TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Tightroping between APT and BCI in small enterprises

Tutkimustuotosvertaisarvioitu

Yksityiskohdat

AlkuperäiskieliEnglanti
Sivut226-239
JulkaisuInformation Management and Computer Security
Vuosikerta25
Numero3
DOI - pysyväislinkit
TilaJulkaistu - 2017
Julkaistu ulkoisestiKyllä
OKM-julkaisutyyppiA1 Alkuperäisartikkeli

Tiivistelmä

Purpose: The contemporary Internet provisions increasingly sophisticated security attacks. Besides underlining the advanced nature of these attacks, the concept of an advanced persistent threat (APT) catalyzes the important perspective of longitudinal persistence; attacks are not only carefully planned and targeted, but the subsequent exploitation period covers long periods of time. If an APT successfully realizes into such exploitation, information assets may be continuously monitored for harvesting the business critical information (BCI). These threats are relevant for the security of small enterprises and this study examines the qualitative factors that shape the security mindsets among these.

Design/methodology/approach: The data is collected with semi-structured interviews of six enterprises in a small regional market segment. The analysis is based on a fourfold taxonomy that delivers three mindset profiles, while particular emphasis is placed on the subjective security notions that shape the typical strategizing among enterprises.

Findings: APT is poorly understood among the observed segment, which tends to often also explicitly downplay the strategic relevance of the concept, but a more pressing challenge relates to the observation that business data is often perceived to have no value. The delivered results can be used to improve the situation.

Originality/value: This study is among the firsts to explore perceptions of small enterprises towards APT and BCI. The results reveal problematic mindsets and offers new avenues for practitioners as well as academics to study and improve the situation.