Cybersecurity for SMEs

Cyberattacks are an ever-growing threat, with Small-to-Medium sized enterprises being particularly vulnerable to attack. There are several factors influencing this vulnerability, as well as a myriad of issues in mitigating this vulnerability. A number of these factors and issues are
discussed in this work.

One major issue unearthed in the research process for this project is that cybersecurity training can often be tedious, this leads to a lack of engagement from employees in training, making said training ineffective. This presents a massive threat to SMEs as cyberattacks are more likely to have a devastating effect.

This project attempts to address the aforementioned issue by exploring ways of making cybersecurity training more engaging and hence, more effective, using information technology. An android application was developed that both educates and quizzes the user on cybersecurity, the topic that is focused on is social engineering. This term describes a type of cyberattack that focuses on manipulating users to give away sensitive information. A mixture of videos and
descriptive text is used to educate the user on the topic and the quiz segment tests the user on the information studied. A new learning approach was attempted in this project where the application is designed to be used in 20-minute bursts, rather than several hours like other training courses. The quiz functionality is an attempt to gamify the learning process, employing the principles of active recall with the goal of trainees retaining more of the information covered.

The application has been published on the Google Play Store under the name ‘Cybersecurity Quiz App’. This allowed for employees working in SMEs to review the application. The effectiveness of the application is assessed based on feedback gathered from said employees.

Figure 1. A screenshot of the learning page, which features the video
being played at the top and a description of social engineering at the
Figure 2. A screenshot of a quiz page, which is testing the user on
what was learned in the learning segment

Student: Matteo Caruana Bond
Course: B.Sc. IT (Hons.) Computing and Business
Supervisor: Dr Clyde Meli
Co-supervisor: Mr Tony Spiteri Staines