, “A Threat-Based Cybersecurity Risk Assessment Approach Addressing SME Needs,” in The 16th International Conference on Availability, Reliability and Security, 2021.
T. H. Davenport, Process innovation: reengineering work through information technology, Harvard Business Press, 1993.
M. Hammer and J. Champy, Business process reengineering, London: Nicholas Brealey, 1993.
W. A. Aziz, “Business process reengineering impact on SMEs operations: evidences from GCC region,” International Journal of Services and Operations Management, pp. 545–562, 33(4) 2019.
E. I. Edoun, G. B. Fotso and C. Mbohwa, “Business Process Reengineering: An Evaluation of Soft versus Hard,” in Proceedings of the 2018 International Conference on Internet and e-Business, 2018, pp. 90–93.
D. Chaffey, E-business &E-commerce Managemnt, London: Prentice Hall, 2011.
C. Ponsard, J. Grandclaudon and S. Bal, “Survey and Lessons Learned on Raising SME Awareness about Cybersecurity,” ICISSP, pp. 558–563.
B. J. Galli, “Change management models: A comparative analysis and concerns,” IEEE Engineering Management Review, pp. 124–132, 46(3) 2018.
J. Stouten, D. M. Rousseau and D. De Cremer, “Successful organizational change: Integrating the management practice and scholarly literatures,” Academy of Management Annals, pp. 752–788, 12(2) 2018.
K. Lewin, Field theory in social change, New York, NY, USA : Harper & Row, 1951.
J. P. Kotter, Leading change, Cambridge, MA, USA: Harvard Business, 1996.
J. M. Hiatt, Employees Survival Guide to Change: The Complete Guide To Surviving and Thriving During Organizational Change, Loveland, CO, USA: Prosci Research, 2013.
European Commission, New EU Cybersecurity Strategy and new rules to make physical and digital critical entities more resilient, Brussels, 2020.
M. Benz and D. Chatterjee, “ Calculated risk? A cybersecurity evaluation tool for SMEs,” Business Horizons, pp. 531–540, 63(4) 2020.
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Journal of Cyber Security and Mobility
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
