Sizing Up The Defense

Brian Nussbaum, assistant professor in the College of Emergency Preparedness, Homeland Security and Cybersecurity.

ALBANY, N.Y. (Dec. 8, 2017) – No organization or industry is immune to cybercrime.

Large-scale attacks tend to grab the headlines, like Yahoo’s data breach last year that leaked personal information from a billion user accounts. Less publicized is the number of attacks on small and medium-size companies. According to the 2016 State of SMB Cybersecurity Report, hackers have breached half of the 28 million small businesses in the United States.

Clearly, no organization is too big or small to be hacked – but how do cybersecurity challenges differ based on firm size?

To answer that question, Brian Nussbaum, an assistant professor in the College of Emergency Preparedness, Homeland Security and Cybersecurity, has published a new theoretical paper in the Journal of Cyber Policy.

“There is already extensive literature in the fields of business and organizational studies that connects firm size to various outcomes,” Nussbaum said. “We wanted to apply this thinking to cybersecurity by comparing challenges for large and small enterprises, both in the private sector and public sector.”

His paper specifically examines the differences within the social aspects of organizations (i.e. the people and process), arguing they play just as large of a role in cybersecurity challenges as technical aspects do.

“While an organizations cybersecurity efforts can range in terms of technical aspects, our paper instead compares social aspects,” Nussbaum said. “Information security professionals spend their day dealing as much with people as with bits, bytes or firewalls; getting coworkers to not click on phishing links, getting business units to collaborate for incident response, convincing executives not to conduct official business through their webmail accounts, and harassing people to change their default passwords.”

To analyze differences, Nussbaum and his co-author Charlie Lewis, a Madison Policy Forum Cybersecurity fellow, compared three real-world cases of cybercrime – two small companies and one large.

The first case focuses on a small laundry business that stole records from another local small laundry business to gain a competitive advantage. The second looks at the small village of Ilion, N.Y., which made national news after having to pay hackers a ransom to keep its computers running. The third focuses on two massive data breaches in the United States Office of Personnel Management (OPM): one resulting in the exposure of 4.5 million records, another resulting in the exposure of 21.5 million records.

Nussbaum believes his paper is a good first step in acknowledging that firm size is important when analyzing organizational cybersecurity challenges, though much more research still needs to be done.

“Our paper provides a starting point to begin thinking about the idea of firm size and the many things that come with it in the context of cybersecurity,” Nussbaum said. “It is important to note this is merely an early step in integrating existing – and future – research on firm size into the rapidly growing literature available on combating cybersecurity challenges.”

You can read the full paper here.

To learn more about Nussbaum’s research and expertise, view his University expert page.

RSS Link For more news, subscribe to UAlbany's RSS headline feeds

About the University at Albany
A comprehensive public research university, the University at Albany-SUNY offers more than 120 undergraduate majors and minors and 125 master's, doctoral, and graduate certificate programs. UAlbany is a leader among all New York State colleges and universities in such diverse fields as atmospheric and environmental sciencesbusiness, public health, health sciences, criminal justice, emergency preparedness, engineering and applied sciences, informatics, public administration, social welfare, and sociology taught by an extensive roster of faculty experts. It also offers expanded academic and research opportunities for students through an affiliation with Albany Law School. With a curriculum enhanced by 600 study-abroad opportunities, UAlbany launches great careers.