Paper | ENTREPRENEURSHIP WCS - 494

Academic Research Paper: Security Werks

Chris Camaioni – 01186705

Old Dominion University

WCS 494: Entrepreneurship in Cybersecurity

Professor Akeyla Porcher

December 7, 2023

Introduction

The ever-growing threat landscape in cyberspace poses a formidable challenge for individuals and businesses alike, with a staggering one million users falling victim to cyber-attacks daily (Trans & Tick, 2021). Shockingly, a substantial portion of these victims comprises small businesses, where 58% of cybercrime victims in 2017 were businesses of this scale (Gafni & Pavel, 2019). Small businesses’ heightened risk can be attributed to a need for cybersecurity awareness and its perceived importance compared to larger enterprises. Despite their size, small businesses must prioritize cybersecurity practices to safeguard data confidentiality, integrity, and availability, ensuring reliability and reputation.

In our technology-dependent society, businesses of all sizes must establish robust cybersecurity programs. However, small businesses, particularly startups and those in the early stages of growth, face heightened vulnerability to cyber threats due to financial constraints. Compounding this issue is the existing cybersecurity industry’s focus on catering to the financial capabilities of established firms, leaving small businesses as attractive targets for cybercriminals. This vulnerability can disrupt or even jeopardize the operations of small businesses, making Cybersecurity a paramount concern.

According to the U.S. Small Business Administration (SBA), over 700,000 cyber-attacks against small businesses in 2020 resulted in damages totaling 2.8 billion dollars. The SBA survey further highlighted that small business owners acknowledge their vulnerability to cyber-attacks but often find themselves unable to afford professional IT solutions, lacking the time to dedicate to Cybersecurity, or need help determining where to begin (Madrid, 2021). This dilemma leaves small businesses vulnerable to cyber threats, including data breaches, phishing scams, and ransomware, each with the potential to have severe financial consequences, erode client confidence, and, in extreme cases, force business closure. Therefore, small businesses must overcome financial constraints, invest in measures to mitigate these risks and protect their operations in an increasingly digital landscape.

Security Werks Cybersecurity Specialists provide tailored solutions to address small businesses’ increasing cyber threats. Their comprehensive services aim to enhance cybersecurity awareness and safeguard businesses against attacks while ensuring compliance with legal requirements. The offerings include customized training, network assessments, security compliance education, incident response planning, and continuous monitoring.

The company focuses on delivering affordable and effective proactive cybersecurity solutions tailored for small businesses operating within their first three years or with an annual revenue below $125,000. Central to their approach is customized training that builds a cyber-aware culture among business owners and teams, accommodating various technical proficiency levels.

Security Werks conducts vulnerability assessments, penetration tests, and risk evaluations scaled to match clients’ networks’ size and complexity. Incident response planning and assessments empower clients to address vulnerabilities and threats confidently. Security Werks specializes in continuous monitoring services for businesses seeking an extra layer of protection, providing real-time threat detection and response.

Dedicated to educating small businesses about the urgency of Cybersecurity, Security Werks ensures that companies can trust their cybersecurity measures to be resilient and dynamic in the ever-evolving digital landscape. Ongoing research efforts aim to optimize and expand services further.

Literature Review

An exhaustive exploration of scholarly literature unfolds in the intricate realm of small business cybersecurity, revealing many challenges and innovative solutions that intricately weave through this crucial domain. This comprehensive scrutiny unravels the unique and intricate nature of small businesses’ cybersecurity needs, demanding a nuanced understanding and bespoke solutions navigating their specific constraints and capacities.

The escalating cyber threats menacing small businesses, characterized by their inherent limitations in scale and resources, thrust them into the center of a complex web of challenges. A seminal study in 2022 identified three paramount challenges these enterprises contend with: a deficiency in in-house expertise to grapple with cyber risks, budgetary constraints within the Information Technology (IT) realm, and a pervasive lack of understanding regarding effective cyber risk mitigation strategies (Chidukwani et al., 2022). These challenges are not mere stumbling blocks but rather poignant indicators, underscoring the immediate imperative for cybersecurity solutions crafted with precision to accommodate small businesses’ unique challenges and capacities.

The tangible repercussions of cyberattacks on small businesses underscore the gravity of these challenges. The annals of 2020 recount cyberattacks resulting in staggering damages totaling $2.8 billion, sounding a clarion call for accessible and effective cybersecurity solutions (Chidukwani et al., 2022). This financial toll accentuates the pressing need for innovative approaches and illuminates the dire consequences of neglecting the development and implementation of robust cybersecurity strategies for small businesses.

The financial implications of cybercrime loom large over small businesses, with the average cost of a cyberattack in the United States scaling to a staggering $4.35 million, as reported by IBM Security’s Data Breach Report in 2022 (Wallang et al., 2022). This financial burden extends beyond the immediate realm of monetary losses to encompass indirect costs, including potential legal obligations, harm to brand reputation, and a decline in customer trust. The aftermath of a data breach or cyber-attack can inflict financial wounds running into millions, jeopardizing the financial stability and the reputation and privacy of individuals associated with the business (Wallang et al., 2022). Destructive attacks amplify this cost, averaging $5.12 million, 16.3% higher than the overall data breach average.

The absence of robust cyber protection results in immediate financial losses and exposes businesses to many legal ramifications, including lawsuits, compensations, and fines. Non-compliance with standards like the Payment Card Industry Data Security Standard (PCI DSS) can lead to severe consequences, such as the inability to process credit card payments. The ability to recognize the economic impact of cyberattacks and a meticulous cost-benefit analysis becomes imperative. This analysis should meticulously weigh the investment in cybersecurity measures against the potential financial repercussions, serving as a pivotal business decision aimed at averting debilitating losses, preserving client trust, and preventing business closure.

Scholarly research emphatically underscores the critical need for heightened cybersecurity awareness, especially in small businesses facing an escalating cyber-attack risk (Tran & Tick, 2021).

The increasing prevalence of internet-connected devices exposes enterprises to potential breaches of sensitive information, necessitating a comprehensive analysis of the associated challenges in scholarly terms (Tran & Tick, 2021). The staggering statistic of daily cyber-attacks affecting one million users every 39 seconds, as noted by Tran and Tick (2021), not only accentuates the urgency of addressing cybersecurity vulnerabilities but also explicitly underscores the unique challenges small businesses face.

Small businesses, often defined by the number of employees and typically consisting of fewer than 500 individuals in the United States (Gafni & Pavel, 2019), find themselves in a precarious position concerning Cybersecurity. These entities’ financial constraints and resource limitations render them more susceptible to cyber threats than their larger counterparts, who have more substantial budgets and mandated adherence to stringent cybersecurity regulations (Gafni & Pavel, 2019). The implications of these challenges are profound, leaving small businesses exposed to cyber-attacks due to a lack of awareness, resources, and the inability to comply with essential cybersecurity protocols.

Research findings from 2017 further reveal a stark reality where 50% of cyber attacks were deliberately targeted at small businesses, underscoring the severity and disproportionate impact of cyber threats on this sector (Alharbi et al., 2021). The vulnerabilities emanate from small businesses’ limited resources and infrastructure, hindering their ability to comply with essential cybersecurity regulations (Gafni & Pavel, 2019; Alharbi et al., 2021). The financial ramifications are substantial, with 93% of small businesses reporting financial losses due to cyber incidents (Alharbi et al., 2021).

Incorporating cybersecurity practices in small businesses is not merely a protective measure but also offers various strategic advantages. It enhances employee security behavior, reduces vulnerabilities, and safeguards against the ever-evolving landscape of cyber threats (Bruggemann et al., 2022; Ilca & Balan, 2023). Despite potential disadvantages, such as increased costs, the long-term benefits of investing in Cybersecurity outweigh the drawbacks, contributing to sustained business operations and growth (Neri et al., 2022). Small businesses must recognize the imperative nature of such investments, particularly in training employees, to effectively reduce the risks associated with cyber incidents and enhance their overall security posture (Neri et al., 2022).

In the labyrinth of small business cybersecurity, the resource and knowledge gap emerge as formidable challenges, demanding astute navigation for effective cyber threat mitigation. The literature underscores that these challenges are compounded by the prevalence of overconfidence among small business owners and a deficiency in internal expertise, exacerbating the complexities of addressing cyber threats (Duncan et al., 2021). The rapidly evolving cyber threat landscape further amplifies the need for a proactive and tailored approach to bridge the knowledge gap and implement cost-effective cybersecurity solutions (Wang, 2019).

The multifaceted nature of the challenge is underscored by the imperative role of effective communication, collaboration among small businesses, and government intervention, as delineated in the literature (Chidukwani et al., 2022). The intricacies of the legal landscape add another layer of complexity, necessitating international collaboration to combat cybercrimes effectively (Saber, 2016). Cybercriminals exploit the lack of a unified legal framework, taking advantage of the confusion stemming from differing legislation across jurisdictions (Saber, 2016). This legal ambiguity often results in underreporting cybercrimes due to uncertainty about the correct reporting channels, ultimately complicating the legal landscape and contributing to low conviction rates for cybercriminals.

Clear and relatable communication, collaboration, and government support are key components contributing significantly to closing the cybersecurity knowledge gap and empowering small businesses against the escalating threats of cyber incidents (Olejarz, 2021).

Small businesses, therefore, are encouraged to equip themselves with the requisite knowledge and resources to navigate the intricate legal landscape. The imperative of international collaboration is emphasized, aiming to establish a unified and cohesive approach to combat cybercrimes effectively. By adopting and implementing these strategies, small businesses can enhance their cybersecurity awareness and fortify their resilience against the growing specter of cyber incidents in an interconnected and digital business landscape. In this endeavor, the insights and recommendations from the literature provide a roadmap for small businesses to survive and thrive in the face of an ever-evolving cyber threat landscape.

Within the intricate landscape of small business cybersecurity, the challenges extend beyond the technical nuances of Cybersecurity into the realm of effective communication. Recognizing the significance of this facet is crucial and plays a vital role in building cybersecurity awareness, especially among business owners who may need a technical background (Chidukwani et al., 2022). While valuable, the abundance of cybersecurity information poses a potential challenge for small and medium-sized enterprises (SMEs), contributing to confusion and uncertainty (Chidukwani et al., 2022).

The literature underscores the need for an innovative communication strategy beyond conventional approaches. Such a strategy becomes pivotal in effectively conveying cybersecurity concepts, creating an environment where all organization members actively defend against cyber threats (Chidukwani et al., 2022). This proactive engagement not only contributes to building a robust cyberculture but also enhances the overall security posture of the business.

Clear, consistent, and accessible communication is essential in this context. The literature emphasizes that communication should ensure that cybersecurity concepts are understood and that employees and management facilitate internalization (Chidukwani et al., 2022). This internalization is critical for translating awareness into tangible actions, reinforcing a culture where Cybersecurity is not merely a set of guidelines but an ingrained part of the organizational ethos.

In this light, the literature encourages small businesses to adopt communication strategies that demystify complex cybersecurity concepts, making them digestible for individuals with varying technical expertise. This inclusivity in communication ensures that Cybersecurity becomes a shared responsibility, fostering a sense of collective ownership in safeguarding the organization against cyber threats. The literature advocates for communication strategies that are dynamic and adaptive, considering the ever-evolving nature of cybersecurity threats. Regular updates, training sessions, and feedback loops are suggested as components of an effective communication strategy, promoting ongoing engagement and learning (Chidukwani et al., 2022).

Effective communication is a linchpin in the small business cybersecurity narrative, bridging technical intricacies and organizational readiness. By understanding the nuances highlighted in the literature, small businesses can tailor their communication strategies to address their unique challenges, ultimately building a resilient cyberculture that fortifies the organization against the evolving landscape of cyber threats.

Collaboration among small businesses is another critical strategy supporting their cybersecurity efforts. Small businesses can strengthen security measures by sharing strategies, successes, and failures. This communal exchange of information can help develop effective and practical best practices for businesses with similar profiles and challenges. Additionally, this approach allows for the pooling of resources, which is especially beneficial for companies that may lack the financial capability to invest heavily in Cybersecurity.

The collaborative process fosters a sense of community resilience against cyber threats, leveraging collective knowledge and experiences. Regular forums, workshops, and information-sharing platforms can facilitate this collaboration, creating a network where small businesses can learn from each other’s cybersecurity journeys. Collaboration extends beyond the business sector to involve partnerships with cybersecurity experts, governmental agencies, and industry associations, creating a comprehensive network to strengthen small businesses’ cybersecurity fabric.

Government intervention is another crucial aspect of steering small businesses toward a resilient cybersecurity infrastructure. Government agencies play a pivotal role in educating new businesses on available resources, such as Security Werks and other entities designed to assist small enterprises. It is about providing the tools and ensuring small business owners and their employees understand how to utilize them effectively.

Training and awareness programs funded or facilitated by government agencies play a significant role in this educational process. These programs should not only focus on the technical aspects of Cybersecurity but also emphasize the importance of creating a cybersecurity culture within the organization. Simultaneously, offering financial incentives, such as specific loans and grants dedicated to cybersecurity improvements, can motivate small businesses to invest in their cyber health. By adopting these practices, small businesses can enhance their understanding of Cybersecurity and foster a culture of continuous improvement and vigilance against emerging cyber threats.

“The severity and effects of Cyber-breaches in SMEs,” as elucidated by Ignacio and Juan De Arroyabe, highlight that “most small and medium-sized businesses feel that IS security is not their primary concern… This is because SME managers evaluate that the risk level is very low compared to large companies, therefore having a false sense of security” (De Arroyabe, 2021). This inaccurate perception can shift with the help of government-backed programs and financial support, which can highlight the importance of Cybersecurity and provide the means to achieve it.

By coupling education with financial assistance, state and federal governments can significantly improve the overall cyberculture of small businesses nationwide. This approach would help bridge the gap between the perception of Cybersecurity as an unnecessary or luxury investment and the reality of it being a critical business necessity.

Scholarly literature provides a rich tapestry of insights into the challenges and solutions surrounding Cybersecurity for small businesses. This exploration extends beyond acknowledging the issues, offering a comprehensive and detailed roadmap for innovative solutions. From tailored services and comprehensive strategies to the transformative power of effective communication, collaboration, and government intervention, the literature shapes a narrative of resilience and “adaptation in the face of evolving cyber threats” (Indiplomacy, 2023). As small businesses navigate the intricate cybersecurity landscape, synthesizing knowledge and applying innovative strategies emerge as crucial components for building resilience in the face of an ever-evolving cyber threat landscape.

Problem Relation to Other Courses

The challenge of cybersecurity awareness in small businesses extends across disciplines beyond specialized cybersecurity courses. Courses like “Interpreting the American Past” have been crucial to my academic journey. While not directly addressing Cybersecurity, the methodology of reflecting on past events and figures resonates with the approach needed to tackle current issues. Just as historical research informed the identification of areas needing Cybersecurity, reflecting on the past emphasizes the necessity of Cybersecurity in these contexts.

Insights gained from “Interdisciplinary Theory and Concepts” have been instrumental in approaching the problem with a holistic perspective. Delving into interdisciplinary ideas has equipped me to consider traditional aspects of Cybersecurity and explore innovative solutions from various disciplines. This interdisciplinary lens, cultivated through coursework, has been pivotal in shaping the innovative approach taken by Security Werks. The course not only encouraged a comprehensive examination of the who, what, when, where, and how of the problem but also fostered an understanding of the issue through the perspectives of different disciplines.

In the context of pursuing a Bachelor’s in Cybersecurity, even seemingly unrelated courses like “Introduction to Interpersonal Communication” and “Intro to Business” have unexpectedly contributed to the development of Security Werks. These courses provided valuable knowledge in formulating Security Werks’s concept and business strategy. The diverse skill set acquired through these courses has proven invaluable in navigating the complexities of the cybersecurity landscape and developing practical solutions for small businesses.

Additionally, the course “Information Literacy and Research” has played a crucial role by imparting safe research practices. The skills acquired in this course have empowered me to research scholarly articles effectively, enabling me to identify and extract relevant and appropriate information concerning cybersecurity awareness in small businesses. The techniques honed in Information Literacy have been instrumental in portraying the business in a scholarly sense, aiding in acquiring pertinent information for our innovative approach.

How Innovation Will Be Effective

The effectiveness of Security Werks’ innovative approach is evaluated through various assessments designed to ensure comprehensive cybersecurity coverage for small businesses.

Security Improvements:

Identify practices that benefit individual companies and small businesses. Continuous improvement is essential to address any physical or digital security issues promptly and meet the evolving needs of our clients.

Client Satisfaction:

Conduct client satisfaction assessments through surveys, polls, and anonymous feedback. This approach aims to gauge the extent to which our services and training meet the specific needs of our clients. Client feedback will play a pivotal role in refining our cybersecurity experience and tailoring it to the satisfaction of our clients.

Compliance Achievements:

Survey and audit for compliance. Assessments will ensure adherence to the latest standards and regulations in Cybersecurity. This evaluation guarantees that small businesses follow safe and legal practices and ensures Security Werks’ compliance with regulations. Upholding compliance standards is crucial for the effectiveness of both our services and the overall cybersecurity landscape.

Business Growth:

Monitoring financial status, budget, and client base over time will enable us to track profitability and identify trends in clientele. This assessment will provide insights into the impact of our services on small businesses, helping us determine the level of cybersecurity awareness within this sector.

Through these assessments, Security Werks aims to comprehensively evaluate its effectiveness, considering security enhancements, client satisfaction, legal compliance, and economic gains. With a blend of professionalism and dedication, these assessments will continue to influence and drive the ongoing development and refinement of Security Werks’ services.

What is Needed

To realize the vision of Security Werks, a comprehensive startup plan encompassing technical infrastructure and human resources is crucial. The founding members recognize the importance of a well-defined startup plan, robust technical infrastructure, and strategic allocation of resources. The planned approach, including remote operations, collaboration with the SBA, and pursuit of grants, reflects a comprehensive strategy to ensure the cybersecurity venture’s successful launch and sustained growth.

The initial investment in the technical foundation involves procuring essential hardware, including four servers, ten laptops, two desktops, monitors, printers, desks, server racks, secure storage, and specialized equipment like hard drive cloners. This lab setup, estimated between $20,000 and $50,000, is integral to conducting cybersecurity assessments and maintaining high-security standards.
The founding team, consisting of cybersecurity specialists, forms the core workforce initially. However, recruiting a marketing advisor and legal counsel is essential. Allocating approximately $5,000 for marketing activities and $10,000 for legal counsel ensures a strong business development and compliance support system.
Projected operational expenses, covering software licenses, staff development, and equipment repairs, are estimated to be between $5,000 and $10,000.
Leveraging the qualifications of team members for specific federal grants and resources aimed at veteran-owned, disabled-veteran-owned, and women-owned small businesses is part of the funding strategy. Seeking a business loan from the SBA provides the advantage of potentially securing a low-interest rate loan. While competitive, these grants can significantly offset startup costs. This approach aligns with the plan to minimize initial costs while building a foundation for future growth.
Security Werks plans to operate remotely for the first year to keep initial costs low, allowing the business to focus on promotion, gaining clients, and generating revenue before committing to a physical office.

As Security Werks embarks on the journey from planning to operationalization, the focus lies on gaining clients and fortifying the defense against cyber threats in small businesses. The primary goal is to elevate cybersecurity awareness by actively preventing further attacks. Despite being a nascent venture, the belief in the significant impact of Security Werks’ services on the cybersecurity landscape is robust.

Next Steps

The transition from planning to operations prompts a strategic reflection on Security Werks’ progress and the forthcoming trajectory. Immediate objectives include refining the marketing strategy through digital platforms, community engagement, and focusing on financial strengthening. Social media, Google ads, and local community involvement are envisioned to broaden the business’s reach.

In parallel, the financial aspect gains prominence, with plans to seek small business loans and explore grants tailored to the business’s characteristics. The influx of funds prompts a meticulous budget review, ensuring optimal resource allocation for maximum returns. The aim is to position Security Werks as the leading cybersecurity company for small businesses in Hampton Roads.

Understanding the intricacies of collaboration within the same field, creating innovations that address specific needs, identifying target markets, assessing competition, and conducting necessary research play a pivotal role in defining a business’s services. The entrepreneurial experience underscores the importance of continuous improvement and adaptability. Collaborating with more experienced group members has been invaluable, showcasing the essence of teamwork in such ventures.

The experience, despite its challenges, has imparted substantial knowledge that I anticipate will shape my future endeavors. Key lessons emerge from the development of Security Werks. The significance of a detailed business plan becomes evident, encompassing market understanding, legal compliance, and technical requirements. Financial planning takes center stage, highlighting the diverse funding avenues available for small businesses. A retrospective consideration suggests a potential adjustment in the business model, starting with a focus on training before venturing into the technical aspects, aligning with financial realities and revenue generation. As the old adage goes, “Success rarely comes overnight,” and the ability to learn from mistakes is integral to creating a resilient and successful business.

References:

Alharbi, F., Alsulami, M., AL-Solami, A., Al-Otaibi, Y., Al-Osimi, M., Al-Qanor, F., & Al-Otaibi, K. (2021). The Impact of Cybersecurity Practices on Cyberattack Damage: The Perspective of Small Enterprises in Saudi Arabia. Sensors (14248220), 21(20), 6901. https://doi-org.proxy.lib.odu.edu/10.3390/s21206901

Armenia, S., Angelini, M., Nonino, F., Palombi, G., & Schlitzer, M. F. (2021). A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decision Support Systems, 147, 113580. https://doi.org/10.1016/j.dss.2021.113580

Bruggemann, R., Koppatz, P., Scholl, M., & Schuktomow, R. (2022). Global Cybersecurity Index (GCI) and the Role of its 5 Pillars. Social Indicators Research, 159(1), 125–143. https://doi.org/10.1007/s11205-021-02739-y

Chidukwani, A., Zander, S., & Koutsakis, P. (2022). A Survey on the Cyber Security of Small-to-Medium Businesses: Challenges, Research Focus and Recommendations. IEEE Access, 10, 85701–85719. https://doi.org/10.1109/access.2022.3197899

Fernandez De Arroyabe, I., & Fernandez de Arroyabe, J. C. (2021). The severity and effects of Cyber-breaches in SMEs: a machine learning approach. Enterprise Information Systems, 17(3), 1–27. https://doi.org/10.1080/17517575.2021.1942997

Gafni, R., & Pavel, T. (2019). The invisible hole of information on SMB’s Cybersecurity. Online Journal of Applied Knowledge Management, 7(1), 14–26. https://doi-org.proxy.lib.odu.edu/10.36965/ojakm.2019.7(1)14-26

IBM. (2022). Cost of a Data Breach Report 2022. https://www.ibm.com/downloads/cas/3R8N1DZJ

Ilca, L. F., Lucian, O. P., & Balan, T. C. (2023). Enhancing Cyber-Resilience for Small and Medium-Sized Organizations with Prescriptive Malware Analysis, Detection and Response. Sensors (14248220), 23(15), 6757. https://doi-org.proxy.lib.odu.edu/10.3390/s23156757

Indiplomacy. (2023, June 21). Angola’s President Launches Cybersecurity Initiative. Indiplomacy. https://indiplomacy.com/2023/06/21/angolas-president-launches-cybersecurity-initiative/

Levy, Y., & Gafni, R. (2022). Towards the quantification of cybersecurity footprint for SMBs using the CMMC 2.0. Online Journal of Applied Knowledge Management, 10(1), 43–61. https://doi-org.proxy.lib.odu.edu/10.36965/ojakm.2022.10(1)43-61

Madrid, M. (2021, October 29). Protect Your Small Business from Cybersecurity Attacks. SBA blog. https://www.sba.gov/blog/protect-your-small-business-cybersecurity-attacks

Neri, M., Niccolini, F., & Pugliese, R. (2022). Assessing SMEs’ Cybersecurity organizational readiness: Findings from an Italian survey. Online Journal of Applied Knowledge Management, 10(2), 1–21. https://doi-org.proxy.lib.odu.edu/10.36965/ojakm.2022.10(2)1-22

Rosenbaum, E. (2021, August 10). Main Street overconfidence: America’s small businesses are not worried about hacking. CNBC. https://www.cnbc.com/2021/08/10/main-street-overconfidence-small-businesses-dont-worry-about-hacking.html

Saber, J. (n.d.). ScholarWorks Determining Small Business Cybersecurity Strategies to Prevent Data Breaches. https://scholarworks.waldenu.edu/cgi/viewcontent.cgi?referer=&httpsredir=1&article=6270&context=dissertations

Tran Nguen Bao Ngo, & Tick, A. (2021). Cyber-Security Risks Assessment by External Auditors. Interdisciplinary Description of Complex Systems, 19(3), 375–390. https://doi-org.proxy.lib.odu.edu/10.7906/indecs.19.3.3

Wang, S. S. (2019). Integrated framework for information security investment and cyber insurance. Pacific-Basin Finance Journal, p. 57, 101173. https://doi.org/10.1016/j.pacfin.2019.101173

Wallang, M., Shariffuddin, M. D. K., & Mokhtar, M. (2022). Cyber security in small and medium enterprises (SMEs). Journal of Governance and Development (JGD), 18(1), 75–87. https://doi.org/10.32890/jgd2022.18.1.5

The Evolving Cyberthreat. (2015, November 1). Harvard Business Review. https://hbr.org/2015/11/the-evolving-cyberthreat