Small businesses (0-19 employees) are becoming attractive targets for cyber-criminals, but struggle to implement cyber-security measures that large businesses routinely deploy. There is an urgent need for effective and suitable cyber-security solutions for small businesses as they employ a significant proportion of the workforce. In this paper, we consider the small business cyber-security challenges not currently addressed by research or products, contextualised via an Australian lens. We also highlight some unique characteristics of small businesses conducive to cyber-security actions. Small business cyber-security discussions to date have been narrow in focus and lack re-usability beyond specific circumstances. Our study uses global evidence from industry, government and research communities across multiple disciplines. We explore the technical and non-technical factors negatively impacting a small business' ability to safeguard itself, such as resource constraints, organisational process maturity, and legal structures. Our research shows that some small business characteristics, such as agility, large cohort size, and piecemeal IT architecture, could allow for increased cyber-security. We conclude that there is a gap in current research in small business cyber-security. In addition, legal and policy work are needed to help small businesses become cyber-resilient.
翻译:小企业(0-19名雇员)正在成为网络罪犯的吸引力目标,但努力执行大型企业经常部署的网络安全措施; 迫切需要为雇用大量劳动力的小企业制定有效而适当的网络安全解决方案; 本文认为研究或产品目前没有涉及的小商业网络安全挑战,而这种研究或产品通过澳大利亚的视角来应对。 我们还强调了有利于网络安全行动的小企业的一些独特特点。 小型商业网络安全讨论迄今为止在焦点上一直很狭窄,而且缺乏超出特定环境的可再使用性。 我们的研究利用了来自行业、政府和研究界的多种学科的全球证据。 我们探索了对小企业自我保护能力产生负面影响的技术和非技术因素,如资源限制、组织流程成熟度和法律结构。 我们的研究显示,一些小型商业特征,如灵活性、大群体规模和零碎的信息技术结构,可以增加网络安全。我们的结论是,目前对小企业网络安全的研究存在差距。此外,还需要法律和政策工作帮助小企业实现网络安全。