What have researchers learned about the cybersecurity threats faced by small businesses in the ? digital age, and what effective strategies can be employed to mitigate these thr

Research Articles

2023 Basel,Switzerland

2023 Istanbul,Turkey

Bada, Maria: Nurse, Jason 2019 Bingley,United Kingdom

News articles and websites

Who wrote it? rationale for inclusion

WHO conducted the research (authors of article)

WHEN year research was conducted (within last 10 years)

WHERE the research was conducted

WHY was the research conducted

Lucian Florin Ilca: Ogrutan Petre Lucian: Titus Constantin Balan

The research was conducted to address the evolving challenges in the cyber environment and enhance security incident response for modern institutions. It focused on developing effective strategies, methodologies, and a novel solution, emphasizing the identification and management of emerging attack vectors, particularly malicious binaries. The goal was to equip institutions, especially small and medium- sized enterprises (SMEs), with affordable and adaptable security infrastructure. The proposed solution leveraged open-source technologies, a Dockerized infrastructure, and automation to streamline security operations, aiming to improve malware detection, incident response, and overall cybersecurity for SMEs.

Masilela,Lucia Nel-Sanders,Danielle

to contextualise the study and practice of cyber threat intelligence at the national sphere of government in the South African public sector

The research aimed to enhance cybersecurity incident response in modern institutions, focusing on adapting to new attack vectors, especially those involving malicious binaries. It proposes an open-source solution, utilizing technologies like Docker and automation, tailored for small and medium-sized enterprises (SMEs). The solution serves as a proactive Security Operations Centre, showcasing integrated open- source tools for efficient malware detection. Practical demonstrations and a comparative study assess the solution's effectiveness. Ultimately, the research provides SMEs with an affordable, adaptable, and automated security infrastructure to fortify defenses against evolving cyber threats.

Research Articles

News articles and websites

HOW the research was conducted (NAME the METHODOLO-GY)

HOW the research was conducted (DESCRIBE the PROCESS)

WHAT the reseachers learned – results

Link to article

The research employed a Docker-based approach, configuring two servers to enhance network security. The primary server integrated essential tools such as Wazuh, TheHive, Cortex, n8n, Cuckoo Sandbox, and MISP for SIEM, XDR, EDR, and SIRP functionalities. FleetDM with OsQuery served as the threat- hunting module, while Telegraf, InfluxDB, and Grafana provided monitoring capabilities. The secondary server, functioning as a firewall with OpnSense, incorporated CrowdSec for behavioral analysis. The solution automated processes using n8n and integrated Cuckoo Sandbox for analyzing potentially malicious files. This comprehensive framework aims to improve detection capabilities, streamline incident response, and strengthen overall security posture.

The research focused on addressing challenges in malware detection, considering the evolving nature of malware and the overwhelming sample volume. It proposed an anti-emerging threat solution employing advanced technologies like behavior-based analysis, machine learning, and threat intelligence. The study utilized Docker for system virtualization and deployed a multi- layered architecture. The primary server incorporated Wazuh, TheHive, Cortex, and MISP for SIEM and SIRP functionalities. OpnSense and CrowdSec in the secondary server served as a firewall with behavioral analysis. The flow involved malware delivery, traffic analysis, central analysis, IoC sharing, and further analysis using tools like Cuckoo Sandbox. The research aimed to proactively detect, mitigate, and respond to emerging threats effectively.

The researchers aimed to comprehensively investigate and test the proposed solution by creating a secure environment with containerized applications deployed on servers. This environment, designed to emulate sophisticated malware-targeting networks, involved VirtualBox, VMCloak, Docker, and other services. Malware samples from diverse sources were obtained and validated using the proposed system, referencing online databases like Malware Bazaar. The researchers learned that the solution effectively contained and analyzed malware files, providing crucial capabilities for digital forensics and security. The environment allowed controlled testing, ensuring the authenticity and validation of malware samples before analysis. https://www.proquest.com/abicomplete/docview/2849111014/fulltext/CE53EC9920B841D2PQ/1?accountid=41012&sourcetype=Scholarly%20Journals

The research adopted a qualitative approach, utilizing semi-structured interviews with 29 questions categorized into four sections to explore cybersecurity practices in government senior management. The study focused on the ministries of energy, science and technology, and environmental affairs, interviewing fourteen skilled participants. Sampling methods included snowball and purposive sampling. Data analysis employed the Threat Intelligence Lifecycle, a six-step process in cyber threat intelligence, serving as an analytical framework to thematize the dataset. Thematic analysis was applied to identify relevant classifications, themes, and patterns. Findings were presented thematically based on the Threat Intelligence Lifecycle analysis, offering in-depth insights into the institutionalized cybersecurity measures within government departments from the perspective of senior management.

The research adopted a systematic approach through the six-step Threat Intelligence Lifecycle. The process began with Planning and Direction, involving targeted questioning aligned with cybersecurity issues. Data Collection followed, sourcing information internally and externally. The third step, Processing, focused on meticulous data organization and validation. Analysis informed cybersecurity personnel about threats and risks. Dissemination involved sharing intelligence with a tracked audience. The Feedback step closed the cycle, offering constructive insights for continuous improvement. This structured process ensured a comprehensive understanding and analysis of cybersecurity practices within government senior management.

The research has yielded comprehensive insights into cybersecurity practices within government senior management. By employing a qualitative approach and utilizing the Threat Intelligence Lifecycle, the study systematically identified, analyzed, and understood cybersecurity measures against cyber threats. One-on-one interviews with senior officials from relevant ministries, using snowball and purposive sampling, ensured diverse and skilled perspectives. Thematic analysis based on the Threat Intelligence Lifecycle provided a structured understanding of planning, collection, processing, analysis, dissemination, and feedback. The findings contribute practical insights for enhancing current and future cybersecurity practices and principles in government departments. https://www.proquest.com/abicomplete/docview/2242758081/abstract/F417C51747274A1CPQ/22?accountid=41012&sourcetype=Scholarly%20Journals

The research methodology comprised three main phases. Firstly, a scoping review technique was used for a literature review, focusing on cybersecurity awareness and education initiatives for SMEs. Secondly, a case study approach was employed, specifically utilizing a user-based study to evaluate the strengths and weaknesses of the London Digital Security Centre (LDSC) as a practitioner-based security awareness program. Lastly, the research leveraged insights from the literature review and LDSC case study to develop a high- level program for cybersecurity education and awareness for SMEs, incorporating best practices from research and industry.

The research was conducted through a three- phase approach. The initial phase involved a scoping review technique for a literature review, examining articles and reports from May 2018 to February 2019 through databases like Science Direct, Scopus, Google Scholar, IEEE, ACM, and general web searches. The focus was on cybersecurity awareness, education, and training initiatives for SMEs, using preset inclusion and exclusion criteria. The second phase comprised a case study of the London Digital Security Centre (LDSC), adopting a user-based study to assess LDSC's strengths and weaknesses in offering cybersecurity support to SMEs in London. The final phase utilized insights from the literature review and LDSC case study to outline a high- level program for cybersecurity education and awareness for SMEs, integrating best practices from both research and industry. This comprehensive approach aimed to address the challenges faced by SMEs in security awareness and education, combining theoretical insights, practical observations, and program development.

The research review examined 36 articles and reports focused on cybersecurity awareness, education, and training for SMEs. Key findings highlight the importance of fostering good security behavior in SMEs through the development of a strong security culture. Challenges include reaching SMEs, particularly business owners immersed in day-to-day operations. Influencing factors for security behavior encompass individual knowledge, skills, and experiences. Global initiatives, such as the UK's Cyber Essentials and the US Stop.Think.Connect campaign, aim to support SME cybersecurity. Academic perspectives underscore asset/harm-based security approaches and tailored tools for understanding technical security postures. The importance of holistic, relevant approaches considering SMEs' limited resources is emphasized, with a need for effective measurement of awareness program effectiveness. Overall, the findings stress the significance of tailored and holistic cybersecurity strategies for SMEs, acknowledging their unique challenges and resource limitations. https://www.proquest.com/abicomplete/docview/2242758081/fulltext/94B31057B89F486BPQ/1?accountid=41012&sourcetype=Scholarly%20Journals

When was the article written (within the last 5 years)

Link to article/site

Research Articles

2023 Basel,Switzerland

2023 Istanbul,Turkey

Bada, Maria: Nurse, Jason 2019 Bingley,United Kingdom

News articles and websites

Who wrote it? rationale for inclusion

WHO conducted the research (authors of article)

WHEN year research was conducted (within last 10 years)

WHERE the research was conducted

WHY was the research conducted

Lucian Florin Ilca: Ogrutan Petre Lucian: Titus Constantin Balan

The research was conducted to address the evolving challenges in the cyber environment and enhance security incident response for modern institutions. It focused on developing effective strategies, methodologies, and a novel solution, emphasizing the identification and management of emerging attack vectors, particularly malicious binaries. The goal was to equip institutions, especially small and medium- sized enterprises (SMEs), with affordable and adaptable security infrastructure. The proposed solution leveraged open-source technologies, a Dockerized infrastructure, and automation to streamline security operations, aiming to improve malware detection, incident response, and overall cybersecurity for SMEs.

Masilela,Lucia Nel-Sanders,Danielle

to contextualise the study and practice of cyber threat intelligence at the national sphere of government in the South African public sector

The research aimed to enhance cybersecurity incident response in modern institutions, focusing on adapting to new attack vectors, especially those involving malicious binaries. It proposes an open-source solution, utilizing technologies like Docker and automation, tailored for small and medium-sized enterprises (SMEs). The solution serves as a proactive Security Operations Centre, showcasing integrated open- source tools for efficient malware detection. Practical demonstrations and a comparative study assess the solution's effectiveness. Ultimately, the research provides SMEs with an affordable, adaptable, and automated security infrastructure to fortify defenses against evolving cyber threats.

Research Articles

News articles and websites

HOW the research was conducted (NAME the METHODOLO-GY)

HOW the research was conducted (DESCRIBE the PROCESS)

WHAT the reseachers learned – results

Link to article

The research employed a Docker-based approach, configuring two servers to enhance network security. The primary server integrated essential tools such as Wazuh, TheHive, Cortex, n8n, Cuckoo Sandbox, and MISP for SIEM, XDR, EDR, and SIRP functionalities. FleetDM with OsQuery served as the threat- hunting module, while Telegraf, InfluxDB, and Grafana provided monitoring capabilities. The secondary server, functioning as a firewall with OpnSense, incorporated CrowdSec for behavioral analysis. The solution automated processes using n8n and integrated Cuckoo Sandbox for analyzing potentially malicious files. This comprehensive framework aims to improve detection capabilities, streamline incident response, and strengthen overall security posture.

The research focused on addressing challenges in malware detection, considering the evolving nature of malware and the overwhelming sample volume. It proposed an anti-emerging threat solution employing advanced technologies like behavior-based analysis, machine learning, and threat intelligence. The study utilized Docker for system virtualization and deployed a multi- layered architecture. The primary server incorporated Wazuh, TheHive, Cortex, and MISP for SIEM and SIRP functionalities. OpnSense and CrowdSec in the secondary server served as a firewall with behavioral analysis. The flow involved malware delivery, traffic analysis, central analysis, IoC sharing, and further analysis using tools like Cuckoo Sandbox. The research aimed to proactively detect, mitigate, and respond to emerging threats effectively.

The researchers aimed to comprehensively investigate and test the proposed solution by creating a secure environment with containerized applications deployed on servers. This environment, designed to emulate sophisticated malware-targeting networks, involved VirtualBox, VMCloak, Docker, and other services. Malware samples from diverse sources were obtained and validated using the proposed system, referencing online databases like Malware Bazaar. The researchers learned that the solution effectively contained and analyzed malware files, providing crucial capabilities for digital forensics and security. The environment allowed controlled testing, ensuring the authenticity and validation of malware samples before analysis. https://www.proquest.com/abicomplete/docview/2849111014/fulltext/CE53EC9920B841D2PQ/1?accountid=41012&sourcetype=Scholarly%20Journals

The research adopted a qualitative approach, utilizing semi-structured interviews with 29 questions categorized into four sections to explore cybersecurity practices in government senior management. The study focused on the ministries of energy, science and technology, and environmental affairs, interviewing fourteen skilled participants. Sampling methods included snowball and purposive sampling. Data analysis employed the Threat Intelligence Lifecycle, a six-step process in cyber threat intelligence, serving as an analytical framework to thematize the dataset. Thematic analysis was applied to identify relevant classifications, themes, and patterns. Findings were presented thematically based on the Threat Intelligence Lifecycle analysis, offering in-depth insights into the institutionalized cybersecurity measures within government departments from the perspective of senior management.

The research adopted a systematic approach through the six-step Threat Intelligence Lifecycle. The process began with Planning and Direction, involving targeted questioning aligned with cybersecurity issues. Data Collection followed, sourcing information internally and externally. The third step, Processing, focused on meticulous data organization and validation. Analysis informed cybersecurity personnel about threats and risks. Dissemination involved sharing intelligence with a tracked audience. The Feedback step closed the cycle, offering constructive insights for continuous improvement. This structured process ensured a comprehensive understanding and analysis of cybersecurity practices within government senior management.

The research has yielded comprehensive insights into cybersecurity practices within government senior management. By employing a qualitative approach and utilizing the Threat Intelligence Lifecycle, the study systematically identified, analyzed, and understood cybersecurity measures against cyber threats. One-on-one interviews with senior officials from relevant ministries, using snowball and purposive sampling, ensured diverse and skilled perspectives. Thematic analysis based on the Threat Intelligence Lifecycle provided a structured understanding of planning, collection, processing, analysis, dissemination, and feedback. The findings contribute practical insights for enhancing current and future cybersecurity practices and principles in government departments. https://www.proquest.com/abicomplete/docview/2242758081/abstract/F417C51747274A1CPQ/22?accountid=41012&sourcetype=Scholarly%20Journals

The research methodology comprised three main phases. Firstly, a scoping review technique was used for a literature review, focusing on cybersecurity awareness and education initiatives for SMEs. Secondly, a case study approach was employed, specifically utilizing a user-based study to evaluate the strengths and weaknesses of the London Digital Security Centre (LDSC) as a practitioner-based security awareness program. Lastly, the research leveraged insights from the literature review and LDSC case study to develop a high- level program for cybersecurity education and awareness for SMEs, incorporating best practices from research and industry.

The research was conducted through a three- phase approach. The initial phase involved a scoping review technique for a literature review, examining articles and reports from May 2018 to February 2019 through databases like Science Direct, Scopus, Google Scholar, IEEE, ACM, and general web searches. The focus was on cybersecurity awareness, education, and training initiatives for SMEs, using preset inclusion and exclusion criteria. The second phase comprised a case study of the London Digital Security Centre (LDSC), adopting a user-based study to assess LDSC's strengths and weaknesses in offering cybersecurity support to SMEs in London. The final phase utilized insights from the literature review and LDSC case study to outline a high- level program for cybersecurity education and awareness for SMEs, integrating best practices from both research and industry. This comprehensive approach aimed to address the challenges faced by SMEs in security awareness and education, combining theoretical insights, practical observations, and program development.

The research review examined 36 articles and reports focused on cybersecurity awareness, education, and training for SMEs. Key findings highlight the importance of fostering good security behavior in SMEs through the development of a strong security culture. Challenges include reaching SMEs, particularly business owners immersed in day-to-day operations. Influencing factors for security behavior encompass individual knowledge, skills, and experiences. Global initiatives, such as the UK's Cyber Essentials and the US Stop.Think.Connect campaign, aim to support SME cybersecurity. Academic perspectives underscore asset/harm-based security approaches and tailored tools for understanding technical security postures. The importance of holistic, relevant approaches considering SMEs' limited resources is emphasized, with a need for effective measurement of awareness program effectiveness. Overall, the findings stress the significance of tailored and holistic cybersecurity strategies for SMEs, acknowledging their unique challenges and resource limitations. https://www.proquest.com/abicomplete/docview/2242758081/fulltext/94B31057B89F486BPQ/1?accountid=41012&sourcetype=Scholarly%20Journals

When was the article written (within the last 5 years)

Link to article/site

1 CYBERSECURITY THREATS

Cybersecurity Threats affecting Small Businesses in the Wake of Increased Digitalization:

Vamshi Choppari

Department of Computer Science, Monroe College, King Graduate School

KG604-152HY: Graduate Research & Critical Analysis

Professor Amanda Ramlochan

February 11, 2024

2 CYBERSECURITY THREATS

References

Lucian, F. I., Ogrutan, P. L., & Titus, C. B. (2023). enhancing Cyber-Resilience for Small and

Medium-Sized Organizations with Prescriptive Malware Analysis, Detection, and

Response. Sensors, 23(15), 6757. https://doi.org/10.3390/s23156757

Masilela,L., & Nel-Sanders, D. (2023). Cyber threat intelligence practices in the national sphere

of government in South Africa. International Journal of Research in Business and Social

Science, 12(8), 402-414. https://doi.org/10.20525/ijrbs.vl2i8.2914

Bada,M., & Nurse,J. RC. (2019). developing Cybersecurity education and awareness

programmes for Small- and Medium-Sized Enterprises (SMEs). Information and

Computer Security, 27(3), 393-410. https://doi.org/10.1108/ICS-07-2018-0080