ARPHA Conference Abstracts :
Conference Abstract
|
Corresponding author: George Kassar (gkassar@ascencia-bs.com)
Received: 01 Jun 2023 | Published: 20 Jun 2023
© 2023 George Kassar
This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
Citation:
Kassar G (2023) Exploring Cybersecurity Awareness and Resilience of SMEs amid the Sudden Shift to Remote Work during the Coronavirus Pandemic: A Pilot Study . ARPHA Conference Abstracts 6: e107358. https://doi.org/10.3897/aca.6.e107358
|
The COVID-19 pandemic has caused a rapid shift to remote working, creating new challenges to cyber security, especially for SMEs, which are exposed to various cyber security risks such as phishing attacks, malware, and ransomware. To enhance SMEs' resilience to cyber-attacks, cyber security awareness is essential.
Resilience refers to the capacity to adapt and recover from significant disruptions or adversities, both for individuals and organizations (
Cybersecurity is a broadly used term, whose definitions are variable, often subjective and uninformative. One of the most comprehensive definitions refers to cybersecurity as “the organization and collection of resources, processes, and structures used to protect cyberspace and cyberspace-enabled systems from occurrences that misalign de jure from de facto property rights” (
Several models have explored the relationship between resilience and cybersecurity awareness, providing insight and useful lenses into the ways in which resilience may influence cybersecurity awareness and behaviors; two of these models are the Protection Motivation Theory (PMT) and the Dynamic Capabilities Theory (DCT). The PMT was initially developed by
It is within this context that the present working paper scope aims at exploring the resilience of SMEs and the impact of their cybersecurity awareness amid the abrupt shift towards mass remote work during the pandemic and the subsequent increased cybersecurity risks and exposures. Accordingly, the outcomes of the observations and deductions from the literatures suggest the following proposition / belief statement:
P1: In time of crisis and abrupt challenges;
A pilot study was conducted to test the feasibility and effectiveness of the research design and data collection methods. The pilot was based on a qualitative research design drawing on data collection through an in-depth interview with conversational style approach as described by
The preliminary results of the pilot study provide initial insights of a practical model for SMEs based on a combination of the PMT and DCT which can help them develop a proactive approach to cybersecurity that incorporates both motivation and capability-building. Hence, four main themes emerged for developing the said approach. The 1st theme is conducting a thorough “risk assessment” of cybersecurity posture by identifying and assessing the level of potential threats and vulnerabilities using the PMT model. The 2nd theme is using DCT model to develop the “dynamic capabilities” necessary to respond to those risks, which includes investing in new technologies, training employees, and establishing a culture of awareness. The 3rd theme is “building motivation” among employees to take cybersecurity seriously, which can be achieved through the PMT model by highlighting potential impacts and rewarding good practices. Finally, the 4th theme is “continuous improvement”, which involves ongoing monitoring, risk assessment, capability-building, and motivation-building using a combination of PMT and DCT models.
This work is a preliminary stage that requires further elaborations and generalizations. Yet, the findings from the pilot showed the potentials from integrating PMT and DCT models to enhance SMEs' cybersecurity posture and suggest that such approach could enable more proactive stance towards cybersecurity by fostering a culture of awareness, preparedness, and continuous improvement. These insights could be valuable for SMEs seeking to mitigate the risks associated with the increasing prevalence of cyber threats and attacks.
cybersecurity awareness, SMEs, resilience, protection motivation theory, dynamic capabilities theory
George Kassar
CABMR 2023 colloquium on Resilience and Cybersecurity, held on March 9, 2023, at Ascencia Business School – Collège de Paris, ISF campus, La Défense, Paris, France.