Risk Assessment for Malware Attacks in Small Businesses

Abstract

The presence of severe malware attacks in business systems compromises devices, data, information, and network hygiene. The increased usage of cyberspace as a convenient tool exposed all organisations to various malware attacks. The malware attacks have become one of the most common threats in all sectors. These attacks often find their way into systems where poor or inadequate security measures are implemented, leaving the institution’s resources vulnerable and compromised. This work collected data using purposive sampling from the selected small businesses that used cyberspace for business transactions. A questionnaire distributed to the participants was mounted on Google Forms. To analyse the collected data, this work assessed the malware attacks and used the risk management processes to determine the risk impact and probability. Risk management processes were used to analyse and interpret different risks associated with malware attacks and also ranked them from low, medium, and high. The work also revealed the different forms of common malware attacks, the business assets affected, the main causes of malware attacks, risk value, risk likelihood, and the risk impact. The extent of security measures implemented on different levels contributes to the overall state of the organisational resources. The study also shared the recommendations and accounted for the conclusion.