A Vulnerability Assessment of the U.S. Small Business B2c E-Commerce Network Systems
Keywords:
e-commerce, B2C, small business, securityAbstract
Objective: This study assessed the security vulnerability of the U.S. small companies’ business-to-consumer (B2C) e-commerce network systems. Background: As the Internet technologies have been changing the way business is conducted, the U.S. small
businesses are investing in such technologies and taking advantage of e-commerce to access global markets and compete with the large companies in their industries. While e-commerce activities have become popular, cyber attacks to the e-commerce sites are also on the rise. Therefore, a need exists for a security vulnerability assessment of the U.S. small companies’ e-commerce sites. Method: The study used a combination of three methods—Web content analysis, information security auditing, and computer network security mapping—for data collection and analysis of a sample of 79 Inc. 500 e-commerce sites. Results: The findings indicate that most e-commerce sites were outsourced to the Internet service companies and had the sites’ network information publicly available on the Internet through the Google search. However, these sites had most of their ports closed, filtered, or behind firewalls with very few open ports. Companies in financial services, real estate, marketing, security, construction, education, and transportation were significantly more secure than other companies in protecting their network information. Conclusion and Recommendations: the U.S. small business B2C e-commerce sites were secure on average. But this degree of security is not enough. Therefore, this study provided recommendations such as how to secure network information, how to hide a site’s IP address, and how to secure operating systems. In addition, the further research was recommended.
Downloads
References
Brynjolfsson, E. & Smith, M. D. (2000). The great equalizer? Consumer choice behavior at Internet shopbots. Cambridge, MA: Massachusetts Institute of Technology.
Cochran, W. G. (1977). Sampling techniques (3rd ed.). New York: John Wiley and Sons.
Fossi, M., Johnson, E., Mack, T., Blackbird, J., Low, M. K., Adams. T. et al. (2009, April). Symantec global Internet security threat report: Trends for 2008 (Vol. 14). Retrieved October 15, 2009, from http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf
Fraenkel, J. R. & Wallen, N. E. (2006). How to design and evaluate research in education (6th ed.). Boston: McGraw Hill.
Greene, T. (2008, August). Business hacks reap money from e-commerce sites. Network World, 25(30). Retrieved August 10, 2008, from http://www.networkworld.com/
news/2008/ 080808-business-hacks.html
Gorman, S. (2010, February 18). Hackers attack 2.411 firms. The Wall Street Journal, p. A3.
Hovanesian, M. D. (2008, August 11). Security holes at the online bank. Business Week, 16.
Inc. (2009, September). The Inc. 500 U.S. companies. Inc. Retrieved October 1, 2009, from http://www.inc.com/magazine/20090901/index.html
Jamieson, S. (2002). “The Ethics and Legality of Port Scanning”, SANS Institute. http://www.sans.org/reading_room/whitepapers/legal/the_ethics_and_legality_of_port_scanning_71?show=71.php&cat=legal
Mookhey, K. K. (2004, April 26). Common security vulnerabilities in e-commerce systems. Security Focus. Retrieved October 5, 2008, from http://www.securityfocus.com/infocus/1775
U.S. Department of Justice. (2003). “Fraud and Related Activity in Connection with Computers” in the United States Code Annotated Title 18, Chapter 47, Section 1030. Washington, DC: Author, http://www.usdoj.gov/criminal/cybercrime/1030NEW.htm
U.S. Small Business Administration. (2000). Small business expansions in electronic commerce. Retrieved July 2, 2003, from http://www.sba.gov/advo/stats/e_comm2.pdf
U.S. Small Business Administration. (2003). Small business economic indicators for 2002. Retrieved January 7, 2004, from http://www.sba.gov/advo/stats/sbei02.pdf
U.S. Small Business Administration. (2009). Small business economy: A report to the president 2009. Retrieved January 7, 2010, from http://www.sba.gov/advo/research/sbe.html.
