Security Obstacles and Motivations for Small Businesses from a CISO's Perspective
Loading...
Permanent Link
Author/Creator
Author/Creator ORCID
Date
2021
Department
Program
Citation of Original Publication
Wolf, Flynn; Aviv, Adam J.; Kuber, Ravi; Security Obstacles and Motivations for Small Businesses from a CISO's Perspective; 30th {USENIX} Security Symposium ({USENIX} Security 21), 2021; https://www.usenix.org/conference/usenixsecurity21/presentation/wolf
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Subjects
Abstract
Small businesses (SBs) are often ill-informed and under-resourced against increasing online threats. Chief Information Security Officers (CISOs) have a key role in contextualizing trade-offs between competing costs and priorities for SB management. To explore the challenges CISOs' face when guiding SBs towards improved security we conducted two interview studies. Firstly, an exploratory study with CISOs with SB experience to identify themes related to their work (n=8). Secondly, we refined ourethods and conducted broader structured interviews with a larger non-overlapping group of similarly qualified SB CISOs (n=19) to validate those themes and extend outcomes. We found CISOs confirmed common observations that SBs are generally unprepared for online threats, and uninformed about issues such as insurance and regulation. We also found that despite perceived usability problems with language and formatting, the effectiveness of government-authored guidance (a key reference source for CISOs and SBs) was deemed on par with commercial resources. These observations yield recommendations for better formatting, prioritizing, and timing of security guidance for SBs, such as better tailoring checklists, investment suggestions, and scenario-based exercises.