To read the full version of this content please select one of the options below:

Tightroping between APT and BCI in small enterprises

Jesse Kaukola (Department of Management and Entrepreneurship, University of Turku, Turku, Finland)
Jukka Ruohonen (Department of Information Technology, University of Turku, Turku, Finland)
Antti Tuomisto (Department of Management and Entrepreneurship, University of Turku, Turku, Finland)
Sami Hyrynsalmi (Department of Information Technology, University of Turku, Turku, Finland)
Ville Leppänen (Department of Information Technology, University of Turku, Turku, Finland)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 10 July 2017

Abstract

Purpose

The contemporary internet provisions increasingly sophisticated security attacks. Besides underlining the advanced nature of these attacks, the concept of an advanced persistent threat (APT) catalyzes the important perspective of longitudinal persistence; attacks are not only carefully planned and targeted but the subsequent exploitation period covers long periods of time. If an APT successfully realizes into such exploitation, information assets may be continuously monitored for harvesting business-critical information (BCI). These threats are relevant for the security of small enterprises, and this study aims to examine the qualitative factors that shape the security mindsets among these.

Design/methodology/approach

The data are collected with semi-structured interviews of six enterprises in a small regional market segment. The analysis is based on a fourfold taxonomy that delivers three mindset profiles, while particular emphasis is placed on the subjective security notions that shape the typical strategizing among enterprises.

Findings

APT is poorly understood among the observed segment, which tends to often also explicitly downplay the strategic relevance of the concept, but a more pressing challenge relates to the observation that business data is often perceived to have no value. The delivered results can be used to improve the situation.

Originality/value

This study is among the firsts to explore perceptions of small enterprises toward APT and BCI. The results reveal problematic mindsets and offers new avenues for practitioners as well as academics to study and improve the situation.

Keywords

Citation

Kaukola, J., Ruohonen, J., Tuomisto, A., Hyrynsalmi, S. and Leppänen, V. (2017), "Tightroping between APT and BCI in small enterprises", Information and Computer Security, Vol. 25 No. 3, pp. 226-239. https://doi.org/10.1108/ICS-07-2016-0047

Publisher

:

Emerald Publishing Limited

Copyright © 2017, Emerald Publishing Limited