#23

Research Proposal
Allison Li
G/T Independent Research
2018-2019

Research Title​: The Growing Need for Cybersecurity: For Hackers, Bigger Isn’t Always Better
Overview of Research
There is an urgent need for more upgraded cybersecurity systems in small companies
with less than 100 employees, more specifically, the current systems are too large and complex
for small companies to implement which causes an increase in the amount of infiltrations.
Additionally, small companies themselves are unaware and unconcerned regarding the level of
risk that they face. Small companies are more focused on using money for more advanced tech
rather than for increasing cybersecurity.
Background and History of the Issue
Viruses and infiltrations started becoming more prevalent in 1988 when ​a man by the
name Robe​rt Morris wanted to gauge the size of the internet. He wrote a program designed to
propagate across networks, infiltrate Unix terminals using a known bug, and then copy itself.
The Morris worm, named after its creator, ended up replicating so aggressively that the early
internet slowed to a crawl, causing untold damage. Robert Morris became the first person
successfully charged under the Computer Fraud and Abuse Act. This act also led to the
formation of the Computer Emergency Response Team.
As more time passes, technology becomes more and more advanced for hackers, giving
them a better chance of infiltrating a system. Most companies believe that hackers consistently
target larger companies due because they hold a larger payoff for a successful infiltration.
However, hackers would rather infiltrate companies that are easier to hack into but have lower
payoff, which makes small companies a common target for these hackers or threat actors.
Problem Statement and Rationale
Over 76% of all cyber attacks affect companies with less than 100 employees.​ ​However,
the main issue is that roughly 50% of small companies believe that they are too miniscule or
insignificant to be noticed by mainstream hackers. This has been an issue ever since companies
began making technology a huge part of their companies. Additionally, with the growth
technology, it is difficult for companies to stay constantly updated because of the costs which
makes it easier for threat actors to infiltrate, and always remain one step ahead. Additionally
Existing cybersecurity systems are too complex, too large, and too expensive for small
companies to implement as they are mainly designed for larger companies.​ This research could
help prevent small companies or newly formed non-profits from losing thousands of dollars as
well as bring awareness to all employees and companies about suspicious links and easy ways to
prevent an infiltration. Additionally, it can also can help inform the average person about
awareness and help cybersecurity system creators to create systems that work for smaller
companies.
Research Methodology
● Research Question and Hypothesis
The security of small companies with less than 100 employees will improve if they
implement real-time risk management systems and become more proactive in educating their
employees on the risk of malware.
 #23

● Basis of Hypothesis
It was found that the most beneficial systems were real-time management systems and
which could be constantly updated. Real-time systems are a system that can measure the risk
rather than simply be an indicator. If real-time risk management systems are employed,
companies are able to determine their risk tolerance. I read various articles about different types
of cybersecurity systems and what they do for companies. In these articles, most of them
concluded that the most beneficial systems were real-time risk management systems. Not only
are they the most cost beneficial for small companies with low budgets, but they are also easier
to implement. These articles contained statistics which showed what companies usually focus
their spending on: technology that makes their company look more appealing to consumers.
● Research Design
I want to pursue descriptive research by conducting interviews with high school students
who have created their own non-profit companies. This is to get a baseline on how much they
know about cybersecurity systems and the best systems to utilize. This would also bring about
more awareness for these students and allow them to understand the amount of risk that they face
by running with a lack of cybersecurity systems.
● Operational Definitions
Cybersecurity: ​the protection of internet-connected systems, including hardware, software and
data, from cyberattacks.
SMB’s: Small and medium-sized businesses
Security vendor: An company that sells goods or services to someone else in the economic
production chain, more specifically in this instance, security
Cloud computing: the practice of using a network of remote servers hosted on the Internet to
store, manage, and process data, rather than a local server or a personal computer
Actor-network theory: ​A theoretical and methodological approach to social theory where
everything in the social and natural worlds exists in constantly shifting networks of relationship
which posits that nothing exists outside those relationships
Malware: ​Any software intentionally designed to cause damage to a computer, server, client, or
computer network.
Product Overview
The product that I want is to conduct from my year of study are presentations to multiple
classrooms as well as potentially communicate my studies to various small local business
companies. My intended audience for these are the owners of small businesses, students who are
creating their own non-profits as well as normal people who need to become more aware about
the risks they face daily.
Logistical Considerations
Some considerations that I have for this research is to convince small business to talk to
me and listen to the research that I have conducted. Another consideration is the materials I need
or could use in order to better support my argument.
 #23

Allison Li
IR-3 / 11AP
3/6/19
#23
Timeline
Week of March 4th
● Turn in research proposal
● Turn in timeline
● Revise paper if necessary and turn in

Week of March 11th

● Work on/finish display board work plan
● Work on/finish the display board word docs
● Work on/finish display storyboard
● Interview at least 2 classmates who created own non-profit
● Turn in bi-weekly journal
● Email advisor

Week of March 18th

● Work on/finish display board letters & visuals
● Email some local businesses to see if I could meet with them
● Find more students with non-profits or teachers who follow or sponsor non-profits

Week of March 25th

● Turn in updated news clips
● Turn in signed paper & form from advisor
● Chat with local businesses if they accept
● Interview students
● Turn information received from companies/students into hard data

Week of April 1st

● Turn in display board
● Prep for the visual display fair

Week of April 8th

● Data & project presentations