The increasing prevalence of cybercrime poses significant challenges to small businesses, which often lack the resources and expertise to effectively manage their cybersecurity risk. This chapter investigates the potential of cybersecurity communities of practice (CoPs) as a viable solution to support small businesses in addressing these challenges and mitigating the risks associated with cybercrime. By participating in CoPs, small businesses can pool resources, share knowledge, and develop innovative strategies to tackle cybersecurity challenges. The collaborative nature of these communities enables small businesses to leverage collective knowledge and experiences, obtain unique insights from experts across diverse disciplines, and receive invaluable feedback from peers. In conclusion, the chapter argues that cybersecurity CoPs can play a vital role in enhancing the cybersecurity practices of small businesses, reducing cybercrime costs, and ultimately strengthening their overall cybersecurity risk management.
Top1. Introduction
The COVID-19 pandemic has dramatically shifted business operations to online platforms, with more transactions and businesses being conducted virtually than ever before. Increased cyber security risks and attacks for small businesses have accompanied this shift. As online purchases and business transactions increase, so does the risk of cyber security attacks (Kumar, 2020). According to Kratz (2020), the pandemic has made small businesses a prime target for cyber attacks due to their lack of resources and expertise in cyber security. Cybercriminals are taking advantage of the fact that many small business owners are unprepared for the increase in online activity, making them vulnerable to attacks such as phishing, malware, ransomware, and data breaches.
The rise in remote working has further exacerbated the increasing threat of cyber security attacks. Employees working remotely are more likely to be exposed to malicious software and cybersecurity threats (Kumar, 2020). In addition, the lack of physical security measures at remote workstations makes them vulnerable to attacks. Furthermore, using personal devices for work increases the risk of data breaches, as these devices are often less secure than the business’s leading network.
Cybercrime has become a significant problem for small business owners today. Cybercrime is any crime committed using a computer or other digital device. As technology advances, so does the sophistication of cybercrime tactics, making it increasingly difficult for small business owners to protect themselves (Ncubukezi, Mwansa, & Rocaries, 2020). Organizations face increasing cybersecurity threats and risks, including small and medium-sized businesses. As cyber-attacks, data breaches, and ransomware attacks persist, organizations are feverishly working to harden networks, infrastructure, policies, and procedures; yet, small and medium-sized businesses (SMB) might not have the resources, expertise, or support to defend off cleverly planned cyber threats. Safeguarding consumers' sensitive data when conducting electronic commerce (e-commerce) transactions is an issue.
The U.S. Census Bureau reported that 45% of households refused to perform online operations due to data and privacy protection concerns (OECD, 2017). Cybercriminals are targeting (SMBs) because some entities lack cybersecurity resources and capabilities to prevent cyber incidents (Renaud & Weir, 2016). The Organization for Economic Cooperation and Development (OECD) (2017) reports that 94% of small businesses have internet capability, yet, most need to improve in leveraging the internet to its total capacity to include defending from malicious cyber activity. According to Renaud and Weir (2017), SMBs are subjected to data theft, disclosure, corruption, and data destruction, which often remain undisclosed to the public due to the trepidation of negative publicity and reputation damage.
In a 2015 survey regarding United Kingdom's SMBs, one in five entities failed to implement security measures, two out of five did not think cybersecurity attacks were imminent, and 11% of 3,000 SMB owners did not view small and medium-sized entities as potential cybersecurity targets (Renaud & Weir, 2016). The survey highlights SMB owners’ need for more information security knowledge, which is too precarious in cybersecurity. Information and communications technology (ICT) enhances the quality of business (Bolek, Látečková, Romanová, & Korček, 2016); however, the integration of ICT by SMBs, such as the internet, mobile devices, websites, cloud computing, and social media enlarges the businesses’ cyber attack surface. Increasing the cyber-attack surface requires SMBs to dedicate additional resources to protect against cyber threats in a resource-constraint situation. Cybersecurity CoPs are ideal platforms for disseminating information on industry-specific practices to SMBs.