Applying Random Forest to Mitigate Cybersecurity Data Breaches in Small Businesses Open Access
Downloadable ContentDownload PDF
Small businesses do not have a simple viable approach to understand and predict the causes of cybersecurity data breaches due to error and misuse actions. These error and misuse actions lead to small businesses experiencing cybersecurity data breaches. These actions are preventable. Mitigations can be put in place to proactively combat cybersecurity attacks caused by error and misuse actions including actions such as programming errors, misconfigurations, knowledge abuse and privilege abuse. Cybersecurity standards and guidelines exist for small businesses. Much of this information is contained in comprehensive literature available on websites. Cybersecurity prediction models exist that can help identify malicious web activity and high-level risk distributions across business profiles. Knowing the relevant cybersecurity mitigations to implement takes resources and balancing these resources with those needed to operate the business. The objective of this research is to create a set of reusable prediction models to classify error and misuse actions that lead to cybersecurity data breaches in small businesses. The models are data-driven and based on features of the business and historical cybersecurity data. In addition to predicting the actions that lead to breaches, the models also prescribe mitigations tailored to the predictions. The models trained and validated in this research could be extended to mobile applications and general applications for use by small businesses. The extension could also include identification of specific technologies and processes to implement the mitigations.