Preliminary study on Cybersecurity Knowledge in users of SMEs: A Case study in Riobamba City
DOI:
https://doi.org/10.47187/perspectivas.vol3iss2.pp45-53.2021Keywords:
cybersecurity, cybersecurity knowledge, cyber-attacks, final users, survey, EcuadorAbstract
Cyber-attacks not only occur in large companies, today everyone is exposed to this type of concern, which is intended to interrupt the confidentiality of user information. This work aims to carry out a preliminary study on the knowledge of cybersecurity in users of SMEs (small and medium-sized companies), taking the city of Riobamba - Ecuador as a case study. As a method, we carry out a descriptive investigation. The information was collected crosssectionally and a survey was applied as a research method. From a population of 100 companies, 30 were selected by simple random probability sampling. An instrument was applied to this sample in order to obtain a current status of the level of knowledge of the end users of SMEs. Finally, a representative statistical model of the population is presented that contributes to the state of the art for future research. As results, we observe that 70% of users have a medium level of knowledge about cybersecurity, 13.33% have a high level and 16.67% a low level. Our results suggest that SME users need to continue updating their knowledge on cybersecurity issues either through awareness campaigns and a series of training on cybersecurity concepts and techniques.
Métricas
References
S. M. Bellovin, «Cybersecurity for Small Businesses», p. 10.
Franklin D., Kramer, Stuart H., y Larry K., Cyberpower and National Security, 1st ed. PotomacBooks, 2009.
ISO / IEC 27032, «Information technology — Security techniques — Guidelines for cybersecurity». jul. 2012. [En línea]. Disponible en: https://www.iso.org/standard/44375.html
I. Soria Guzman, Ética hacker,seguridad y vigilancia, 1.a ed. 2016. [En línea]. Disponible en: http://ru.iiec.unam.mx/3463/1/EticaHackerSeguridadVigilancia.pdf
M. M. Pollitt, «Cyberterrorism — fact or fancy?», Computer Fraud & Security, vol. 1998, n.o 2, pp. 8-10, feb. 1998, doi: 10.1016/S1361-3723(00)87009-8.
F. J. U. Centeno, «CIBERATAQUES, la mayor amenaza actual», n.o 09, p. 18.
S. M. Toapanta Toapanta, H. A. Mera Caicedo, B. A. Naranjo Sanchez, y L. E. Mafla Gallegos, «Analysis of security mechanisms to mitigate hacker attacks to improve e-commerce management in Ecuador», 2020, pp. 242-250. doi: 10.1109/ICICT50521.2020.00044.
J. Mieres, «Debilidades de seguridad comúnmente explotadas», p. 17.
C. Borghello, «El arma infalible: la Ingeniería Social». abr. 13, 2019.
C. Parada y Lady Johana, «Ataques informáticos, ethical hacking y conciencia de seguridad informática en niños», instname:Universidad Piloto de Colombia, jul. 2015, Accedido: dic. 08, 2020. [En línea]. Disponible en: http://repository.unipiloto.edu.co/handle/20.500.12277/2870
Christophe Ponsard, Jeremy Grandclaudon, y Sebastien Bal, «Survey and Lessons Learned on Raising SME Awareness about Cybersecurity», SCITEPRESS, vol. 1, pp. 558-563, 2019, doi: 10.5220/0007574305580563.
N. Amrin, «The Impact of Cyber Security on SMEs», ago. 14, 2014. https://essay.utwente.nl/65851/ (accedido abr. 09, 2021).
Norton by Symantec, «2013 Norton Report», 2013. [En línea]. Disponible en: https://yle.fi/tvuutiset/uutiset/upics/liitetiedostot/norton_raportti.pdf
FBI y NW3C, «Internet Crime Complaint Center», FBI AND NW3C, 2020. [En línea]. Disponible en: https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
MARSH y MICROSOFT, «2019 Global Cyber Risk Perception Survey», FBI AND NW3C, 2019. [En línea]. Disponible en: https://www.microsoft.com/security/blog/wp-content/uploads/2019/09/Marsh-Microsoft-2019-Global-Cyber-Risk-Perception-Survey.pdf
CERT US State, «2013 US State of Cybercrime Survey», 2013. [En línea]. Disponible en: https://resources.sei.cmu.edu/asset_files/Presentation/2013_017_101_58739.pdf
CERT Australia y CIS Australia, Cyber Crime and Security Survey Report 2012. Kambah, A.C.T.: Centre for Internet Safety, 2012.
Ponemon Institute, «Cost of Cyber Crime Study: Global Report», 2013. [En línea]. Disponible en: http://book.itep.ru/depository/security/annuals/Ponemon-2013_Cost_of_Cyber_Crime_Study_Global_Report.pdf
Fiscalía General del Estado, «Fiscalía General del Estado | Los delitos informáticos van desde el fraude hasta el espionaje». https://www.fiscalia.gob.ec/los-delitos-informaticos-van-desde-el-fraude-hasta-el-espionaje/ (accedido nov. 26, 2020).
El Universo, «Los delitos informáticos crecen en Ecuador; cada clic en la web deja su rastro», El Universo, Ecuador, sep. 27, 2020. Accedido: nov. 26, 2020. [En línea]. Disponible en: https://www.eluniverso.com/noticias/2020/09/27/nota/7991905/delitos-informaticos-internet-casos-reales-redes-sociales-ecuador
International Telecommunication Union, Global Cybersecurity Index, 2018.a ed. 2018. [En línea]. Disponible en: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2018-PDF-E.pdf
O. BID, «Reporte Ciberseguridad 2020: riesgos, avances y el camino a seguir en América Latina y el Caribe | Publications», Banco Interamericano de Desarrollo y Organización de los Estados Americanos, 2, 2020. Accedido: nov. 26, 2020. [En línea]. Disponible en: https://publications.iadb.org/publications/spanish/document/Reporte-Ciberseguridad-2020-riesgos-avances-y-el-camino-a-seguir-en-America-Latina-y-el-Caribe.pdf
Maraino Díaz Rodrigo, «La ciberseguridad en tiempos del COVID-19 y el tránsito hacia una ciberinmunidad», 2020-11-03, p. 18p, nov. 03, 2020.
J. Duran Pamplona, «Principales características, modos de perpetración y vulneración de la seguridad informática a través de la modalidad carding.», may 2020, Accedido: abr. 04, 2021. [En línea]. Disponible en: http://repository.unad.edu.co/handle/10596/34366
Ankur Scale, Saket Kale, Satish Chandel, y D.K. Pal, «View of Likert Scale: Explored and Explained», 20-02-2015, pp. 396-403, 2015, doi: 10.9734/BJAST/2015/14975.
INCIBE, «¿Cuánto sabes? | Oficina de Seguridad del Internauta», INCIBE. https://www.osi.es/es/cuanto-sabes (accedido dic. 13, 2020).
A. Acharya, A. Prakash, P. Saxena, y A. Nigam, «Sampling: Why and How of it?», Indian Journal of Medical Specilaities, ene. 2013, doi: 10.7713/ijms.2013.0032.
I. N. de E. y Censos, «Directorio de Empresas», Instituto Nacional de Estadística y Censos. https://www.ecuadorencifras.gob.ec/directoriodeempresas/ (accedido dic. 05, 2020).
D. Delgado y G. Chávez, «Las Pymes en el Ecuador», Observatorio de la Economía Latinoamericana, n.o abril, abr. 2018, Accedido: abr. 05, 2021. [En línea]. Disponible en: https://www.eumed.net/rev/oel/2018/04/pymes-ecuador-financiamiento.html
Ronald E. Walpole y Raymond H. Myers, Probabilidad y Estadística para Ingeniería y ciencias, Novena. México: PEARSON EDUCACIÓN, 2012.
John Fox, «Getting Started With the R Commander: A BasicStatistics Graphical User Interface to R», Journal of Statistical Software, pp. 1-42.
Elia Beatriz Pineda, Eva Luz de Alvarado, y Francisca H. de Canales, Manual para el desarrollo de personal de salud, Segunda. Washington D.C., 1994. [En línea]. Disponible en: https://n9.cl/f1x1t
Darren George y Paul Mallery, IBM SPSS Statistics 26 Step by Step A simple Guide and Reference, 16.a ed. New York: Routledge.
Published
How to Cite
Issue
Section
License
Copyright (c) 2021 Gino Maggi Murllo, Omar Salvador Gómez Gómez
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright
The authors of the manuscripts will retain their copyright on their articles published in Pespectivas Journal. These rights allow the authors to present their manuscripts in public, prepare derivative works, reproduce them physically by printing and distribute them on their social or research networks. These rights will remain unchanged as long as the authors respect the publication and free access policy of Perspectivas Journal.
Publication Rights
Perspectivas Journal reserves all first publication rights on each of the articles that the authors have sent to its review and publication process. It implies that authors will only exercise their copyright if they state the source and origin of the publication correctly, mainly when they distribute, share, present, or use their articles' total or partial content.