CYSE 200T-ePortfolio entry #7

Posted by rknap004 on

Q: What are the costs and benefits of developing cybersecurity programs in business?

A: In a world where technology is used everywhere, it appears difficult for businesses, both small and large, to integrate cyber security in the business, especially when issues arise with the allocation of resources and money. Especially for smaller businesses, without some form of security to protect the systems they use everyday, “small businesses often have more to lose than larger organizations” due to their smaller nature and less knowledge on the subject of cybersecurity (Toth and Paulson p. 4). Furthermore, the fact that most small businesses have “little to no understanding” of cybersecurity and cyber threats can lead to a lot of organizations being easy targets for malicious attacks, all for a business’s private information, resources, data, and money (“The Impact of” p. 1). With this in mind, the best thing for an organization to do is to spend a bit of their resources and money to develop a basic “information security program” (Toth and Paulson p. 5). The cost of this is that they’ll have to allocate more resources just to implement the security program, and since small businesses are limited already on the amount of money they spend, they likely won’t get the most optimal security system. Despite this, the benefits are extremely worth the costs, as the “damage to information systems”, loss of reliability from consumers, and costs of income and production can prove more costly than to implement even basic security  (Toth and Paulson p. 4). Essentially, leaving information systems unsecure for small businesses leaves them open and vulnerable for malicious entities to effectively ruin them. This implementation is further made easier with larger organizations, as they’ll have much more money and resources to work with to further develop their information systems and programs. Some other basic programs to implement would be a protective firewall–in order to bar even more access from third-party entities into the business’s information system– and perhaps training programs for employees on how to be safe in the workplace, especially from “email attacks” and internal attacks (“The Impact of” p. 2).

References

  • Anonymous. (n.d.). Tutorial 1: The impact of cybercrime on small business. Tutorial 1: The Impact of Cybercrime on Small Business | SBIR.gov. Retrieved March 4, 2023, from https://www.sbir.gov/tutorials/cyber-security/tutorial-1
  • Toth, P. R., & Paulsen, C. (2020, January 27). Small business information security: The fundamentals. NIST. Retrieved March 4, 2023, from https://www.nist.gov/publications/small-business-information-security-fundamentals

Leave a Reply

Your email address will not be published. Required fields are marked *