There are two broad objectives of the research reported in this paper. First, we assess whether government-provided cyber threat intelligence (CTI) is helpful in preventing, or responding to, cyber-attacks among small...There are two broad objectives of the research reported in this paper. First, we assess whether government-provided cyber threat intelligence (CTI) is helpful in preventing, or responding to, cyber-attacks among small businesses within the U.S. Defense Industrial Base (DIB). Second, we identify ways of improving the effectiveness of government-provided CTI to small businesses within the DIB. Based on a questionnaire-based survey, our findings suggest that government-provided CTI helps businesses within the DIB in preventing, or responding to, cyber-attacks providing a firm is familiar with the CTI. Unfortunately, a large percentage of small firms are not familiar with the government-provided CTI feeds and consequently are not utilizing the CTI. This latter situation is largely due to financial constraints confronting small businesses that prevent firms from having the wherewithal necessary to effectively utilize the government-provided CTI. However, we found a significant positive association between a firm’s familiarity with the government-provided CTI and whether a firm is being periodically reviewed by the Defense Counterintelligence and Security Agency (DCSA) or is compliant with the Cybersecurity Maturity Model Certification (CMMC) program. The findings from our study also show that the participating firms believe that external cyber threats are more likely to be the cause of a future cybersecurity breach than internal cybersecurity threats. Finally, our study found that the portion of the IT budget that small businesses within the DIB spend on cybersecurity-related activities is dependent on the perception that a firm would be the target of an external cyber-attack.展开更多
文摘There are two broad objectives of the research reported in this paper. First, we assess whether government-provided cyber threat intelligence (CTI) is helpful in preventing, or responding to, cyber-attacks among small businesses within the U.S. Defense Industrial Base (DIB). Second, we identify ways of improving the effectiveness of government-provided CTI to small businesses within the DIB. Based on a questionnaire-based survey, our findings suggest that government-provided CTI helps businesses within the DIB in preventing, or responding to, cyber-attacks providing a firm is familiar with the CTI. Unfortunately, a large percentage of small firms are not familiar with the government-provided CTI feeds and consequently are not utilizing the CTI. This latter situation is largely due to financial constraints confronting small businesses that prevent firms from having the wherewithal necessary to effectively utilize the government-provided CTI. However, we found a significant positive association between a firm’s familiarity with the government-provided CTI and whether a firm is being periodically reviewed by the Defense Counterintelligence and Security Agency (DCSA) or is compliant with the Cybersecurity Maturity Model Certification (CMMC) program. The findings from our study also show that the participating firms believe that external cyber threats are more likely to be the cause of a future cybersecurity breach than internal cybersecurity threats. Finally, our study found that the portion of the IT budget that small businesses within the DIB spend on cybersecurity-related activities is dependent on the perception that a firm would be the target of an external cyber-attack.