New Framework Developed to Enhance Cybersecurity for Micro Businesses
/ 4 min read
Quick take - The article discusses the increasing cybersecurity threats faced by micro businesses, which often lack the resources and awareness to address these risks, and introduces the SEANCE framework and accompanying web-based tool designed to simplify threat modeling and enhance cybersecurity resilience for these organizations.
Fast Facts
- Cybersecurity threats are a growing concern for micro businesses (MBs), which make up 95% of UK businesses and often lack preparedness due to budget constraints and low awareness.
- A significant 47% of UK MBs reported experiencing breaches or attacks in 2024, highlighting their vulnerability and the misconception that they are not attractive targets for cybercriminals.
- Researchers developed the SEANCE framework, a user-friendly, asset-centric threat modeling tool designed for non-technical users, consisting of six layers: Self, Employees, Assets, Network, Customers, and Environment.
- The accompanying web-based tool provides risk scores, actionable recommendations, and visualizations of system interactions, aiming to enhance cybersecurity awareness and resilience among MBs.
- The SEANCE framework addresses the specific needs of MBs, promoting a comprehensive understanding of cybersecurity risks while aiming to mitigate economic disruptions caused by cybersecurity failures.
Cybersecurity Threats and Micro Businesses
Cybersecurity threats are increasingly prevalent, highlighting the urgent need for systematic threat modeling tailored to the unique challenges faced by micro businesses (MBs). Micro businesses are defined as organizations with fewer than 10 employees. These businesses constitute 95% of businesses in the UK and 94.1% in the EU. Despite their significant contribution to the economy, MBs often remain unprepared for potential cybersecurity risks.
Challenges Faced by Micro Businesses
This unpreparedness is primarily due to budget constraints, lack of technical expertise, and low awareness of cybersecurity threats. Research has identified that many MB owners underestimate their cybersecurity vulnerabilities. They often prioritize immediate business objectives over necessary cybersecurity measures. A significant 47% of MBs in the UK reported experiencing breaches or attacks in 2024, indicating a high level of vulnerability that may be exacerbated by inadequate detection mechanisms. There is also a misconception that MBs are not lucrative targets for cybercriminals.
The SEANCE Framework
To address these challenges, researchers have developed a non-technical threat modeling framework called SEANCE. SEANCE offers a user-friendly, asset-centric approach to cybersecurity. This framework consists of six layers: Self, Employees, Assets, Network, Customers, and Environment. It promotes an inside-out, defense-in-depth strategy and is designed to be easily understood by non-technical users. It utilizes a mnemonic to aid retention and usability.
Accompanying the SEANCE framework is a web-based tool developed using Python, Django, and Bootstrap. This tool provides valuable outputs, including risk scores on a 0-5 scale, actionable recommendations, and a Data Flow Diagram (DFD) that visualizes system interactions. It is engineered for cross-platform compatibility, ensuring accessibility for all MB owners regardless of technical background.
Enhancing Cybersecurity Awareness
Key findings from the research indicate that existing threat modeling frameworks are often too technical for MBs. Frameworks such as STRIDE, OCTAVE, and DREAD contain components that can be adapted for practical use. The SEANCE framework has been evaluated against the Cyber Essentials Readiness Toolkit (CERT) and has been found to offer a more comprehensive approach, inclusive of customer and physical security considerations.
The proposed framework and tool aim to enhance cybersecurity awareness and resilience among MBs. They simplify the threat modeling process and focus on the specific needs of MBs, seeking to remove financial barriers to entry. They also encourage behavioral change and provide a comprehensive understanding of cybersecurity risks.
The publication highlights the crucial importance of cybersecurity for protecting the operations, reputation, and customer trust of micro businesses. Non-compliance with privacy laws and security breaches can lead to legal repercussions, financial penalties, and loss of customer confidence. The SEANCE framework and tool represent a significant step toward bridging the gap between complex cybersecurity practices and the capabilities of micro businesses, ultimately aiming to mitigate the economic disruption that cybersecurity failures can cause at both local and global levels.
Original Source: Read the Full Article Here
