This post is based on my minor thesis at TU,Berlin for my Masters. As the topic suggest, it is about open innovation on SMEs for cyber security awareness. Below is the introduction from my thesis. You can find the whole work on the attached pdf of my thesis. Hope you enjoy the read.
Security and privacy are inevitable factors for every enterprise that deals with user data. Hackers with malicious intentions always find enterprises, irrespective of the size of the organization, as profitable targets for their cyber attacks. In a recent study focused on security of small enterprises in America , it is evident that there is a clear increase in the number of security incidents during the recent years. T he FBI report published last summer highlights that as of late 2014, more than 7,000 US firms were victims of cyber attacks through phishing email scams that resulted in $740M profit loss collectively . A large number of retail shops, leisure activity businesses, hotels, health clinics and universities are getting targeted by cyber criminals. The study conducted by Symantec reports that “almost half of cyberattacks worldwide, 43%, last year were against small businesses with less than 250 workers”. The new European regulations aimed at protecting customer data highlights the need for security regulations on SMEs .
There are plenty of quality defense techniques such as antivirus softwares, firewalls and network monitoring tools, that makes it is extremely difficult for an attacker to cause damages to a network. However, contemporarily, large scale cyber attacks are witnessed in the industry. Even though security is a basic necessity, it is not always treated with enough importance. Most of the high quality security or protection mechanisms are proprietary and requires a license. From a business standpoint, it is observed that even startups or small and medium enterprises (SMEs), consider security as an extra feature rather than a fundamental requirement, due to three main reasons. The first and the foremost reason is the lack of proper awareness regarding the importance of cyber security. Sarah Green, a cyber security expert and business manager for Cyber Security at Training 2000, says that one of the most dangerous phrases used by small businesses is: “ It’ll never happen to us.” . The Second reason is the high cost of security related services/products that makes it hard for SMEs to afford it. The Third reason is the changing nature of cyber threats based on the new technologies in use. Even large companies are prey to new cyber attacks until their security analysts formulate and leverage quick protection mechanisms. Such new attacks that are never known before and are discovered for the first time are called Zero Days that are very hard to detect immediately . However, the focus of the thesis is on SMEs and their challenges in relation to cyber threats. Moreover, it also concentrates on open innovation among SMEs and how this can help in facing cyber challenges collectively.