Chapter 1: Introduction
Small businesses, mostly comprised of up to 19 employees, are becoming the primary targets of the cyber-criminals as these enterprises struggle in establishing salient security measures deployed by the larger organizations (Tam et al., 2021). Iovan and Iovan (2016) account that more businesses have become victims of cyber-attacks, with 91% of these organizations having experienced these attacks at least once over the past year and 9% of these victims being pre-defined targets. Technological advancement and digitization of major organizational processes, alongside the widespread utilization of the digital tools into main activities, have developed a perfect condition for the development and execution of malware to corrupt organizational data (Iovan & Iovan, 2016).
Studies reveal an increasing innovation or automation of the small businesses as the key hindrance to its success, making them vulnerable to cyber-attacks (Taneja et al., 2016). Furthermore, technological advancement and commitment to vast innovation are risk factors for small businesses as criminals have virtual access to businesses’ networks, and hackers have become more skilled in accessing protected data or files, posing salient cyber security threats (Iovan & Iovan, 2016). Udofot and Topchyan (2020) confirm that small businesses remain vulnerable to cyber-attacks due to their limited power to address the sophisticated models adopted by the hackers, making it difficult for their strategies to outsmart the attackers. Furthermore, the reports add that small business are attractive targets to ransomware, as they possess the vast information the criminals want to exploit (Udofot & Topchyan, 2020). They typically lack a robust security infrastructure compared to the larger enterprises (Udofot & Topchyan, 2020). Thus, cyber-attacks remain critical threats and primary concerns for small-sized enterprises, contributed by the inability of their security infrastructure to address external attacks (Udofot & Topchyan, 2020). The numerous threats remain a challenge to small businesses, including malware, viruses, ransomware, and phishing (Iovan & Iovan, 2016).
Iovan and Iovan (2016) confirm that due to the vulnerability of small businesses to cyber-attacks such as ransomware, there is a need for proper planning and assessment of the business environment to identify the business’ vulnerability and create a framework to resolve the challenge and protect the organization’s assets. Pandey et al. (2020) confirm that small businesses and personal systems are mainly vulnerable to ransomware attacks, primarily by the business being held, hostage. Furthermore, studies show that small business owners have the basic or fundamental instruments for technological risk management but lack the essential procedures, training, and policies to protect their information resources (Berry & Berry, 2018). Berry and Berry (2018) also note that small businesses have limited knowledge of incorporating solid passwords to safeguard their information assets. Mansfield-Devine (2016) acknowledges that a critical challenge with the ransomware attacks in small businesses comes and goes unnoticed. It encrypts networks to decrypt the victims until the ransom is paid (Mansfield-Devine, 2016).
Studies confirm that ransomware is a prevalent challenge facing businesses in the contemporary period considering that small-sized enterprises are making little effort to establish robust security infrastructures (Strauss, 2017; Mansfield-Devine, 2016). Furthermore, the lack of a well-established security system is a salient vulnerability steering the hacker’s focus to the small businesses (Mansfield-Devine, 2016). Strauss (2016) confirmed that in 2016, five sheriff and police departments were victims of ransomware attacks in Maine, forcing the departments to pay the ransom for they did not want to risk losing essential data related to law enforcement.
Additionally, Tam et al. (2021) confirm that cyber-attacks are detrimental to the wellness or thriving of small businesses or enterprises, leading to disruption of its operation and losses contributed by the paid ransom. Cheng et al. (2017) confirm that ransomware or malware attacks on small businesses are damaging in terms of loss of sensitive or valuable data, reputational damage, and overall disruption of the organizational operations. Furthermore, cyber-attacks on businesses are linked to the financial losses’ outcomes, as exhibited in the previous attacks, as Anthem insurance lost $100 million in the cost of 2015 attacks (Cheng et al., 2017).
Numerous studies, such as Chen (2016), examine the cyber threats to small businesses in general while accounting for the specifics. Studies such as Chen (2016) and Raghavan et al. (2017), among other numerous studies, explore the widespread cyber threats to small businesses and the factors that increase their vulnerability. In addition, numerous studies such as Van and Code (2018) have investigated the impacts of cyber-attacks such as ransomware on small businesses, having shown detrimental effects. Further, extensive studies provide broad background information on the factors increasing the vulnerability of small businesses to cyber-attacks.
Additionally, other studies examine the strategies for resolving the cyber-attack challenges in small businesses. For example, studies such as Patterson (2017) point out policy decisions as critical approaches to addressing the vulnerability of small businesses to cyber-attacks. These studies are practically and empirically essential for small businesses to develop vast policies on curbing cybercrimes while considering their exposure or factors making them targeted by the hackers. Furthermore, these studies contribute to the knowledge expansion on small businesses’ vulnerability while providing consistent evidence applicable in further research.
Statement of the Problem
Ransomware has continued to be a challenge to small businesses since its discovery two decades ago (Dhinnesh, 2020). Small businesses continue to be regularly attacked using ransomware (Poudyal & Dasgupta, 2021). Ransomware attacks on small businesses or enterprises stand out as critical challenges facing organizations costing them time, resources, and reputation (Knutson, 2021). Approximately two-thirds of the cyber-attacks, in the form of ransomware, target small businesses, targeting critical information such as customer records, information of the vendors, list of the customers, security details such as passwords, among others that the organization uses (Van & Code, 2018). Sufficient evidence justifies the vast challenges of small businesses from ransomware attacks (Van & Code, 2018). Legislative assessments exploring ransomware attacks confirm that small businesses constitute more than half of the victims of ransomware attacks, as most operate on a narrow margin and often have no crucial resources for cyber security (Knutson, 2021).
Kaseya’s CEO confirms that between 800 and 1500 businesses across the world have at one point experienced and been affected by ransomware attacks (Satter, 2021). Therefore, the business and consumer societies are the most affected by these ransomware attacks due to data loss and disruption of operations. Small businesses are in a state of limbo as ransomware attacks continue becoming rampant in the society of digitization (Lovan & Lovan, 2016). However, these businesses do not understand that they can leverage their limited power in terms of resources to build a secure infrastructure that is unbreakable or less vulnerable to malicious attacks (Berry & Berry, 2018). As a result, these small enterprises should be aware of the strategies to enhance their safety and manage their risk to external attacks. Therefore, failure to conduct this research will leave the small businesses unenlightened about their vulnerabilities, translating to domestic and global economic disruption. Furthermore, failing to conduct this research will lead to the researcher’s loss for not acquiring new knowledge on helpful mechanisms for leveraging limited resources to develop a safe or secure infrastructure for the small enterprises.
Purpose of the Study
The purpose of this qualitative case study is to understand better the impediments to the application of ransomware-specific preventative, detective, and corrective controls by small business owners. The study will incorporate the experiences and perceptions of small business owners and leaders to explore the hindrances to the effective implementation of ransomware controls. The study will be conducted using an open-ended questionnaire directed to small businesses to collect data on their experiences and perceptions about ransomware and what they think are the hindering factors towards controlling these attacks. Therefore, the target population for this case study research is small businesses or enterprises with a target sample size of 30 small businesses. Qualitative research often entails using a small sample size to gain in-depth insight into experience and perceptions (Sim et al., 2018). Furthermore, Sim et al. (2018) confirm an ideal qualitative research sample size ranges between four and 30 for the single case study. Generally, data will be collected from the small businesses’ premises, from which their confidentiality will be affected using pseudonyms. The researcher will have access to data using paid services through SurveyMonkey as needed for the study.
Introduction to Theoretical or Conceptual Framework
The theoretical framework used to explain this study is the routine activity theory introduced by Cohen and Felson in 1979 (Holt et al., 2020). This framework is most appropriate in the given study because it shows how having adequate protection of systems against ransomware can prevent infections. Furthermore, this is a criminology theory based on examining the victimization and offenses of cybercrime (de Melo et al., 2018). Thus, it will help understand the application of ransomware and the development of controls, including preventive, corrective, and detective controls.
Introduction to Research Methodology and Design
The selection for this study entails the qualitative as the research methodology and case study as the research design. Studies confirm that qualitative research methodology entails collecting, analyzing, and deducing meaning from non-numerical data (Flick, 2018). Flick (2018) proves that the primary focus of qualitative research is to obtain the individual subjective perceptions and give meaning to their experiences. Hennink et al. (2020) note that qualitative research methodology is crucial for obtaining a quality, in-depth insights into the problem. Therefore, qualitative research methodology is selected for this study due to its ability to obtain insights and information regarding the experiences of people and organizations with a study’s problem or phenomenon.
Hennink et al. (2020) note that qualitative research methodology is essential to comprehend or understand diverse people’s world experiences and operations. The qualitative method will be selected for this study due to its primary intention to obtain sufficient data on the experiences of small businesses with ransomware. Therefore, the methodology represents a perfect choice to draw insights and interpret perceptions towards the ransomware challenges and the factors impeding effective control of the business challenge. Furthermore, flick (2018) confirms that a qualitative study is flexible and naturalist, meaning it accounts for the changes and incorporates new ideas within real-world contexts. Furthermore, the qualitative method is crucial for this research to obtain meaningful insights by accounting for people or businesses’ experiences and perceptions of ransomware challenges. Finally, flick (2018) and Hennink et al. (2020) confirm that the open nature of qualitative research makes it crucial to uncover new problems that could not have been thought of before.
Concerning the selection of a case study as the design for this study entails an in-depth investigation of a single group, particularly the small businesses. Hennink et al. (2020) ascertain that the case study design is crucial to obtain information related to the individual group’s previous experience or as the event currently occurs in the course of their life. Studies confirm that a qualitative case study is crucial in exploring an event or phenomenon within a specific context using diverse data sources to discover the multiple facets of the studied concept or phenomena (Rashid et al., 2019). Therefore, this research focuses on the small businesses as the target and specific context for exploring the multiple facets of ransomware by examining the business representatives’ perceptions and experiences with the cyber threat to obtain in-depth insights. Case study design accounts for the phenomenon or challenge within the real-life context to consider the features of the problem through the subjective experiences or feelings towards the ransomware attacks. It is crucial to obtain the inadequacies of the systems of small businesses to control or prevent ransomware attacks.
Research Questions
RQ1
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
RQ2
What are the impediments for the application of ransomware-specific detective controls by small business owners?
RQ3
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
Significance of the Study
The significance of this study states that it can contribute a lot towards helping small business owners to become more informed regarding the implications of controls relating to cyber security so that they can improve business operations. This research stands out as a novel in nature of purpose, exploring a critically new gap. It is crucial to the field of the study to account for the system inadequacies in small businesses to prevent and control the infectivity of ransomware attacks. Knutson (2021) ascertains that small businesses are overwhelmed by ransomware attacks as they have limited resources to implement preventive strategies. Furthermore, small business owners are often unaware of the magnitude of ransomware threats (Malecki, 2019). The usefulness of this study’s result is embedded in the aspect that some business owners can learn through experience how to strengthen and mitigate their cyber security while reducing the negative consequences of ransomware attacks. Most of the time, small business owners provide information to promote stability and safety while being in their locus of control and managing all cost-effectively (Tuttle, 2020). There is a more sophisticated type of information system being used in large businesses compared to small companies, which can help improve the strategies of small companies and adjust them according to the target company. This means that it is necessary to understand complex information systems and also improve subcomponents for better implementation.
This study’s findings will highly contribute to the advancement of the guiding framework and literature expansion by addressing the gap in the previous studies that disregards the inadequacies of the small businesses’ systems to counter, prevent or mitigate the impacts of ransomware. Most studies, such as Knutson (2021), Tuttle (2020), and Malecki (2019), among other studies, explore the effects of ransomware attacks and prevention mechanisms for small businesses. Therefore, this study extends this exploration to examine the cause of the persistent nature of cyber-attacks on small businesses to understand what is not being done right. Thus, considering this research provides an opportunity to build a resilient small business sector, identify the system flaws, and correct them appropriately.
Definitions of Key Terms
Corrective Controls
Corrective controls are deployed to restore systems to a normal state and minimize the effect after an unwanted or unauthorized activity has occurred (Williams et al., 2020).
Detective Controls
Detective controls are the controls that are used for detecting ransomware any kind of online virus that can be harmful to the information system (Williams et al., 2020).
Guardianship
Guardianship is the concept of protection in which the elements of surveillance are used to prevent crime (Young & Yung, 2017).
Preventive Controls
Preventive and corrective controls help develop preventive strategies and have a proper corrective system to overcome the issue in case of any cyber-attack (Williams et al., 2020).
Ransomware
Ransomware is an online virus used to get money from victims (Young & Yung, 2017).
Summary
The problem addressed in this study is ransomware has been continuing to wreak havoc since its’ discovery over twenty years ago (Dhinnesh, 2020). Small businesses continue to be regularly attacked through ransomware (Poudyal & Dasgupta, 2021). The purpose of this qualitative case study is to better understand the impediments to the application of ransomware-specific preventative, detective, and corrective controls by small business owners. The theoretical framework used in this study is the routine activity theory introduced by Cohen and Felson in 1979 (Holt et al., 2020). This framework is most appropriate in the given study because it shows how having adequate protection of systems against ransomware can prevent infections. This study is very significant in identifying the usefulness of developing preventive and control strategies against ransomware. Most of the time, small business owners are not informed about the magnitude of ransomware threats. Some business owners can learn through experience how to strengthen and mitigate their cyber security while reducing the negative consequences of ransomware attacks. This study will provide help to small business owners in overcoming these issues and protecting their data.
Chapter 2: Literature Review
Iovan and Iovan (2016) confirm that small businesses have a limited capability to overcome challenges associated with cyber-attacks or threats, mainly related to impediments on the institutions’ preventative, detective, and corrective controls. The advanced use of digital tools in businesses operations is a leading factor contributing to the widespread cyber-attacks on small businesses or enterprises (Iovan & Iovan, 2016). This section explores previously conducted studies examining the cyber threats, especially the ransomware attacks on small businesses. Notably, this section is divided into sub-sections from various studies, mainly related to the evolution and operations of ransomware, previous attacks, the vulnerability of small businesses, the complexity of ransomware. Other sub-sections include the effects of the attacks, efforts by the organizations to address these attacks, strategies, the internal impediments to the controls, and the overall framework of the study. The databases and search engines used included Google Scholar, Microsoft Academic, Computing Research Repository (CoRR), CiteSeerX, ProQuest, and Google for professional publications. Search parameters used include cryptography, cyber-attacks, cybercrime, and cyber-security, alongside other combinations of those search terms AND small businesses, prevention, cyber crisis management, or cyber-defense. In selecting the studies, the scholarly peer-reviewed and professional publications were chosen for the last 9 years. However, more than 90% of the selected publications are current and published in the previous 5 years.
Theoretical or Conceptual Framework
This study’s development relies on the routine activity theory explored by Cohen and Felson (1979) to explore the elements of the crime by considering space and time. This selection incorporates the inferences of Leukfeldt and Yar (2016) on the role of routine activity theory to explore cyber-crime and victimization. The elements of routine activity theory explored in this study include the critical constructs that motivate crime 1) a motivated or potential offender, 2) suitable target, and 3) absence of protection, essential to explore the possible occurrence of cyber-crime and measures to mitigate by accounting for space and time. The convergence of time and space provides a background for understanding why small businesses are easy targets and measures are hard to implement to alleviate their suitability to attacks.
Image 1: Theoretical framework under the routine activity theory
Evolution of Ransomware
Richardson and North (2017) ascertain that the emergence and growth of ransomware have occurred in numerous phases, although it is expected some details to be missing due to its illegal nature. Studies confirm that although sources tend to be inconsistent in the names of numerous versions of the ransomware, they tend to be similar (Richardson & North, 2017). The AIDS Trojan is the first-ever ransomware developed by Joseph L. Popp in 1989; it uses simple symmetric cryptography to encode files, and resources are available for decryption (Richardson & North, 2017). Humayun et al. (2021) infer that during the 1990s towards the early 2000s, since the emergence of the AIDS Trojan, the cyber-attacks were not prevalent due to the limited use and availability of computers and the internet. Richardson and North (2017) ascertain that until 2005, the second version of ransomware and first-ever modern ransomware was released, Trojan.Gpcoder, also known as GP Code and GPCoder. Humayun et al. (2021) ascertain that Trojan.Gpcoder marked the beginning of robust and more sophisticated cyber-attacks due to the increased use of the internet of things (IoT). Studies confirm that Russian organized criminals developed the early ransomware versions targeting the Russians and neighboring countries such as Belarus and Kazakhstan (Cawley, 2016, as cited in Richardson & North, 2017).
Richardson and North (2017) confirm that in 2006 Trojan.Cryzip was developed as ransomware had begun gaining more traction and included gaining access to the files, copying them to a password-protected archive folder. Additionally, in 2006, also Trojan.Archiveus was developed and on top of the Trojan.Cryzip features, recovery of files involved payment of a ransom. Locker ransomware emerged in 2007 and GPcode.AK appeared in 2008, requiring a ransom of up to $200 to decrypt corrupted files (Richardson & North, 2017). In their study to explore the evolution of ransomware, Richardson and North (2017) ascertain that it is until 2011 that ransomware attacks became more prevalent after the emergence of anonymous payment methods. These attacks began occurring on a large scale with the year 2011 recording approximately 120,000 new ransomware samples (Sjouwerman, 2015, as cited in Richardson & North, 2017).
Richardson and North (2017) demonstrate that time has been a defining factor in the changes or evolution of ransomware attacks. By 2012, ransomware became more sophisticated and uneasy to detect with the emergence of toolkits such as Citadel that produced and distributed ransomware (Segura, 2016). Richardson and North (2017) note that the emergence of another toolkit, Lyposit, in 2012 enhanced the ransomware to pretend to emerge from law enforcement agencies depending on the computer’s regional settings. Scholars confirm that 2013 marked the beginning of the crypto-ransomware after the release of CyptoLocker, which required payments to be completed using the cryptocurrencies such as Bitcoin (Richardson & North, 2017). By 2016, the Federal Bureau of Investigation (FBI) estimates that in the first quarter of 2016 ransomware generated approximately $209,000,000 (Richardson & North, 2017).
Sources of Ransomware
Kapoor et al. (2021) confirm that organizations and individuals suffer from malicious attacks due to their failure to adopt quality cyber-hygiene or online safety, including safe browsing behavior, regular updates of the antivirus software, and creating user awareness. Studies infer that ransomware attacks have been successful for the previous years irrespective of salient measures and protocols due to their widespread sources (Kapoor et al., 2021). Kapoor et al. (2021) identify emails attachments and phishing emails as central sources of ransomware, which entails making the email look like it originated from a trusted source or known sender. Removable media is the second potential ransomware source, considering that people or system users might be interested in USB drives mainly lying-in public places (Tischer et al., 2016, as cited in Kapoor et al., 2021). Lee et al. (2016) found that most businesses that did not disable their USB ports are most likely to be hit by ransomware. Kapoor et al. (2021) confirm malvertising, social media and SMS, and ransomware as a service as other potential sources of ransomware.
Ransomware Operations
Studies confirm that ransomware attacks occur in four successful phases (Hampton et al., 2018). The primary phase of the ransomware attack is the infection where the ransomware is spread into the victim’s device by ensuring that the malware is downloaded into the victim’s machine, mainly dependent on the victims’ overall cyber-hygiene (Kapoor et al., 2021). Hampton et al. (2018) and Kapoor et al. (2021) confirm that after the infection, the second phase of the ransomware operations is the encryption or the locking of the victim’s device or changing the master boot of the business’ device to make it inaccessible by the user.
Next in the ransomware operations is that the attacker makes demand through the screen displays, indicating the ransom amount required from the victim to unlock their device (Hampton et al., 2018). With the rise of cryptocurrency, most attackers demand payments in Bitcoin for ransom, making it hard for law enforcement agencies to trace the attacker based on the transaction (Kapoor et al., 2021). The outcome or the result is the fourth phase of the ransomware operations, which entails the decision to pay or not pay (Kapoor et al., 2021; Hampton et al., 2018). Kapoor et al. (2021) ascertain that three potential outcomes after the ransomware attack include paying the ransom and receiving a decryption key to access the devices, reversing the operations of the attacker and recover files, and not paying the ransom, which can result in permanent data loss or damage of the devices.
Ransomware Attacks on Small Businesses
In an empirical study to explore the severity of ransomware and the factors influencing the organization’s vulnerability, Connolly et al. (2020) confirm that size of the organization does not affect the severity and susceptibility. However, the sector or industry that the organization operates from is highly relevant to these attacks on small businesses (Connolly et al., 2020). Sharton (2021) confirms that organizations must be prepared for malware attacks considering the spiking cases of ransomware attacks. Studies confirm that the shift to remote working due to the pandemic has exponentially increased cyber-attacks (Sharton, 2021). Sharton (2021) ascertains that in 2020 alone, the ransomware attacks were 150% above the previous year’s attacks, and the amount paid by the victims heightened by more than 300% in 2020. Similar to the previous year’s attacks, in 2021, there was a significant increase in ransomware attacks against private companies, including small businesses, municipalities, and critical infrastructures (Sharton, 2021).
A study to explore the increased cases of crypto-ransomware confirms that these malware attacks are changing the overall landscape of cybercrimes (Connolly & Wall, 2019). Connolly and Wall (2019) ascertain that crypto-ransomware has become more complex due to the nuanced connection between technical and human aspects of the attack. Due to the complex relationship between the technical and human features of the ransomware attacks, a simple technological solution would not wipe out the threats related to crypto-ransomware (Connolly & Wall, 2019). The study by Connolly and Wall (2019) notes that after realizing the essence of the IT assets to the businesses, the cybercriminals have explored new measures or cyber-tactics to invade enterprises, especially small-sized enterprises. Sharton (2021) ascertain that there have been significant changes in the deployment of ransomware, which has shown a shift from the traditional access through phishing email to exfiltrating organizational information, which has turned to business for those venturing in the malicious acts. Citing the study’s outcomes by Hiscox, Ltd., Sharton (2021) confirms that 43% of more than 6,000 organizations surveyed have experienced an attack in 2020, and one in six of these attacks was ransomware.
Maurya et al. (2018) ascertain that cyber-security has remained a salient issue in the business fraternity following the rise of computers. In the study to explore the evolution, target, and safety tactics related to ransomware, the outcomes show that ransomware attacks have remained a central means for the attackers to monetize the files on the victims’ electronic gadgets (Maurya et al., 2018). Maurya et al. (2018) provide recent cases of malware attacks such as the attacks on the Bournemouth University in 2016 and the Hollywood Presbyterian Medical Center attack of 2016, which left the latter with a huge of $17,000 or 40 Bitcoin (BTC) for files recovery. As Iovan and Iovan (2016) confirm that all organizations are vulnerable to cyber-attacks, the small-sized enterprises are highly vulnerable due to their system-based inadequacies.
Vulnerability of Small Businesses to Ransomware Attacks
Patterson (2017) notes that small businesses remain the most vulnerable to cyber-attacks for numerous reasons. In a study to explore the cyber-security policies on decision making in small-sized enterprises, Patterson (2017) ascertains that technology comes within the unending instability and ever-changing landscape that makes small businesses more susceptible to these attacks. Small businesses lack stable cyber-security infrastructures to keep up with the cyber-security threats. Citing Shackelford (2016), Patterson (2017) confirms that hackers perceive small businesses or enterprises as the most accessible gateways to the macro-businesses or larger organizations, including the government institutions, due to their close interdependence. Studies note that a critical problem for the small businesses that render them more vulnerable than the larger institutions is the lack of precise approaches for the small business owners to prioritize maintaining some significant levels of sanctity. Shackelford (2016), as cited by Patterson (2017), notes at least 80% of small businesses lack cyber-security policies; they lack effective tactics to make upright decisions to safeguard the organization from cyber-attacks. Similar to the inferences by Patterson (2017) and Shackelford (2016), Iovan and Iovan (2016) ascertain those small businesses are the most vulnerable to cyber-attacks because the owners lack sufficient resources such as cyber-security infrastructures to prevent the attacks.
Studies confirm that even though the internet has hastened the business operations across all sectors, it has also steered significant security risks, especially for the small businesses and enterprises, due to their limited capacity to overcome the threats (U.S. Securities and Exchange Commission, 2015). Patterson (2017) confirms that small businesses lack the resources required to recognize and mitigate cyber-security threats, making them more susceptible to ransomware attacks than large organizations. Li and Liu (2021) ascertain that the internet has played a significant role in global communication and businesses by integrating people’s lives. However, as many organizations operate in cyberspace, they have become more susceptible to malicious attacks to disrupt or destroy organizational operations (Li & Liu, 2021). Government-led studies confirm the need to focus on cyber-security challenges, especially among small and medium-sized businesses, following the enterprises’ vast commitment to internet-based services (U.S. Securities and Exchange Commission, 2015).
The study by the U.S. Securities and Exchange Commission (SEC) (2015) confirms the inference by Shackelford (2016) that there is a strong relationship between the small and large organizations, which criminals use as penetration to attack both the micro and macro-sized organizations. SEC posits that the criminals’ perception that attacks on the small and medium-sized firms will guide their move into the system of the larger organizations due to their interdependence is a leading factor to their vulnerabilities. Additionally, SEC confirms that small-sized firms are susceptible to malicious attacks because they lack robust cyber defense than the larger firms (U.S. Securities and Exchange Commission, 2015). This inference by SEC is congruent to the findings by other studies such as Shackelford (2016), Patterson (2017), and Iovan and Iovan (2016), which confirm that the weaknesses in the systems of the small-sized firms make them more vulnerable to external or malicious cyber-attacks such as ransomware. Additionally, Berry and Berry (2018) confirm that although some small business owners have the crucial resource to manage the potential technological risks, they lack the salient training, procedures, and policies to safeguard their information. As demonstrated by a study by Knutson (2021), small businesses are overwhelmed by cyber-attacks, considering that they have limited resources to detect, prevent and manage these attacks.
Furthermore, the factor that heightens small businesses’ vulnerability is that owners of the small enterprises are primarily unaware of the intensity of the attacks to implement preventive measures (Malecki, 2019). Knutson (2021) confirms that cyber-attacks are detrimental to small-sized organizations, considering their vulnerability to malicious attacks that make the outcomes worse than expected. Griffin Jr. (2021) infers that small businesses or organizations remain vulnerable to malicious attacks because they are often convinced that they are so small to be targeted by cybercriminals. Based on the National Cyber Security Alliance findings, most attacks target small and medium-sized organizations, and at least 60% of them stay out of business for approximately six months after the attack (Griffin Jr., 2021).
The Complexity of the Ransomware Attacks
Studies confirm that as the threats by ransomware grow, so does the list of the criminals or cyber-offenders, alongside the advancement of their victimization techniques (Connolly & Wall, 2019). Connolly and Wall (2019) ascertain that there is an increased sophistication of ransomware attacks, characterized by advancement in their attacking techniques. The ransomware attackers are increasingly incorporating advanced techniques such as powerful botnets adept at sending millions of malicious emails or messages within the shortest time possible (Connolly & Wall, 2019). Additionally, Connolly and Wall (2019) ascertain that some attackers use internet scanners to identify or detect the vulnerable Internet Protocol (IP) addresses, which become the potential victims. In a study to explore the evolution in the ransomware attacks, Kalaimannan et al. (2016) there are significant advancements since the evolution of the CryptoLocker in 2013, which make ransomware so potent to control and conquer. Kalaimannan et al. (2016) confirm that just like the business’s owners, the cybercriminals are refining or improving their business approaches to artifice their targets. Connolly and Wall (2019) ascertain that using anonymized platforms such as the dark web and cryptocurrencies for transactions makes it easier for cybercriminals to cover their digital footprints. Furthermore, it becomes even more complicated for the law enforcement agents to investigate ransomware crimes, as the offenders use strong encryption, making it for the victims to resist the demands of the attackers (Connolly & Wall, 2019). Kalaimannan et al. (2016) and Connolly and Wall (2019) confirm that the complexity of the ransomware makes it more refined for victims to reject the attackers’ demands.
Effects of Ransomware Attacks on Small-Sized Enterprises
Financial Burden on the Small Businesses
In a systematic review conducted by Reshmi (2021), findings indicate that even though there are numerous malicious attacks or malware, ransomware is the most dangerous, considering that it imposes a significant financial burden on the organization. Besides, most of the payments demanded by the attackers are completed through cryptocurrency, which is mainly untraceable by concealing the identity and the location of the attacker (Reshmi, 2021). Connolly and Wall (2019) ascertain that the recovery cost after an organization has been hit by crypto-ransomware is considerable. For instance, the average cost of an attack was $133,000 as per the survey results by Sophos in 2018; organizations experience losses approximately between $13,000 and $70,000, alongside other costs such as the loss of reputation (Connolly & Wall, 2019). Cheng et al. (2017) confirm that financial loss is a primary outcome in the businesses after a ransomware attack, as exhibited in the $100 million loss in the Anthem insurance 2015 ransomware attack.
In a study published by Forbes, Schiappa (2021) confirmed that ransomware attacks may have reduced in terms of the numbers, but their financial implications remain significantly high and drastically increasing. In 2019, the firms that had experienced ransomware attacks incurred average remediation costs of at least $761,000; in 2020, the figure was $1.85 million (Schiappa, 2021). Schiappa (2021) ascertains that in the United States, the victims of ransomware attacks spent a median remediation cost of $2.09 million, marking a rise in the ransoms and payouts demands. Hernandez-Castro et al. (2020) ascertain that the primary aim of ransomware attacks is extortion, from which financial extortion is not an exemption. The studies infer that the firm or organization must incur financial losses to retrieve the corrupted files (Hernandez-Castro et al., 2020). Hernandez-Castro et al. (2020) confirm that the fundamental idea of ransomware is that it entails encrypting files on the computer and demanding ransom. Brewer (2016) ascertains that ransomware has been the greatest cyber-crime in the business world over the years, with the FBI estimating the financial loss to be approximately $1bn in 2016. The basic aspect of ransomware is that if the attack is executed perfectly, the only way to recover files is by paying a ransom and then receiving the required key to decrypt the files (Schiappa, 2021).
Disruption of Work or Operations
Simon (2015) ascertains that ransomware remains an integral threat to small businesses and remains disruptive to their operations due to the limited access to the required files. Cybercriminals use malicious attacks or malware to freeze the computer files, bringing the processes to a stop until the ransom is paid (Simon, 2015). Simon (2015) notes that most small businesses fall victims to ransomware, which appears in the code form that locks their computers, making them inaccessible until they are paid for decryption. Mark Stefanick, the President of Advantage Benefits Solutions, a Houston-based small-sized business, confirms that after an attack on his company was executed, it took just hours for the malicious code to spread through the firm’s server and backup system. It brought the critical functions related to claims information and financial data to a stop (Simon, 2015). Studies confirm that organizations, mainly the victims of ransomware attacks, suffer significant productivity loss and time loss due to the time and tasks required to contain and clear or clean up the attack (Griffin Jr., 2021). Other than the financial loss in terms of ransom, organizations suffer a significant loss in business, which affects the business’s overall productivity (Brewer, 2016).
Legal Liability
Studies confirm that ransomware attacks can result in legal liabilities for failing to meet the contract-related obligations due to the hacking incidents (Trautman & Ormerod, 2018). Experts ascertain that ransomware attacks might result in data loss related to an organization’s salient obligation within a specific time. Therefore, disruption from the cyber-attack that delays or halts the achievement of these obligations might result in legal liability for failing to meet the terms of the contract. Studies ascertain those businesses have a duty of care to other stakeholders and must diligently execute such responsibilities without failing (Trautman & Ormerod, 2018). Therefore, malicious attacks that might lead to disruption of the internal operations pose significant threats related to legal liabilities, requiring compensation or payment of damages for breaching the contract (Trautman & Ormerod, 2018).
Information and Data Security Breaches
Richardson and North (2017) confirm that ransomware is a significant threat to individual and business files, considering that it encrypts organizational or personal files on an infected computer and conceals the decryption keys until the victim pays a ransom. The study by Richardson and North (2017) confirms that organizations and individuals are mainly encompassed with either paying or not paying the ransom depending on the importance of the corrupted files. According to the recent studies by the Security Magazine on the International Data Corporation (IDC), one-third of the global organizations have experienced breach or ransomware attacks that block access to their system or data over the last 12 months (Security Magazine, 2021). Cheng et al. (2017) note that most organizations suffer the significant threat of intention and unintentional data leakage, calling for sufficient mechanisms to inhibit such losses. Experts ascertain that organizations of all sizes must be vigilant on ransomware attacks as the most significant threats to today’s business (Security Magazine, 2021).
Data is one of the organization’s most valuable assets, loss of data control due to a technical breach is a universal issue affecting everyone within the system (Juma’h & Alnsour, 2020). Fagioli (2019) ascertains that the primary focus for the organizations should be recovery, especially the corrupted files, and Reshmi (2021) confirms that loss of information and organizational data is a direct outcome of the ransomware attacks, following the unauthorized encryption of the necessary files by the attackers. Brewer (2016) notes that permanent data loss is a potential outcome after the ransomware attack. In a study to explore the effects of data or information breach on the organization performance, the findings indicate mixed outcomes on the relationship between the breach and value or share of the company (Juma’h & Alnsour, 2020). Juma’h and Alnsour (2020) confirm that companies depend heavily on the technologies and recent digital advancements, meaning that most technical vulnerabilities such as data breaches and loss are inevitable.
Juma’h and Alnsour (2020) establish a link between the data breaches and the economic implications on an organization, especially related to the financial loss in ransom and the work stoppage due to the disruption of the internal operations. Juma’h and Alnsour (2020) confirm that data breaches due to ransomware or other forms of malware indicate deficiency or weaknesses in internal controls, mainly in the IT section, calling for IT controls to mitigate the cyber-incidents to reduce the possibility of data breaches. Juma’h and Alnsour (2020) note that attackers may steal sensitive information for commercial purposes even after a paid ransom. In the study to understand the trending cyber-security threats in health care organizations, the findings show that approximately 1512 data breaches impacted over 154, 415, 257 patient records (Ronquillo et al., 2018). Hacking, which also constitutes ransomware attacks, makes at least 85% of all breaches, which risks salient client information exposure (Ronquillo et al., 2018). Griffin Jr. (2021) confirms that most of the victims of the ransomware attacks learn very late that their systems did not back up their data, and the businesses must painstakingly establish a pathway for finding the paper records to reconstruct its records from scratch. Cheng et al. (2017) ascertain that data leakage is a potential outcome after a ransomware attack. The loss of sensitive information can cause substantial financial and reputational damage to the organization.
Strategies or Measures to Address Ransomware
Tuttle (2020) confirms that addressing cyber threats is a primary function for small businesses, considering ransomware as a central problem to enhance safety and change in the organization. Pope (2016) ascertains that organizations such as health care and health care providers should be concerned about malware attacks such as ransomware and others, irrespective of the organization size. Studies confirm that a primary strategy for addressing ransomware across all organizations is creating awareness that any institution is susceptible to these attacks (Pope, 2016).
Creating Awareness
Pope (2016) confirms that the primary step for preventing ransomware attacks is that these invasions occur at all times, and everyone should take the necessary measures to address challenges as they arise. A report by the Department of Justice (DOJ) of the United States, at least 4,000 ransomware attacks happen every day, a figure that represents a 300% increase between 2015 and 2016 (Pope, 2016). As a result, Pope (2016) acknowledges the need to ensure the system users are aware of the attacks and the risk factors. Tuttle (2020) confirms that organizations must be mindful of the cyber-security matters to address the ransomware attacks to the system users informed and updated on safety-related issues. Similar to the findings by Pope (2016), Tuttle (2020) acknowledges the need for business leaders to set a pathway for learning to mitigate the mistakes that render the systems vulnerable to ransomware attacks.
Studies confirm the need for ensuring all employees receive adequate training on ransomware-related matters (Pope, 2016; Tuttle, 2020). Pope (2016) ascertains a need to train employees on ransomware as part of the awareness plan to understand or know the magnitude of the threat it poses. Tuttle (2020) and Pope (2016) confirm that training and educating the organizational employees on the up-to-date information on matters related to ransomware is a central measure for addressing cybercrimes such as malware attacks. Kapoor et al. (2021) note the need for educating the employees on avoiding emails from unrecognized sources or phishing emails, which are primary pathways for delivering ransomware attacks. Malware detection is a critical training to support within an organization, which entails educating the staff to recognize that links, attachments, and websites can be malicious and should be avoided (Pope, 2016).
Pope (2016) notes that training employees on malware detection entail educating the staff to understand when failure to log in or access specific files results from ransomware attacks. Furthermore, studies acknowledge the need for ransomware prevention training as part of the education program (Pope, 2016). Tuttle (2020) and Pope (2016) note employee training as a critical way for preventing ransomware by reminding the staff to be cautious on the sites they visit and open via the computer. Singh and Sittig (2016) ascertain that training the staff and equipping them with the relevant skills to operate the organizational devices and applications is a significant step for ensuring the safety of the systems from malicious attackers. The findings by Singh and Sittig (2016) confirm the need for making the end-user intelligent about the effective use and management of the organizational system to avoid the potential risks and preventable exposures to malicious attacks.
Integrate Cyber-Threat Intelligence in the Organization
Studies confirm that cyber-threat intelligence for organizations entails adopting a proactive approach for detecting and preventing ransomware attacks before it occurs or spread (Jasper, 2016). Jasper (2016) confirms that cyber-threat intelligence for enhancing organizational safety entails gathering and synthesizing information by the analysts to detect or identify a threat to a specific target. Moore (2016) confirms that overcoming the cyber-threats for an organization requires designing the organizational files such that they are confusing to the hackers to execute their plans successfully. Moore (2016) suggests the need for using the honeypots folder, which acts as the virtual trap for the hackers as the only folder that the ransomware attacks, keeping the firms alert of potential malware. Moore (2016) ascertains that detecting ransomware is a complex task because of its morphing nature, confirms that it has already escaped the perimeter defense such as spam filter or firewall.
Generally, studies ascertain that the overall idea of cyber-threat intelligence for organizations is to be able to recognize and address threats on time (Jasper, 2016). Integrating cyber-threat intelligence for preventing ransomware and other malware attacks in an organization entail fusing human intelligence (HUMINT), open-source intelligence (OSINT), signals intelligence (SIGINT), imagery intelligence (IMINT), measurement, and signature intelligence (MASINT) (Jasper, 2016). Jasper (2016) confirms that cyber-threat intelligence for ransomware prevention and detection entails incorporating information from numerous sources, analyzing the data to detect threats, and establishing potential countermeasures to address cyber-related problems as they arise. Through an article by AllBusiness.com, published by Forbes findings indicate that addressing cyber-attacks through cyber-threat intelligence entails conducting an on-going attack detection, evaluating organizational information for data comprise and compromised credentials.
Edamadaka et al. (2020) confirm that as part of cyber-threat intelligence, machine-learning plays a central function using tools such as intelligent botnets to enhance the safety of the computers at businesses. Machine and its tools play a critical function to inhibit unauthorized access, prevent evasive malware and phishing by examining numerous data to detect and deter hackers’ invasive behaviors (Edamadaka et al., 2020). Gasu (2020) ascertains that cyber-security has evolved for the past decades, suggesting the need for machine learning in the organization information systems to advance communication networks, safe from malware, phishing, intrusion, and illegitimate modification of information.
Conducting Cyber-Security Audit
Azmi et al. (2018) confirm a solid need to promote cyber resilience to enhance cyber-security strategy to secure the organizations’ virtual environment. Studies ascertain that securing the organization’s virtual environment entails governance and effective management of its assets (Azmi et al., 2018). According to the analysis by AllBusiness.com, conducting a cyber-security audit is a central means for preventing ransomware attacks by involving the security auditor to incorporate the threat intelligence that the organization lacks, to improve the IT infrastructure vulnerabilities, and enhance the login credentials. Azmi et al. (2018) reveal that cyber-security audit enhances organizations to record security threats and strengths through current analysis of the audits and logs information based on expert advice.
Findings by Azmi et al. (2018) match the outcomes in Moore (2016), confirming the need for incorporating expertise to detect the vulnerabilities of the system. Singh and Sittig (2016) ascertain that promoting a comprehensive strategy for monitoring suspicious operations or activities within the connected networks is crucial in preventing, mitigating, and recovering from ransomware and other cyber-attacks. Studies note that cyber-security audit entails in-depth surveillance of the system by establishing a network and model for monitoring the user activities to detect suspicious activities such as email messages from the known malicious sources, sudden file changes, and unauthorized encryption of files (Singh & Sittig, 2016). Establishing a salient monitoring mechanism for the organization’s systems makes it easier to detect the potential ransomware attack, respond on time and recover from the potentially lost or corrupted files (Singh & Sittig, 2016).
Kapoor et al. (2021) ascertain that database activity monitoring (DAM) is a salient mechanism for every organization to hinder ransomware attacks by monitoring and analyzing numerous activities within the system. Studies confirm that organizations can inhibit malware attacks by combining network-based surveillance and native audit to establish a comprehensive image of the database operations, enhancing detection and ransomware avoidance plans (Kapoor et al., 2021). Kapoor et al. (2021) suggest static and dynamic analysis for detection; static analysis includes stub examination, static linking, string extraction, and dynamic analysis includes measures such as manual code reversing, manual debugging, and automated sandboxing. Furthermore, business leaders might consider a hybrid analysis which malware reconstruction, malware dump analysis, etc., (Kapoor et al., 2021).
Socio-Technical Strategies: Installation and Configuration of the System
Singh and Sittig (2016) ascertain that after the ransomware attack has been launched, the victims have three options; use their backup to restore data, pay the ransom or permanently lose their data. Studies acknowledge the need for socio-technical approaches, especially in health organizations, to address the socio-technical challenges related to information technology (IT) to prevent, mitigate and recover from ransomware attacks (Singh & Sittig, 2016). Singh and Sittig (2016) suggest salient socio-technical measures to strengthen the computing infrastructures against malicious cyber-attacks.
The study findings by Singh and Sittig (2016) confirm that the primary step for preventing malicious attacks is by ensuring sufficient protection of the system by fitting and configuring the computers and computer networks. As part of the system protection from the losses, studies confirm the need for establishing a regular backup for the data, which is updated frequently and the content stored offline, out of the reach of the ransomware (Singh & Sittig, 2016). Studies confirm that personnel maintaining all the technical resources for the organizations, such as application software, browsers, and antiviruses, alongside other salient digital tools, should ensure that they are tested and updated with the last patches (Singh & Sittig, 2016). Mansfield-Devine (2016) confirms that for practical approaches for addressing ransomware and other potential malware attacks on businesses, it is essential to establish a robust security system on the organization’s network to alleviate the risk of exposure to the malicious attackers. Beaman et al. (2021) confirm that small businesses, especially those in the health industry, must configure or design their systems so that they are impervious to the hackers’ tricks.
Studies suggest the need for hybrid encryption by using symmetric and asymmetric encryption, making it harder for hackers to decrypt and corrupt files (Beaman et al., 2021). Findings by Singh and Sittig (2016) confirm a need for the network engineers in the organization to set and configure a firewall to safeguard the system from unauthorized access by either people or programs. Additionally, segmenting the network into sections such as IT assets and personnel into diverse categories and restricting access to these categories by the use of entry and exit traffic filtering is a salient strategy for the businesses to monitor and censor access to the vulnerable programs, essential in the organization (Singh & Sittig, 2016). Kapoor et al. (2021) confirm that promoting controlled folder access is also crucial for ransomware avoidance, where specific folders or files are mapped with different applications. The system can bar any application absent from the trusted enlisted applications. Singh and Sittig (2016) and Kapoor et al. (2021) have a common finding of restricting access only to the authorized users by building synergy and trust in the network. Kapoor et al. (2021) confirm the need for controlled folder access to creating a honeypot for the functions not incorporated in the trusted application database but trying access to the protected files.
Singh and Sittig (2016) suggest the need for the firms to block the potentially weaponized attachments and limit the system users’ ability to install and run unneeded software using the tenet of minimizing the users’ access to systems and services required in their job. Kapoor et al. (2021) confirm the need for consistent patches and updates as salient ransomware avoidance mechanisms to reduce the system’s vulnerability to the hackers’ operations. Updates are part of the salient malware avoidance option, including updating the browsers and applications integrated within the network (Singh & Sittig, 2016; Kapoor et al., 2021).
Digital Line Protection System (DLPD) Strategies
Cheng et al. (2017) confirm that DLPD strategies for protecting the system against malicious data breaches are categorized into basic security strategies and designated DLPD techniques. Studies confirm that the basic security measures for safeguarding the systems from malicious attacks include but are not limited to establishing the firewall, antivirus software, promoting intrusion detection, controlling access, and encrypting the systems (Cheng et al., 2017). Additionally, DLPD strategies are outstanding in identifying, monitoring, and protecting confidential information from illegitimate access, which leads to leakage of pertinent organizational information (Cheng et al., 2017). DLPD plays a salient role in analyzing the content and the context encompassing the organizational data to detect and safeguard data at diverse stages (Cheng et al., 2017). Szücs et al. (2021) confirm that considering we are in the digital era characterized by vast digital information and data storage, adopting digitized solutions such as Anti-Ransomware Defense System (ARDS) is a priority to detect and address ransomware attacks in an organization.
Cheng et al. (2017) ascertain that DLPD approaches such as context-based analysis help in incorporating digital tools that profile the system users’ behaviors to detect the legitimate insiders and intruders within the system. The context-based approach enhances the system’s ability to detect an abnormal activity to help them differentiate the intruders from the internal users. Furthermore, the content-based strategies under the DLPD strategies help the system profile sensitive information and its patterns such that it can easily detect changes in these patterns to adopt internal safety approaches (Cheng et al., 2017). Generally, Cheng et al. (2017) and Szücs et al. (2021) suggest the need for incorporating digital tools to address technical problems such as malware attacks in an organization.
Attempts by the Small Business to Address the Ransomware
Tuttle (2020) notes that small business leaders use numerous strategies to address the ransomware issue, mainly focused on protecting the information systems from ransomware attacks. The study targeting to explore the salient strategies for small businesses on addressing ransomware divides the potential solutions into three possible themes; 1) ransomware strategy, 2) support structure, and 3) cyber-security awareness (Tuttle, 2020).
Ransomware Strategy
Tuttle (2020) confirms that most small business leaders prefer antivirus as a primary approach for addressing ransomware. According to Bergmann et al. (2018), ransomware strategies adopted by most small business leaders entail salient protective measures that focus on inhibiting the possibility of falling victim to cybercrime. Studies identify some of these protective measures, such as installing the antivirus software, keeping the software up to date, incorporating strong passwords, trashing or deleting suspicious emails and notifications, and authenticating the safety of the websites (Bergmann et al., 2018). Tuttle (2020) ascertains that most participating small business leaders trusted their systems’ antivirus, which provides alerts on potential ransomware attempts. The antivirus alerts on susceptible invasion notify the computer’s users of the need to double-check their information or run a report of possible attacks, which enable their information systems to address problems as they arise (Tuttle, 2020).
Tuttle (2020) confirms that antivirus is a central ransomware strategy for small business leaders for addressing ransomware. Based on the study’s findings, most of the small business leaders’ dependence on the feedback mechanism such as alerts, as a function of the antivirus, aid understand the effectiveness of their antivirus software (Tuttle, 2020). Hampton et al. (2018) confirm that small businesses focus on robust infection analysis for ransomware as a potential approach for detecting potential attacks at the operating system level. Antivirus protection to inhibit risks and possible attacks on small businesses stand out as a central function achieved by analyzing abnormal file activity, detecting unrecognized attempts on the internet connection, and complicated code execution (Hampton et al., 2018).
Generally, studies reveal that using firewalls for connected devices is the central ransomware strategy to keep small businesses safe (Tuttle, 2020). As part of the daily ransomware strategies for small businesses, small business leaders have implemented formal procedures for backing their data regularly, alongside software for allowing only authorized applications to alter the data (Tuttle, 2020). Thomas and Galligher (2018) acknowledge keeping the data back-ups for the organizational data and keeping updates enhance the safety and protection mechanisms for businesses. Tuttle (2020) confirms that the weakness of small business leaders on matters related to data protection is that they are more concerned with safeguarding the local information system instead of focusing on the data or information stored outside their information systems.
Support Structure
Hampton et al. (2018) confirm that victims of ransomware attacks experience four phases of the attacks, which entail infection, encryption or encoding information, demand for a ransom, and results. As a measure to address these potential ransomware attacks, small business leaders “work with either customer support or their peer network for pre-planning or post-incident support” (Tuttle, 2020, p. 80). Tuttle (2020) ascertains that for pre-planning and support after the incidents, the small business leaders depend on vendor-supplied support for peer recommendation. The overall findings of these studies are that small businesses outsource services depending on their information security needs by either working with a security provider or peer network (Tuttle, 2020).
Cyber-Security Awareness
Tuttle (2020) ascertains that cyber-security awareness as a critical strategy for addressing ransomware attacks on small businesses originate from the user-centric approach of the cyber-security strategy, entailing numerous trajectories for learning and sharing information. Nobles (2018) confirms that any cyber-security strategy that does not incorporate the need for user training deviates from addressing the behavioral-based errors that cause successful execution of the ransomware attacks. Tuttle (2020) notes that small business leaders know they need training system users and rely heavily on the peer network for education and direction before the attack or for a reactionary response after a malicious infection.
Studies ascertain that most small business leaders have cyber security training to keep their staff enlightened on matters related to ransomware attacks (Tuttle, 2020). Cyber-security awareness by small business leaders entails education on cautious cyber behaviors such as visiting unfamiliar websites and opening emails from unknown sources (Tuttle, 2020). Tuttle (2020) infers that cyber-security awareness by small businesses is a proactive strategy for keeping the end-users informed and updated on the emerging trends on cyber-related issues.
Internal Impediments to Control Ransomware Attacks
Studies ascertain that irrespective of the vast attempts by small business leaders to control the ransomware attacks, they suffer significant inadequacies such as lack of resources, among others, to address the ransomware challenges (Berry & Berry, 2018). Small businesses lack robust security systems that render them vulnerable to the hackers’ plans (Mansfield-Devine, 2016). More than two-thirds of the cyber-attacks, especially ransomware attacks, target small businesses due to their system and fundamental inadequacies that make them vulnerable to malicious attacks (Van & Code, 2018).
Impediments to Ransomware-Specific Preventive Controls
Virtue and Rainey (2015) acknowledge that preventive controls for businesses or organizations entail the measures implemented before the threat to avoid or reduce the likelihood of a successful attack. Some of the preventive controls recognized in the studies include but are not limited to organizational policies, standards, encryption plans, physical hindrances, firewalls, and procedures (Virtue & Rainey, 2015).
Inconsistent Policy on Cyber-Security
Saber (2016) confirms that an organizational policy on cyber-security matters is a central factor for small businesses to adopt consistent measures to prevent ransomware and other malware attacks. Findings in Saber (2016) show that even though small businesses understand that they are close targets by the cybercriminals, they lack consistent cyber-security policies on best IT practices and build a resilient system. Grossman and Schortgen (2016) ascertain that the lack of organizational policies on cyber-security matters hinders attaining the required professional skills and unique positioning when dealing with the cyber-threats. Additionally, Saber (2016) notes that irrespective of the small businesses’ awareness of their vulnerabilities to cyber-attacks, they disregard the complex and more sophisticated storage options such as cloud computing that impede their preventive strategies. Ursillo Jr. and Arnold (2021) acknowledge the essence of quality policies and processes for proper IT governance to protect the businesses’ IT assets and promote the integrity of their information. Hutchings (2012) effective organizational policies on cyber-security enhance the firm’s preparedness to address potential organizational weaknesses that would threaten the firm’s cyber-security.
Lack of Adequate Training
Patterson (2017) ascertains that cyber-attacks are dominant among small businesses because the staff or employees lack sufficient training to deal with the enterprises’ vulnerabilities by engaging in technology-related activities like electronic commerce. Patterson (2017) acknowledges that the increasing diversity of ransomware attacks and lack of the required competencies to deal with these challenges make small businesses vulnerable to malicious attacks. Hayes et al. (2012) note that small businesses have limited knowledge of the various forms of malware, including Trojan and viruses, making them more vulnerable to ransomware attacks. Hutchings (2012) notes that staff training is a central requirement for keeping employees informed and updated on the quality mechanisms for securing the firm’s resources. Ursillo Jr. and Arnold (2021) confirm that small businesses suffer a challenge of the number of trained personnel with the required knowledge to support the organization’s system on cyber-security matters.
Weak Technical Prevention Measures
Studies confirm that businesses lack the matching technical measures or technologies to enhance the survivability of the small enterprises, which make them vulnerable to ransomware attacks (Cook, 2017). Hutchings (2012) confirms that effective prevention of ransomware and other forms of malware requires robust technical strategies such as keeping the system and its applications automated and up-to-date, and keeping the firewalls enabled, alongside securing the sites used by the firm. Cook (2017) confirms that cyber-criminals are highly reliant on advancing technology, calling for proactive actions that inhibit future cyber-crimes.
Impediments to Ransomware-Specific Detective Controls
Virtue and Rainey (2015) ascertain that detective controls for the organization entail the measures or strategies designed to discover a threat as it occurs and help during the investigation and audits after the occurrence of the threat. Such detective controls include but are not limited to host and network invasion detection, antivirus identification for identifying malicious codes, and security events monitoring (Virtue & Rainey, 2015).
Lack of Sophisticated Security Strategies
Griffin Jr. (2021) points out that small businesses remain vulnerable to malicious attacks, especially ransomware because they lack adequate resources to monitor and detect malicious code before it is executed. Hayes et al. (2012) confirm that small businesses do not have the sophisticated security abilities to safeguard the computer systems against the evolving ransomware attacks. Studies confirm that some businesses lack sophisticated cyber-security strategies because they rely on free software, which could also be malicious (Ursillo Jr. & Arnold, 2021). Ursillo Jr. and Arnold (2021) ascertain that to enhance the business safety and effective detection of cybercriminals, businesses must consider incorporating the well-managed system using an in-depth defense strategy by sourcing premium software services from reputable vendors.
Most small businesses rely on free software from unknown vendors, which can be malicious and affects the company’s system without being detected (Ursillo Jr. & Arnold, 2021). Ursillo Jr. and Arnold (2021) affirm that failure to source the premium software services from the known vendors; small businesses miss the daily automatic database update, hence losing their protection as new malicious software emerges. Additionally, Saber (2016) confirms that small businesses rely on a simple mechanism that is easily permeated by cyber-criminals; the findings confirm that most small businesses do not use cloud computing services to alleviate their burden of protecting their data and need for constructing its house corporate servers. Businesses require sophisticated physical security, such as restricting access to IT resources (Hutchings, 2012). Van and code (2018) infer that due to the sophistication of the cybercriminals and lack of the same prowess by the small businesses, the latter suffers losses for failed detection mechanisms.
Impediments to Ransomware-Specific Corrective Controls
Virtue and Rainey (2015) confirm that corrective controls are the measures established by individuals and organizations to mitigate or bar the possible effects of a threat event to recover for normal operations. Some of the corrective controls for businesses include but are not limited to automated removal of malicious code using antivirus software, continuity and recovery plans for the business (Virtue & Rainey, 2015).
Lack of Continuity and Recovery Plans for Small Businesses
Studies confirm that most small businesses lack the financial resources enough to recover from the monetary losses incurred after a malware attack (Hayes et al., 2012). Griffin Jr. (2021) affirms that the financial resources help the firms recover the lost files by paying the ransom and resuming from disruptions; however, small businesses lack adequate resources to recover immediately after the ransomware attack. Griffin Jr. (2021) confirms that most small businesses lack sufficient recovery and continuity measures, considering that at least 60% of them stay out of business for at least six months after the ransomware attack.
Search Strategies, Engines, and Databases
For this study, the databases and search engines used included Google Scholar, Microsoft Academic, Computing Research Repository (CoRR), CiteSeerX, ProQuest, and Google for professional publications. Search parameters used include cryptography, cyber-attacks, cybercrime, and cyber-security, alongside other combinations of those search terms AND small businesses, prevention, cyber crisis management, or cyber-defense. In selecting the studies, the scholarly peer-reviewed and professional publications were chosen for the last 9 years. However, more than 90% of the selected publications are current, published in the previous 5 years.
According to Leukfeldt and Yar (2016), routine activity theory is a criminological theory essential for exploring cybercrimes and victimization. Cohen and Felson (1979) constructed the routine activity theory to define crime as an event occurring in space and time. The routine activity theory is selected for this study because small businesses can use the theory to establish effective protection against ransomware attacks. The routine activity theory forms the foundation of this study’s conceptual framework as it relates to the approaches for establishing prevention approaches to address the victims and attackers on the matters regarding ransomware. Cohen and Felson (1979) provide three critical constructs of the routine activity theory as 1) a motivated or potential offender, 2) suitable target, and 3) absence of protection. Cohen and Felson (1979) define a motivated offender as an individual capable of executing a crime or criminal activity. A suitable target is an individual or property, which a potential offender can damage or threaten easily. The absence of protection or lack of guardianship means the unavailability of a guardian who can inhibit or prevent a crime from occurring (Cohen & Felson, 1979). As part of the routine activity theory assumptions, Cohen and Felson (1979) assume that the risk of victimization by a criminal varies depending on the circumstances and location. Another assumption of this theory is that the target suitability influences the happenings of direct predatory violations (Cohen & Felson, 1979).
Cohen and Felson (1979) are recognized as the original authors of the routine activity approach, defining the circumstance by which offenders execute a crime instead of emphasizing the offender’s characteristics. After the formulation by the dual, the routine activity theory was later developed by Felson, focusing on studying crime as an event by recognizing the space and the time aspect of crime, alongside its ecological nature (Miró, 2014). Miró (2014) ascertains that in the initial formulation of the theory, the initiators acknowledged that patterns of daily operations could explain the emergence of crime. Later the rose two aspects related to crime; occurrence of crime may depend on the configuration of diverse elements of the criminal, and the absence of either the aggressor or target would prevent a possible crime (Miró, 2014). These findings are congruent with the assertions by Tuttle (2020), confirming that the occurrence of crime is an interplay of multiple factors such as the presence of an aggressor, target, and lack of protection, whereby removal of one factor can successfully prevent the crime from occurring. Therefore, the routine activity approach forms the background of this study’s framework. Incorporating the conceptual framework will lead to a better understanding of the study outcomes because a successful ransomware attack requires a ransomware offender, the target of the cyber-attack, and the lack of protection or safety mechanisms against the attack that causes damage. Tuttle (2020) establishes a relationship between the key constructs of the routine activity theory occurrence of a ransomware attack requires a potential cyber-attackers and suitable target or the organization system. Sufficient protection inhibits the actors or cyber-attackers from compromising the robust system, and the absence of adequate protection empowers the perpetrators to corrupt the system (Tuttle, 2020). The conceptual framework provides a salient opportunity to understand the appropriate managerial functions to protect the system against cyber-attacks by addressing all internal impediments to ransomware-specific preventive, detective, and corrective controls.
Numerous studies use the routine activity approach similarly to explore the aspects of cyber-attacks as a modernized criminal activity. Tuttle (2020) successfully uses this approach to construct a quality conceptual framework to salient strategies for the small business leaders to solve the ransomware problem. Reyns (2017) also uses the routine activity theory to construct a literature review on the matters related to cyber-crime. Reyns (2017) uses the theory to define the occurrence of cybercrimes and victimization as successful exploitation of the available opportunities by a cybercriminal. Based on this theory, studies confirm the need to provide capable guardianship to eliminate the potentially motivating factors or opportunities to cyber-crime. Similarly, Kigerl (2011) uses the routine activity theory to explore the determinants of the crimes, revealing crime occurrence as a relationship between factors such as unemployment, internet use, among other pertinent characteristics.
Reyns and Henson (2015) utilize routine activity theory to establish a link between the routine online activities of the victims and their likelihood of experiencing identity theft. The study’s findings indicate that some of the routine activities by the victims have a direct influence on the possibility of online identity theft. Additionally, Paek and Nalla (2015) used the theory to establish positive relationships between online activities and possible online victimization. Using the routine activity theory, Brady et al. (2016) confirm that a substantial proportion of businesses experience regular cyber-attacks.
Alternatives to the routine activity theory include lifestyle theory, which entails the researchers accounting for the individuals’ behaviors to predict a system user becoming a potential victim of a malicious attack (Pratt & Turanovic, 2016). Tuttle (2020) acknowledges the likelihood of lifestyle theory directing the probability of an individual or a firm becoming a target of an attack based on their online behaviors. However, the routine activity theory remains outstanding for this study’s selection due to its ability to explain how and why crimes happen within the physical space. Furthermore, Tuttle (2020) confirms that routine activity theory creates a critical opportunity to understand and redesign the physical environment to deter criminal behavior. Besides, the routine activity theory helps identify the spatial decision-making of a criminal.
The routine activity theory relates to the study exploring the ransomware attacks on small businesses as an event occurring of the hindrances on the ransomware-specific preventative, detective, and corrective controls. This theory explains crime as an interaction between three factors: the potential offender, target, and lack of protection (Tuttle, 2020), allowing small business leaders to focus on the measures that prevent ransomware infections. Therefore, this framework provides a chance for understanding the factors steering victimization and later altering these factors to solve the ransomware problem. Generally, the routine activity theory provides critical constructs for exploring the impediments to achieving quality controls as a central role for small business leaders to develop effective strategies for addressing ransomware threats. This selection guided the development of the dissertation’s crucial parts, including the problem and purpose statements and research questions by exploring victimization as a collaboration between related factors and solving the problem depending on the removal of these factors. Therefore, this framework would help understand the essential preventive, corrective, and detective controls that would directly influence change in the cyber-security realm by altering the patterns of the interdependent factors.
Synthesis and Analysis of the Literature
Studies on ransomware, especially in small businesses, generally provide an in-depth understanding of the contributing factors to the business’s vulnerability to malicious attacks. Recent studies such as Tuttle (2020), Udofot and Topchyan (2020), Berry and Berry (2018), and Mansfield-Devine (2016) provide in-depth, solid analysis of the small businesses’ vulnerability to malicious attacks, confirming that the available evidence is undisputable that they lack crucial resources to address their inadequacies. Additionally, studies provide generalizable findings, considering the similarity in their inference on the impediments to achieving safety on cyber-security matters, especially in the small business realm. Simon (2015), among other studies like Griffin Jr. (2021) and Brewer (2016), point out central arguments that small businesses face similar problems when addressing cybercrime. Studies provide generalizable outcomes on the impairment to ransomware-specific controls, recognizing that inconsistency, lack of resources, administrative and technical weaknesses as fundamental causes of these failures (Hutchings, 2012; Ursillo Jr. & Arnold, 2021; Cook, 2017; Saber, 2016; Virtue & Rainey, 2015). Tuttle (2020), Jasper (2016), Singh and Sittig (2016) point out reliable and versatile findings on the successful measures to addressing ransomware through training, technical prowess, and governance. However, most studies adopt the qualitative nature, making them susceptible to insufficient evidence to make population-level inferences.
Generally, most studies agree on the need for safety tactics for all businesses to address the evolving ransomware and other malware attacks. Based on the outcomes of the literature, there is sufficient and congruent evidence from the diverse studies indicating substantial convergence on the findings of the studies. Certainly, Lee et al. (2016), Kapoor et al. (2021), and Tischer et al. (2016) provide convergent findings on the sources of ransomware, pointing out poor cyber-hygiene as a central origin. Furthermore, more studies acknowledge that small businesses are not well equipped to address ransomware attacks due to their structural, technical, and administrative weaknesses that render them susceptible to cyber-attacks (Patterson, 2017; Shackelford, 2016; Iovan & Iovan, 2016; Knutson, 2021). These studies confirm a central point of convergence that small businesses are vulnerable to cyber-attacks compared to large organizations, calling for stringent measures to enhance their responses to cyber-crime. Contrary to past findings showing that small businesses are easily preyed on by cyber-criminals, Connolly et al. (2020) provide a critical point of divergence that organizational size does not affect the severity and susceptibility to cyber-crime.
On the issues related to the authority of the sources used in this study, the sources have been selected from credible, reliable scholars, website domains and address cyber-security as a central point of argument in the research. Notably, the sources are relevant because they directly address the small businesses and small enterprises leaders as the key audience for this study’s findings. Therefore, the information and context need have been met sufficiently to address the audience’s interests, which include knowing the weaknesses of the small businesses and approaches for addressing the cyber-crime in their operations. Selection bias is a common problem in these studies, considering their reliance on non-probabilistic techniques. However, some studies, such as Tuttle (2020), have sought to address this bias successfully by saturating data through triangulation approaches and member checking.
Table 1. Summary of Selected 5 Studies
Study Methodology Sample Instruments/Constructs Main findings or contribution
Tuttle (2020) Qualitative method – Multiple case studies 5 Business owners Semi-structured interviews
Company documents
Archival records Ransomware strategy, support structure, and awareness of cyber-security enhance the prevention of ransomware victimization.
Connolly et al. (2020) Mixed-Method – exploratory sequential design 55 ransomware cases from 50 firms Questionnaire and interview Organizational size has no impact on the severity of a cyber-attack; instead, the firm’s security posture influences the level of severity. Attacks directed at specific victims are more damaging than opportunistic ones.
Moore (2016) Experimental research design 1000 file changes Experiment The tripwire files provided limited value since there was no means to influence malware to access the monitored files.
Singh & Sittig (2016) Qualitative method N/A Systematic reviews Firms must support reliable defense systems, incorporate user-focused strategies and monitor the computer and network use in the organization.
Saber (2016) Qualitative exploratory case study 5 small business leaders for questionnaire and 3 for interviews Open-ended questionnaire, semi-structured interviews and company documents review Small businesses must have a goal and tactical approach and promote employee training on cyber-security strategies.
Summary
The literature review marks the second section or chapter of this study, providing quality and reliable evidence on the ransomware incident in small businesses. This section covers the overall evolution of ransomware, accounting for the factors that keep it more sophisticated for small businesses. Besides, this section addresses resources on the sources of ransomware, how it operates, reviews the ransomware attacks on small businesses, and the factors that make them vulnerable to the attacks. Studies reveal a widespread effect of ransomware attacks ranging from financial, legal, disruption of work, and data breach. Over the years, ransomware has experienced profound changes, making these attacks almost invisible or impossible to detect.
Furthermore, the vast sources of ransomware make it available and easy to launch to the unsuspecting victims. The vulnerability of small businesses to malware attacks such as ransomware results from its limited capability in terms of resources as the ransomware evolves steadily (Iovan & Iovan, 2016; Patterson, 2017; Shackelford, 2016). Furthermore, small-sized firms are susceptible to malicious attacks because they lack robust cyber defense than the larger firms. Lack of reliable defense mechanisms and ransomware complexity makes small enterprises more vulnerable. As a result, small businesses will likely suffer financial loss, work disruptions, legal liabilities, and data breaches or information loss. Thus, creating awareness, integrating cyber-threat intelligence, cyber-threat audit, socio-technical approaches, and DLPD are preferable strategies to alleviate the risk of ransomware attacks.
Additionally, numerous resources agree on salient means for addressing ransomware and the recent attempts by small businesses to reach the safety level of large businesses. However, a key point of divergence is that some studies reveal no relationship between the size of the firm and the vulnerability to cyber-attacks. As a result, numerous studies explore the weaknesses of small businesses in addressing the ransomware problem, but they fail to address the ransomware-specific preventive, detective, and corrective controls that provide a gap for this study to examine what impedes the perfect establishment and implementation of these controls. The routine activity theory is selected for the framework, and this section concludes with a synthesis and analysis of primary sources.
Chapter 3: Research Method
Introduction
Exploration of this research requires a salient approach for collecting in-depth insights from a small sample size. It is the third section of this research paper, targeting to incorporating methods for data collection, essential for attaining quality and reliable study. It is necessary to acknowledge the problems encompassing small businesses or enterprises related to their increased vulnerabilities to ransomware attacks, considering that they have remained the primary targets of the malicious hackers. Nevertheless, this research will collect data to aid small businesses in identifying impediments to preventative, detective, and corrective controls to close the systemic loopholes and enhance the system’s safety. This study will adopt a qualitative research method and specifically a case study design, targeting the small businesses as the central focus of the research. Furthermore, the chapter of this study will include components related to the population, sample, instruments, procedures of the study, data analysis, assumptions, limitations, delimitations, ethical concerns, and the summary.
Research Methodology and Design
This study adopts a qualitative research methodology and case study as the research design, preferable to address the current situation of ransomware vulnerability in small enterprises. Studies confirm that qualitative research methodology is applicable when the study focuses on answering questions on experiences, opinions, and perceptions, often from the participants’ standpoint (Aspers & Corte, 2019). Similarly, this research focuses on the experiences of the small business enterprises with ransomware attacks, making a qualitative methodology the most preferable. Besides, this research aims to obtain in-depth insights to answer the research questions satisfactorily, making a qualitative approach preferable to provide details. It is crucial to note that the study problem, purpose, and research questions integrate a more subjective experience with ransomware, confirming the need for a qualitative approach to generate understanding through detailed descriptions.
Additionally, studies ascertain that a case study design in qualitative research helps explore a phenomenon within a specific context from various lenses (Rashid et al., 2019). Therefore, a case study design is preferable in this research. The research’s purpose, questions, and problem point out the prevalence of the phenomenon (ransomware) in small business enterprises more than in any other place. Therefore, a case study design is an approach to contextualize the phenomenon within the spheres of small businesses.
A quantitative research methodology would make a salient alternative for the qualitative research, but it was declared ineffective since it does not incorporate an interpretation of the participants’ experiences. Apuke (2017) confirms that quantitative research contains quantifiable variables to derive numerical data. As a result, since this research focuses on experiences and individual opinions, the variables are unmeasurable, making this quantitative methodology less appropriate. A correlational design would be less suitable for this research considering that there are no variables to connect or explore their relationships. Apuke (2017) ascertains that survey research design is inflexible, making it less preferable for this research, considering that this study requires incorporating changes in the research as they arise to obtain information in detail.
Population and Sample
The target population for this study is the small businesses or enterprises, considering that they are the most vulnerable to the problem addressed in this research, ransomware attacks on businesses. This research seeks to conclude a population of over 31.7 million small enterprises in the United States. The significant characteristics of the population include businesses not having more than 19 employees and with low annual returns. This population is appropriate considering that the problem explored, ransomware in business, is predominant in a small business environment, making them a vulnerable victim to the problem. As a result, this population provides a salient platform for exploring the ransomware challenge from system inadequacies to address the research questions.
The sample of 30 small businesses that have experienced a cyber-attack for the last four years will be obtained from the large population identified above. This sample is appropriate for the study to provide insights from experience and authentic encounters with the explored problem. A purposive sampling technique is preferred for this study to identify and select information-rich cases related to ransomware attacks on small businesses. Vehovar et al. (2016) confirm that purposive sampling, also referred to as judgmental sampling, entails incorporating the researcher’s arbitrary ideas seeking a representative sample. Therefore, purposive sampling is appropriate for this research to obtain representative data by relying on personal knowledge of the small businesses that have had cyber-attacks recently. The data saturation will be attained by stretching the diversity of the data and analyzing the responses. When the same comments are repeated more than ten times, saturation will be reached, and data collection can be stopped. Information is analyzed with the collected information. The recruitment of the participants will be conducted by using the SurveyMonkey paid services to obtain survey panelists or small businesses respondents to respond to the provided questions. From the selected enterprises, the data will be obtained from primary research entailing an examination of the sample population to establish their experiences with the system’s inadequacies.
Materials or Instrumentation
An open-ended questionnaire (Appendix A) will be used to obtain data on experiences with ransomware attacks and impediments to effective prevention, detection, and correction. Allen (2017) confirms that open-ended questionnaires allow for a comprehensive and holistic approach for the researchers to permit respondents to provide opinions. It allows for diverse data by permitting extra details to qualify and clarify responses to build on accurate and actionable insights for the researcher. Admission of the interpreter’s perceptual presuppositions constitutes a salient option with the open-ended questionnaire to enhance validity. Additionally, an online pilot testing will be conducted for this research to pre-test the components of the questionnaire to establish the feasibility of the study process.
Study Procedures
The open-ended questionnaires will be submitted to SurveyMonkey through the paid services to obtain survey panelists from their list of small businesses respondents. The SurveyMonkey services will constitute a primary approach for primary data collection, through the selected respondents. The feedback will be expected after 14 days of completing the survey. The topmost representatives of the selected enterprises will be responsible for the responses, although it is up to them, they can consider delegating this function. Some of the critical data collected include the most recent hack or cyber-attack related to ransomware on the business and the losses incurred. Other data collected include the measures the business is adapting to inhibit future attacks, alongside information on the impediments of applying ransomware-specific preventative, detective, and corrective controls.
Data Analysis
This research will adopt a narrative analysis to analyze data collected by translating the survey responses to abstract findings by establishing core points or sub-topics of the narrative based on the participant’s experiences. Data will be processed in terms of narrative blocks from which the research will build subtopics based on experiences with ransomware for every organization. The narrative analysis adopted for this research entails collecting data, writing the findings, reviewing and analyzing them based on the research questions. For triangulation efforts, this research will also incorporate information from secondary sources to enhance a comprehensive understanding of the explored phenomena by testing validity through the convergence of the findings from diverse sources. Additionally, the literature review findings will constitute a critical approach for supplementing the primary outcomes. The research will be responsible for accessing thoughts and perceptions of the study participants’ feelings. Furthermore, the research is obliged to ensure the confidentiality and safety of the participants and their data.
Assumptions
The participants will provide honest responses because this research entails collecting internal business operations and will focus on alleviating raising issues of safety and confidentiality of the data. As a result, this assumption incorporates the assertion that respondents will not lie. The previous ransomware attacks resulted in losses – this study examines the systemic inadequacies, making this assumption necessary to select only small businesses that did not overcome the attack.
Limitations
Time constraints due to the detailed responses from the open-ended questionnaires are critical limitations of this study. Measures to mitigate this limitation entail effective planning to assign adequate time to collect and analyze the data. The sample size will be small, limiting the generalizability of the research. As a result, triangulation, which entails data collection using more than one approach, that is, literature review to ensure convergence of evidence, is preferred in this study.
Delimitations
I did choose purposive sampling for this research to obtain in-depth insights and details of the experiences from the representative sample. This decision relates to the purpose statement on the need to incorporate individuals’ subjective thoughts in problem-solving. Sim et al. (2018) acknowledge the need to obtain in-depth insights to account for subjective experiences from the participants. Larger businesses are excluded from this research since they have the capacity and resources to mitigate these challenges, hindering an Assessment of the roles of systemic incapability. This decision relates to the existing literature confirming that larger enterprises prevent these challenges before they happen, motivating a shift to small businesses (Tam et al., 2021).
Ethical Assurances
It is essential to acknowledge that this research will receive approval from the Northcentral University’s Institutional Review Board (IRB) before data collection. Besides, this research will incorporate numerous ethical assurances, including informed consent, by presenting an informed consent form to the participating enterprises, highlighting the research’s purpose. This research will be guided by voluntary participation, where responses to the survey will be at the enterprise’s preferences, choosing to withdraw their participation any time they feel uncomfortable proceeding. All personal identifying information, such as the name of the enterprises, will be de-identified and instead, use pseudonyms to promote confidentiality. Thus, the risk to participants will be minimal in this study. Completed surveys will be encrypted to ensure safe data and ensure it is not used illegitimately. Problems anticipated include but are not limited to time constraints and subjectivity in sampling. Effective time management, event scheduling, and sending the results’ analysis to the participants to confirm accuracy are vital options for overcoming these problems. Therefore, ensuring that participants’ responses are reviewed equally will constitute an adequate approach for addressing the selection bias.
Summary
This research method chapter points out essential elements related to the saliency of this study. The study will incorporate a qualitative research methodology and case study design to explore the impediments towards applying ransomware-specific preventative, detective, and corrective controls. A target population of small businesses and a sample of 30 enterprises are selected to provide insights out of the experience and authentic encounters with cyber-attacks. Salient elements discussed include ethical concerns, assumptions, delimitations, and limitations. Open-ended questionnaires will be used for instrumentation, and narrative analysis will be essential for the data analysis. Therefore, this research will explore the research findings related to the presented questions in chapter one in chapter four.
Chapter 4: Findings
Begin writing here…
Checklist:
☐ Begin with an introduction and restatement of the problem and purpose sentences verbatim and the organization of the chapter.
☐ Organize the entire chapter around the research questions/hypotheses.
Trustworthiness/Validity and Reliability of the Data
Begin writing here…
Checklist:
☐ For qualitative studies, clearly identify the means by which the trustworthiness of the data was established. Discuss credibility (e.g., triangulation, member checks), transferability (e.g., the extent to which the findings are generalizable to other situations), dependability (e.g., an in-depth description of the methodology and design to allow the study to be repeated), and confirmability (e.g., the steps to ensure the data and findings are not due to participant and/or researcher bias).
☐ For quantitative studies, explain the extent to which the data meet the assumptions of the statistical test and identify any potential factors that might impact the interpretation of the findings. Provide evidence of the psychometric soundness (i.e., adequate validity and reliability) of the instruments from the literature as well as in this study (as appropriate). Do not merely list and describe all the measures of validity and reliability.
☐ Mixed methods studies should include discussions of the trustworthiness of the data as well as validity and reliability.
Results
Begin writing here…
Checklist:
☐ Briefly discuss the overall study. Organize the presentation of the results by the research questions/hypotheses.
☐ Objectively report the results of the analysis without discussion, interpretation, or speculation.
☐ Provide an overview of the demographic information collected. It can be presented in a table. Ensure no potentially identifying information is reported.
Research Question 1/Hypothesis
Text…
☐ Report all the results (without discussion) salient to the research question/hypothesis. Identify common themes or patterns.
☐Use tables and/or figures to report the results as appropriate.
☐ For quantitative studies, report any additional descriptive information as appropriate. Identify the assumptions of the statistical test and explain how the extent to which the data met these assumptions was tested. Report any violations and describe how they were managed as appropriate. Make decisions based on the results of the statistical analysis. Include relevant test statistics, p values, and effect sizes in accordance with APA requirements.
☐ For qualitative studies, describe the steps taken to analyze the data to explain how the themes and categories were generated. Include thick descriptions of the participants’ experiences. Provide a comprehensive and coherent reconstruction of the information obtained from all the participants.
☐ For mixed methods studies, include all of the above.
Figure 1. Insert Figure Title Here
Assessment of the Findings
Begin writing here…
Checklist:
☐ Interpret the results in light of the existing research and theoretical or conceptual framework (as discussed in Chapters 1 and 2). Briefly indicate the extent to which the results were consistent with existing research and theory.
☐ Organize this discussion by research question/hypothesis.
☐ Do not draw conclusions beyond what can be interpreted directly from the results.
☐ Devote approximately one to two pages to this section.
Summary
Begin writing here…
Checklist:
☐ Summarize the key points presented in the chapter.
Chapter 5: Implications, Recommendations, and Conclusions
Begin writing here…
Checklist:
☐ Begin with an introduction and restatement of the problem and purpose sentences verbatim, and a brief review of methodology, design, results, and limitations.
☐ Conclude with a brief overview of the chapter.
Implications
Begin writing here…
Checklist:
☐ Organize the discussion around each research question and (when appropriate) hypothesis individually. Support all the conclusions with one or more findings from the study.
☐ Discuss any factors that might have influenced the interpretation of the results.
☐ Present the results in the context of the study by describing the extent to which they address the study problem and purpose and contribute to the existing literature and framework described in Chapter 2.
☐ Describe the extent to which the results are consistent with existing research and theory and provide potential explanations for unexpected or divergent results.
☐ Identify the most significant implications and consequences of the dissertation (whether positive and/or negative) to society/desired societal outcomes and distinguish probable from improbable implications.
Research Question 1/Hypothesis
Text…
Recommendations for Practice
Begin writing here…
Checklist:
☐ Discuss recommendations for how the findings of the study can be applied to practice and/or theory. Support all the recommendations with at least one finding from the study and frame them in the literature from Chapter 2.
☐ Do not overstate the applicability of the findings.
Recommendations for Future Research
Begin writing here…
Checklist:
☐ Based on the framework, findings, and implications, explain what future researchers might do to learn from and build upon this study. Justify these explanations.
☐ Discuss how future researchers can improve upon this study, given its limitations.
☐ Explain what the next logical step is in this line of research.
Conclusions
Begin writing here…
Checklist:
☐ Provide a strong, concise conclusion to include a summary of the study, the problem addressed, and the importance of the study.
☐ Present the “take-home message” of the entire study.
☐ Emphasize what the results of the study mean with respect to previous research and either theory (PhD studies) or practice (applied studies).
References
Azmi, R., Tibben, W., & Win, K. T. (2018). Review of cybersecurity frameworks: Context and shared concepts. Journal of Cyber Policy, 3(2), 258-283. https://doi.org/10.1080/23738871.2018.1520271
Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., & Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & Security, 111, 102490. https://doi.org/10.1016/j.cose.2021.102490
Bergmann, M. C., Dreißigacker, A., Von Skarczinski, B., & Wollinger, G. R. (2018). Cyber-dependent crime victimization: The same risk for everyone? Cyberpsychology, Behavior, and Social Networking, 21(2), 84-90. https://doi.org/10.1089/cyber.2016.0727
Berry, C. T., & Berry, R. L. (2018). An initial assessment of small business risk management approaches for cyber security threats. International Journal of Business Continuity and Risk Management, 8(1), 1. https://doi.org/10.1504/ijbcrm.2018.10011667
Brady, P. Q., Randa, R., & Reyns, B. W. (2016). From WWII to the world wide web: A research note on social changes, online “places,” and a new online activity ratio for routine activity theory. Journal of Contemporary Criminal Justice, 32(2), 129-147. https://doi.org/10.1177/1043986215621377
Brewer, R. (2016). Ransomware attacks: Detection, prevention and cure. Network Security, 2016(9), 5-9. https://doi.org/10.1016/s1353-4858(16)30086-1
Cawley, C. (2016). A history of Ransomware: Where it started & where it’s going. http://www.makeuseof.com/tag/history-ransomware-russia-reveton/
Chen, J. (2016). Cyber security: Bull’s-eye on small businesses. Journal of International Business and Law, 16(1), 97-118. https://scholarlycommons.law.hofstra.edu/cgi/viewcontent.cgi?article=1309&context=jibl
Cheng, L., Liu, F., & Yao, D. D. (2017). Enterprise data breach: Causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5), e1211. https://doi.org/10.1002/widm.1211
Cohen, L. E., & Felson, M. (1979). Social change and crime rate trends: A routine activity approach. American Sociological Review, 44(4), 588-608. https://doi.org/10.2307/2094589
Connolly, L. Y., & Wall, D. S. (2019). The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasures. Computers & Security, 87, 101568. https://doi.org/10.1016/j.cose.2019.101568
Connolly, L. Y., Wall, D. S., Lang, M., & Oddson, B. (2020). An empirical study of ransomware attacks on organizations: An assessment of severity and salient factors affecting vulnerability. Journal of Cybersecurity, 6(1). https://doi.org/10.1093/cybsec/tyaa023
Cook, K. D. (2017). Effective cyber security strategies for small businesses (Doctoral dissertation, Walden University).
de Melo, S. N., Pereira, D. V., Andresen, M. A., & Matias, L. F. (2018). Spatial/temporal variations of crime: A routine activity theory perspective. International journal of offender therapy and comparative criminology, 62(7), 1967-1991.
Dhinnesh, N. (2020). Analysis of ransomware and its prevention. Global Research and Development Journal For Engineering, 5(3), 1-4.
Edamadaka, G., Chowdary S., Sobhana, M., & Santhi, T. (2020). A Comparative Study On Cyber Security Techniques Using Machine Learning. PalArch’s Journal of Archaeology of Egypt/Egyptology, 17(9), 8682-8687.
Fagioli, A. (2019). Zero-day recovery: The key to mitigating the ransomware threat. Computer Fraud & Security, 2019(1), 6-9. https://doi.org/10.1016/s1361-3723(19)30006-5
Flick, U. (2018). An introduction to qualitative research. SAGE.
Gasu, D. K. (2020). Threat detection in cyber security using data mining and machine learning techniques. Modern Theories and Practices for Cyber Ethics and Security Compliance, 234-253. https://doi.org/10.4018/978-1-7998-3149-5.ch015
Griffin Jr., J. (2021, November 17). Ransomware leaves small businesses vulnerable, not defenseless. Forbes. https://www.forbes.com/sites/forbesbusinesscouncil/2021/11/17/ransomware-leaves-small-businesses-vulnerable-not-defenseless/?sh=e6b85374d9d5
Grossman, M., & Schortgen, F. (2016). Building a national security program at a small school: Identifying opportunities and overcoming challenges. Journal of Political Science Education, 12(3), 318-334. https://doi.org/10.1080/15512169.2015.1103653
Hampton, N., Baig, Z., & Zeadally, S. (2018). Ransomware behavioural analysis on Windows platforms. Journal of Information Security and Applications, 40, 44-51. https://doi.org/10.1016/j.jisa.2018.02.008
Hayes, T., Tanner, M., & Schmidt, G. (2012). Computer security threats: Small business professionals’ confidence in their knowledge of common computer threats. Advances in Business Research, 3(1), 107-112.
Hennink, M., Hutter, I., & Bailey, A. (2020). Qualitative research methods. SAGE.
Hernandez-Castro, J., Cartwright, A., & Cartwright, E. (2020). An economic analysis of ransomware and its welfare consequences. Royal Society Open Science, 7(3), 190023. https://doi.org/10.1098/rsos.190023
Holt, T. J., Leukfeldt, R., & van de Weijer, S. (2020). An examination of motivation and routine activity theory to account for cyberattacks against Dutch web sites. Criminal Justice and Behavior, 47(4), 487-505.
Humayun, M., Jhanjhi, N., Alsayat, A., & Ponnusamy, V. (2021). Internet of things and ransomware: Evolution, mitigation and prevention. Egyptian Informatics Journal, 22(1), 105-117. https://doi.org/10.1016/j.eij.2020.05.003
Hutchings, A. (2012). Computer security threats faced by small businesses in Australia. Trends and issues in crime and criminal justice, (433), 1-6.
Iovan, S., & Iovan, A. A. (2016). From cyber threats to cyber-crime. Journal of Information Systems & Operations Management, 425. https://www.rebe.rau.ro/RePEc/rau/jisomg/WI16/JISOM-WI16-A15.pdf
Jasper, S. E. (2016). U.S. cyber threat intelligence sharing frameworks. International Journal of Intelligence and CounterIntelligence, 30(1), 53-65. https://doi.org/10.1080/08850607.2016.1230701
Juma’h, A. H., & Alnsour, Y. (2020). The effect of data breaches on company performance. International Journal of Accounting & Information Management, 28(2), 275-301. https://doi.org/10.1108/ijaim-01-2019-0006
Kalaimannan, E., John, S. K., DuBose, T., & Pinto, A. (2016). Influences on ransomware’s evolution and predictions for the future challenges. Journal of Cyber Security Technology, 1(1), 23-31. https://doi.org/10.1080/23742917.2016.1252191
Kapoor, A., Gupta, A., Gupta, R., Tanwar, S., Sharma, G., & Davidson, I. E. (2021). Ransomware detection, avoidance, and mitigation scheme: A review and future directions. Sustainability, 14(1), 8. https://doi.org/10.3390/su14010008
Kigerl, A. (2011). Routine activity theory and the determinants of high cybercrime countries. Social Science Computer Review, 30(4), 470-486. https://doi.org/10.1177/0894439311422689
Knutson, T. (2021, July 27). Small businesses bearing brunt of ransomware attacks, Senate told. Forbes. https://www.forbes.com/sites/tedknutson/2021/07/27/small-businesses-bearing-brunt-of-ransomware-attacks-senate-told/
Lee, J. K., Moon, S. Y., & Park, J. H. (2016). CloudRPS: A cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing, 73(7), 3065-3084. https://doi.org/10.1007/s11227-016-1825-5
Leukfeldt, E. R., & Yar, M. (2016). Applying routine activity theory to cybercrime: A theoretical and empirical analysis. Deviant Behavior, 37(3), 263-280. https://doi.org/10.1080/01639625.2015.1012409
Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176-8186. https://doi.org/10.1016/j.egyr.2021.08.126
Malecki, F. (2019). Best practices for preventing and recovering from a ransomware attack. Computer Fraud & Security, 2019(3), 8-10.
Mansfield-Devine, S. (2016). Ransomware: Taking businesses hostage. Network Security, 2016(10), 8-17. https://doi.org/10.1016/s1353-4858(16)30096-4
Maurya, A., Kumar, N., Agrawal, A., & Khan, R. A. (2018). Ransomware evolution, target and safety measures. International Journal of Computer Sciences and Engineering, 6(1), 80-85. https://doi.org/10.26438/ijcse/v6i1.8085
Miró, F. (2014). Routine activity theory. The Encyclopedia of Theoretical Criminology, 1-7. https://doi.org/10.1002/9781118517390.wbetc198
Moore, C. (2016). Detecting ransomware with honeypot techniques. 2016 Cybersecurity and Cyberforensics Conference (CCC), 77-81. https://doi.org/10.1109/ccc.2016.14
Nobles, C. (2018). Botching human factors in cybersecurity in business organizations. HOLISTICA – Journal of Business and Public Administration, 9(3), 71-88. https://doi.org/10.2478/hjbpa-2018-0024
Paek, S. Y., & Nalla, M. K. (2015). The relationship between receiving phishing attempt and identity theft victimization in South Korea. International Journal of Law, Crime and Justice, 43(4), 626-642. https://doi.org/10.1016/j.ijlcj.2015.02.003
Pandey, A. K., Tripathi, A., Alenezi, M., Agrawal, A., Kumar, R., & Ahmad, R. (2020). A framework for producing effective and efficient secure code through malware analysis. International Journal of Advanced Computer Science and Applications, 11(2). https://doi.org/10.14569/ijacsa.2020.0110263
Patterson, J. (2017). Cyber-security policy decisions in small businesses (Doctoral dissertation, Walden University). https://scholarworks.waldenu.edu/cgi/viewcontent.cgi?article=5655&context=dissertations
Pope, J. (2016). Ransomware: Minimizing the risks. Innovations in clinical neuroscience, 13(11-12), 37. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5300711/
Poudyal, S., & Dasgupta, D. (2021). Analysis of crypto-ransomware using ML-based multi-level profiling. IEEE Access, 9, 122532-122547. Https://doi: 10.1109/ACCESS.2021.3109260.
Pratt, T. C., & Turanovic, J. J. (2016). Lifestyle and routine activity theories revisited: The importance of “Risk” to the study of victimization. Victims & Offenders, 11(3), 335-354. https://doi.org/10.1080/15564886.2015.1057351
Raghavan, K., Desai, M. S., & Rajkumar, P. V. (2017). Managing cybersecurity and ecommerce risks in small businesses. Journal of management science and business intelligence, 2(1), 9-15. http://ibii-us.org/Journals/JMSBI/V2N1/Publish/V2N1_2.pdf
Rashid, Y., Rashid, A., Warraich, M. A., Sabir, S. S., & Waseem, A. (2019). Case study method: A step-by-step guide for business researchers. International Journal of Qualitative Methods, 18. https://doi.org/10.1177/1609406919862424
Reshmi, T. (2021). Information security breaches due to ransomware attacks – a systematic literature review. International Journal of Information Management Data Insights, 1(2), 100013. https://doi.org/10.1016/j.jjimei.2021.100013
Reyns, B. W. (2017). Routine activity theory and cybercrime. Technocrime and Criminological Theory, 35-54. https://doi.org/10.4324/9781315117249-3
Reyns, B. W., & Henson, B. (2015). The thief with a thousand faces and the victim with none. International Journal of Offender Therapy and Comparative Criminology, 60(10), 1119-1139. https://doi.org/10.1177/0306624×15572861
Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10. https://digitalcommons.kennesaw.edu/cgi/viewcontent.cgi?article=5312&context=facpubs
Ronquillo, J. G., Erik Winterholler, J., Cwikla, K., Szymanski, R., & Levy, C. (2018). Health IT, hacking, and cybersecurity: National trends in data breaches of protected health information. JAMIA Open, 1(1), 15-19. https://doi.org/10.1093/jamiaopen/ooy019
Saber, J. A. (2016). Determining small business cybersecurity strategies to prevent data breaches (Doctoral dissertation, Walden University). https://scholarworks.waldenu.edu/cgi/viewcontent.cgi?referer=&httpsredir=1&article=6270&context=dissertations
Satter, R. (2021, July 5). Up to 1,500 businesses affected by ransomware attack, U.S. firm’s CEO says. Reuters. https://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/
Schiappa, D. (2021, July 14). With ransomware costs on the rise, organizations must be more proactive. Forbes. https://www.forbes.com/sites/forbestechcouncil/2021/07/13/with-ransomware-costs-on-the-rise-organizations-must-be-more-proactive/#:~:text=Individual%20ransomware%20attacks%20are%20getting%20costlier.&text
Security Magazine. (2021, August 17). More than a third of organizations have experienced a ransomware attack or breach. https://www.securitymagazine.com/articles/95885-more-than-a-third-of-organizations-have-experienced-a-ransomware-attack-or-breach
Segura, J. (2016). Citadel: A cyber-criminal’s ultimate weapon? https://blog.malwarebytes.com/threat-analysis/2012/11/citadel-a-cyber-criminals-ultimateweapon/
Shackelford, S. J. (2016). Business and cyber peace: We need you! Business Horizons. http://dx.doi.org/10.1016/j.bushor.2016.03.015
Sharton, B. R. (2021, May 20). Ransomware attacks are spiking. Is your company prepared? Harvard Business Review. https://hbr.org/2021/05/ransomware-attacks-are-spiking-is-your-company-prepared
Sim, J., Saunders, B., Waterfield, J., & Kingstone, T. (2018). Can sample size in qualitative research be determined a priori? International Journal of Social Research Methodology, 21(5), 619-634. https://doi.org/10.1080/13645579.2018.1454643
Simon, R. (2015, April 15). ‘Ransomware’ a growing threat to small businesses. WSJ. https://www.wsj.com/articles/ransomware-a-growing-threat-to-small-businesses-1429127403
Singh, H., & Sittig, D. (2016). A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Applied Clinical Informatics, 07(02), 624-632. https://doi.org/10.4338/aci-2016-04-soa-0064
Sjouwerman, S. (2015). A short history & evolution of Ransomware. https://blog.knowbe4.com/a-short-history-evolution-of-ransomware
Strauss, S. (2017, February 20). Cyber threat is huge for small businesses. USA TODAY. https://www.usatoday.com/story/money/columnist/strauss/2017/10/20/cyber-threat-huge-small-businesses/782716001/
Szücs, V., Arányi, G., & Dávid, Á. (2021). Introduction of the ARDS—anti-ransomware defense system model—Based on the systematic review of worldwide ransomware attacks. Applied Sciences, 11(13), 6070. https://doi.org/10.3390/app11136070
Tam, T., Rao, A., & Hall, J. (2021). The good, the bad and the missing: A narrative review of cyber-security implications for Australian small businesses. Computers & Security, 109, 102385. https://doi.org/10.1016/j.cose.2021.102385
Taneja, S., Pryor, M. G., & Hayek, M. (2016). Leaping innovation barriers to small business longevity. Journal of Business Strategy, 37(3), 44-51. https://doi.org/10.1108/jbs-12-2014-0145
Thomas, J. E., & Galligher, G. C. (2018). Improving backup system Assessments in information security risk assessments to combat ransomware. Computer and Information Science, 11(1), 14-25. https://doi.org/10.5539/cis.v11n1p14
Tischer, M., Durumeric, Z., Foster, S., Duan, S., Mori, A., Bursztein, E., & Bailey, M. (2016). Users really do plug in USB drives they find. 2016 IEEE Symposium on Security and Privacy (SP), 306–319. https://doi.org/10.1109/sp.2016.26
Trautman, L. J., & Ormerod, P. (2018). WannaCry, ransomware, and the emerging threat to corporations. Tennessee Law Review, 86, 503. https://doi.org/10.2139/ssrn.3238293
Tuttle, W. J. (2020). Effective Strategies Small Business Leaders Use to Address Ransomware (Doctoral dissertation, Walden University).
U.S. Securities and Exchange Commission. (2015, October 19). The need for greater focus on the cybersecurity challenges facing small and midsize businesses. SEC.gov. https://www.sec.gov/news/statement/cybersecurity-challenges-for-small-midsize-businesses.html
Udofot, M., & Topchyan, R. (2020). Factors related to small business cyber-attack protection in the United States. International Journal of Cyber-Security and Digital Forensics, 9(1), 12-25. https://doi.org/10.17781/p002644
Ursillo Jr., S., & Arnold, C. (2021, February 1). Cybersecurity is critical for all organizations – Large and small. IFAC. https://www.ifac.org/knowledge-gateway/preparing-future-ready-professionals/discussion/cybersecurity-critical-all-organizations-large-and-small
Van, R., & Code, A. L. (2018). Online vulnerabilities facing small businesses today. Governance Directions, 70(10), 648-651. https://kottgunn.com.au/wp-content/uploads/2018/10/Governance-Directions-November-2018-Online-vulnerabilities-facing-small-business-today.pdf
Virtue, T., & Rainey, J. (2015). Information risk assessment. HCISPP Study Guide, 131-166. https://doi.org/10.1016/b978-0-12-802043-2.00006-9
Williams, C., Donaldson, S., & Siegel, S. (2020). Cyberdefense Concepts. In Building an Effective Security Program (pp. 55-79). De Gruyter.
Young, A., & Yung, M. (2017). Cryptovirology: The birth, neglect, and explosion of ransomware. Communications of the ACM, 60(7), 24-26. Doi:10.1145/3097347
Appendix A: Instrument
Questionnaire
General Questions
1. Size of the Organization (Number of Employees)
2. Number of Attacks for the last 4 years
Specific Questions
A) Impediments to Preventive Controls
1. What preventive measures is your organization adopting against ransomware?
2. How would describe your organization’s preparedness to curb ransomware?
3. What are the physical, administrative and technical barriers to ransomware prevention in your organization?
B) Impediments to Detective Controls
1. How would you describe your organization’s security event log checking?
2. What are the weaknesses of your systems in detecting network intrusion?
3. How would you describe the effectiveness and weaknesses of your system in detecting malicious codes?
C) Impediments to Corrective Controls
1. How do you define the firm’s effectiveness in adopting the automatic threat removal?
2. After your previous attack, what weaknesses did you identify regarding correcting the problem?
3. What are the inadequacies of your organization’s recovery plans?
4. What measures is the firm considering to prohibit the future attacks?