Academic journal article The Journal of Research in Business Education

A Vulnerability Assessment of the U.S. Small Business B2c E-Commerce Network Systems

Academic journal article The Journal of Research in Business Education

A Vulnerability Assessment of the U.S. Small Business B2c E-Commerce Network Systems

Article excerpt

Abstract

Objective: This study assessed the security vulnerability of the U.S. small companies' business-to-consumer (B2C) e-commerce network systems. Background: As the Internet technologies have been changing the way business is conducted, the U.S. small businesses are investing in such technobgies and taking advantage of e-commerce to access global markets and compete with the large companies in their industries. While e-commerce activities have become popular, cyber attacks to the e-commerce sites are also on the rise. Therefore, a need exists for a security vulnerability assessment of the U.S. small companies' e-commerce sites. Method: The study used a combination of three methods-Web content analysis, information security auditing, and computer network security mapping-for data collection and analysis of a sample of 79 Inc. 500 e-commerce sites. Results: The findings indicate that most e-commerce sites were outsourced to the Internet service companies and had the sites' network information publicly available on the Internet through the Google search. However, these sites had most of their ports closed, filtered, or behind firewalls with very few open ports. Companies in financial services, real estate, marketing, security, construction, education, and transportation were significantly more secure than other companies in protecting their network information. Conclusion and Recommendations: the U.S. small business B2C e-commerce sites were secure on average. But this degree of security is not enough. Therefore, this study provided recommendations such as how to secure network information, how to hide a site's IP address, and how to secure operating systems. In addition, the further research was recommended.

Introduction

Small businesses in the U.S. represent a majority of employers, create around two thirds of the nation's new jobs, employ about half of the nation's private sector work force, provide half of the nation's nonfarm, private real gross domestic product (GDP), and contribute a significant share of innovations, even in the economic recession (U.S. Small Business Administration, 2003, 2009). As the Internet technologies have been changing the way business is conducted, the U.S. small businesses are investing in such technologies and taking advantage of e-commerce to access global markets and compete with the large companies in their industries. The shoe retailer Zappos, TV manufacturer Vizio, and Internetphone service supplier VoIP Supply are just a few examples of small businesses actively involved in e-commerce activities (Brynjolfsson & Smith, 2000; Inc., 2009; U.S. Small Business Administration, 2000).

While e-commerce activities have become popular, cyber attacks to the e-commerce sites are also on the rise. Such attacks would impair or even shut down the e-commerce business completely by damages such as Web site defacement, denial of service, price manipulation, financial fraud, credit-card information thefts, or other data breach (e.g., Greene, 2008; Hovanesian, 2008; Mookhey, 2004). According to Symantec's Global Internet Security Threat Report, 90% of all Internet security threats detected by Symantec during 2008 attempted to steal confidential information for financial gains and the Internet became the primary conduit for malicious attack activities (Fossi et al., 2009).

In addition, a 2006 survey of 214 bank Web sites (Hovanesian, 2008) reported that 75% of the sites were vulnerable to hacking, with two big worrisome trends: (a) login boxes were placed on unencrypted Web (http) pages on a bank's domain and (b) the use of third-party services transferred customers to insecure outside pages. According to a cyber security report by Net Witness (Gorman, 2010), from late 2008 to early 2010, hackers gained access to a wide array of data at 2,411 companies, from accessing corporate servers that process credit-card transactions to servers that store large quantities of business data, such as presentations, intellectual property files, contracts, and even upcoming versions of software products. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.