The GEIGER-Indicator provides an app where SMEs can dynamically assess and improve their cybersecurity risks.
The problem of hairdressers having no overview of risks and threats regarding their cybersecurity within their IT infrastructure affects managing directors, entrepreneurs as well as an employee of a hairdresser. The impact of which is that attackers can easily access systems and endpoints of hairdressers allowing them to view and steal business-critical or sensible data which can then be used to threaten those hairdressers or hinder their usual business activities. A successful solution enables hairdressers to analyze and assess the threat level of their Android smartphones within several clicks and also supports them by presenting the right countermeasures against possible risks.
For managing directors, entrepreneurs, and employees of hairdressers who are at least partly performing business activities on their Android smartphones, the GEIGER-Indicator provides a native app that features the possibility to analyze installed apps and used tools on an Android smartphone and also visualizes the outcomes of this analysis to easily assess the threats caused by certain tools or products. Furthermore, the app also compares those tools with the latest cybersecurity threats and provides feasible, personalized countermeasures to protect Android smartphones.
Unlike common antivirus software for Android devices, which usually only step in as soon as malicious software was installed or downloaded, the GEIGER-Indicator also features recommended countermeasures as a precautionary mechanism. Further, the GEIGER-Indicator evaluates the latest threats and provides countermeasures against branch-specific threats and risks to further improve the security throughout different branches.
Firstly, the targeted SMEs of hairdressers usually have little knowledge of information technologies especially regarding cybersecurity risks and threats. Since they do not have dedicated IT personnel employed, they are either managing their IT infrastructure, which mainly consists of smartphones, themselves, or hiring partners to do it for them. While there is generally a smaller risk when hiring a partner, many of those enterprises and especially, the extremely common micro-enterprises, do not have the funds to hire a professional and therefore are forced to do it on their own.
Secondly, those SMEs are also not aware of the consequences which a cyber-attack can have on them financially or regarding their business continuity. They are usually lacking awareness of data security, data protection as well as the general importance of cybersecurity. Furthermore, those enterprises usually lack awareness of cybersecurity threats and risks when accessing a certain website or configuring tools they use either professionally or privately.
Combining the above arguments, attackers can mostly access the smartphones of those hairdressers easily and steal valuable customer data or even hinder (e.g., encrypt data) the hairdressers in doing their daily business on a smartphone.
This thesis provides micro enterprises using an Android smartphone with a solution enabling them to dynamically assess their risk level based on the data on their device and the current threat landscape. Furthermore, SMEs are provided with countermeasures to protect themselves against their risks.
Home Screen showing
the risk indicator |
Detail view of a risk
|
Countermeasure provided
against trojans |
Applied countermeasures with decreased risk index |
Impact on risk index after applying measures |
The developed prototype shows a first partial solution of the above described problem and can be used as a foundation for further developments trying to solve that problem.
|
Prof. Dr. Samuel Fricker FHNW University of Applied Sciences and Arts Northwestern Switzerland School of Engineering Bahnhofstrasse 6 / Room 5.1A12 CH-5210 Windisch |
|
Inniger, Marco iCompetence Sem. 7 Heidenlochstrasse 98g CH-4410 Liestal |
|
Sedelmeier, Jan iCompetence Sem. 7 Kraftwerkstrasse 43 CH-4313 Möhlin |
