Usable technology for non-experts: Bridging the cyber security expertise gap for low resource organisations
Abstract
Cyber security has a complexity problem; most products require a baseline level of knowledge about cyber security controls to be used effectively, but many small organisations, such as non-profits, rural hospitals, utilities, cooperatives and cities, lack the staff to adequately protect themselves from common cyber incidents. Similarly, these small organisations cannot afford to hire or contract managed services, as human expertise is expensive and difficult to scale. This paper highlights the cyber security expertise gap for small, low-resource organisations and why the ‘cyber poverty line’ will not disappear without technological innovation. It then analyses existing market and non-market solutions, including managed services, cyber insurance, cyber volunteering, training and education, and identifies remaining gaps. Finally, the paper highlights an emerging group of usable technology products designed for non-experts and proposes interventions to encourage the further development of usable technology to serve small to mid-sized organisations. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
The full article is available to subscribers to the journal.
Author's Biography
Sarah Powazek is the Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads flagship research on defending low-resource organisations such as non-profits, municipalities and schools from cyber attacks. She serves as Co-Chair of the Cyber Resilience Corps, a network of cyber security volunteer organisations, and as Senior Advisor for the Consortium of Cybersecurity Clinics, advocating for the expansion of clinical cyber education around the world. Sarah hosts the Cyber Civil Defense Summit, an annual mission-based gathering of cyber defenders to protect the US’s most vulnerable public infrastructure. Sarah previously worked at CrowdStrike Strategic Advisory Services, and as the Program Manager of the Ransomware Task Force at the Institute for Security and Technology. In her free time, Sarah is the Deputy Director of DistrictCon, a hacker conference based in Washington, DC.
