Cloud environments enable organizations to offer uninterrupted delivery of information and services to their subscribers. Unfortunately, these platforms also create opportunities for cyber-attacks. ...As organizations become increasingly virtual, the channel that enables authorized users to access targeted information becomes the same channel used by hackers to propagate mischief. Cyber defense has thus become a dynamic challenge in the ever-connected cloud space. This study adopts the lens of activity theory to conceptualize cyber defense as an activity system and offers a transformative approach to developing organizational cyber awareness. The study contributes to organizational collective learning mechanisms in building effective computer incident response teams for cybersecurity operations.
Releasing social network data could seriously breach user privacy. User profile and friendship relations are inherently private. Unfortunately, sensitive information may be predicted out of released ...data through data mining techniques. Therefore, sanitizing network data prior to release is necessary. In this paper, we explore how to launch an inference attack exploiting social networks with a mixture of non-sensitive attributes and social relationships. We map this issue to a collective classification problem and propose a collective inference model. In our model, an attacker utilizes user profile and social relationships in a collective manner to predict sensitive information of related victims in a released social network dataset. To protect against such attacks, we propose a data sanitization method collectively manipulating user profile and friendship relations. Besides sanitizing friendship relations, the proposed method can take advantages of various data-manipulating methods. We show that we can easily reduce adversary's prediction accuracy on sensitive information, while resulting in less accuracy decrease on non-sensitive information towards three social network datasets. This is the first work to employ collective methods involving various data-manipulating methods and social relationships to protect against inference attacks in social networks.
Public sector organizations are facing an escalating challenge with the increasing volume and complexity of cyberattacks, which disrupt essential public services and jeopardize citizen data and ...privacy. Effective cybersecurity management has become an urgent necessity. To combat these threats comprehensively, the active involvement of all functional areas is crucial, necessitating a heightened holistic cybersecurity awareness among tactical and operational teams responsible for implementing security measures. Public entities face various challenges in maintaining this awareness, including difficulties in building a skilled cybersecurity workforce, coordinating mixed internal and external teams, and adapting to the outsourcing trend, which includes cybersecurity operations centers (CyberSOCs). Our research began with an extensive literature analysis to expand our insights derived from previous works, followed by a Spanish case study in collaboration with a digitization-focused public organization. The study revealed common features shared by public organizations globally. Collaborating with this public entity, we developed strategies tailored to its characteristics and transferrable to other public organizations. As a result, we propose the “Wide-Scope CyberSOC” as an innovative outsourced solution to enhance holistic awareness among the cross-functional cybersecurity team and facilitate comprehensive cybersecurity adoption within public organizations. We have also documented essential requirements for public entities when contracting Wide-Scope CyberSOC services to ensure alignment with their specific needs, accompanied by a management framework for seamless operation.
With the increase in the number of employees working remotely from home following the COVID-19 pandemic, cyberattacks have grown in quantity and strength. While companies invest tremendous resources ...in technical defense practices and protection tools, the main weak link is still the human factor. The current study aims to provide theoretical and empirical evidence of the antecedents that contribute to active cyber defense as well as cyber risk behaviors. Based on a sample of 338 employees who worked from home or on-site during and after COVID-19, we examined the effects of organizational training on employee defense behaviors. The results of the current study suggest that the workplace and the amount of confidence in the defense measures play an important role in contributing to cyber risk behavior. Therefore, it is crucial that managers raise employee awareness of the hazards and educate them on the different defense methods that they can apply.
ABSTRACT
Professional skepticism is a fundamental and critical construct for audit professionals. Although accounting regulators, practitioners, and CPA examinations call for explicit consideration ...of cyber risks by current and future audit professionals, the current body of literature has not examined the effects of professional skepticism in the context of cybersecurity-related tasks. This study focuses on the effect of professional skepticism on accounting students’ performance in cybersecurity (ASPC). Based on a sample of 115 graduate accounting students, we found that the students did not consistently understand cybersecurity fundamentals. Our study identifies personality traits and operating stress as antecedents of professional skepticism, and these antecedents affect ASPC indirectly through professional skepticism. The results indicate that professional skepticism directly and positively affects ASPC. In addition, cybersecurity knowledge and age positively and directly affect ASPC. The results of this study have implications for academics, accounting education, and the audit profession.
Data Availability: Data are available on request from the authors.
JEL Classifications: D91; M42; O33.
Image-based sexual abuse (IBSA) involves three key behaviors: the non-consensual taking or creation of nude or sexual images; the non-consensual sharing or distribution of nude or sexual images; and ...threats made to distribute nude or sexual images. IBSA is becoming increasingly criminalized internationally, representing an important and rapidly developing cybercrime issue. This paper presents findings of the first national online survey of self-reported lifetime IBSA perpetration in Australia (n = 4053), with a focus on the extent, nature, and predictors of perpetration. Overall, 11.1% (n = 411) of participants self-reported having engaged in some form of IBSA perpetration during their lifetime, with men significantly more likely to report IBSA perpetration than women. With regard to the nature of perpetration, participants reported targeting men and women at similar rates, and were more likely to report perpetrating against intimate partners or ex-partners, family members and friends than strangers or acquaintances. Logistic regression analyses identified that males, lesbian, gay or bisexual participants, participants with a self-reported disability, participants who accepted sexual image-based abuse myths, participants who engaged in or experienced sexual self-image behaviors, and participants who had a nude or sexual image of themselves taken, distributed, and/or threatened to be distributed without their consent were more likely to have engaged in some form of IBSA perpetration during their lifetime.
To ensure the safety and security of Automated Vehicles (Avs), the interaction between the Functional Safety (FuSa) and the Cybersecurity (CS) domains needs to be managed systematically. There is a ...demand to develop effective and structured management systems to support the homologation process. From this motivation, identifying the interaction between the Safety Management System (SMS) and the Cybersecurity Management System (CSMS) is a fundamental aspect and needs to be improved for HAD systems. Hence, the classical Decision Making Trial and Evaluation Laboratory (DEMATEL) method and fuzzy DEMATEL are applied to evaluate the influential factors that can impact the safety and security of the HAD systems. This paper proposes a list of influencing factors focusing on the interaction between SMS and CSMS for HAD systems. Additionally, the results of an anonymously conducted survey among experts from industry and research are presented and used as inputs for the methods. This work helps to understand the relationship between influencing factors and provides a simplified, easy-to-visualized, and valuable guide for developing HAD systems. The result of this study shows that the most important influential factor is F13. Moreover, the cause and effect of the factors are illustrated numerically and graphically. The influential factors F1 to F7 are identified as the cause and F8 to F13 are reasoned to effect. Finally, a circular representation of the influential factors and their interaction is presented in this paper.
•Identify the factors influencing the interaction between SMS and CSMS.•Classical and fuzzy DEMATEL methods are applied, and results are compared.•The cause and effect of the influential factors are presented.•The most important influential factor is determined.
This study analyzed the Coronavirus (COVID-19) crisis from the angle of cyber-crime,highlighting the wide spectrum of cyberattacks that occurred around the world. The modus operandi of cyberattack ...campaigns was revealed by analyzing and considering cyberattacks in the context of major world events. Following what appeared to be substantial gaps between the initial breakout of the virus and the first COVID-19-related cyber-attack, the investigation indicates how attacks became significantly more frequent over time, to the point where three or four different cyber-attacks were reported on certain days. This study contributes in the direction of fifteen types of cyber-attacks which were identified as the most common pattern and its ensuing devastating events during the global COVID-19 crisis. The paper is unique because it covered the main types of cyber-attacks that most organizations are currently facing and how to address them. An intense look into the recent advances that cybercriminals leverage, the dynamism, calculated measures to tackle it, and never-explored perspectives are some of the integral parts which make this review different from other present reviewed papers on the COVID-19 pandemic. A qualitative methodology was used to provide a robust response to the objective used for the study. Using a multi-criteria decision-making problem-solving technique, many facets of cybersecurity that have been affected during the pandemic were then quantitatively ranked in ascending order of severity. The data was generated between March 2020 and December 2021, from a global survey through online contact and responses, especially from different organizations and business executives. The result show differences in cyber-attack techniques; as hacking attacks was the most frequent with a record of 330 out of 895 attacks, accounting for 37%. Next was spam emails with 13%; followed by malicious domains with 9%. Mobile apps followed with 8%, Phishing was 7%, Malware 7%, Browsing apps with 6%, DDoS has 6%, Website apps with 6%, and MSMM with 6%. BEC frequency was 4%, Ransomware with 2%, Botnet scored 2% and APT recorded 1%. The study recommends that it will continue to be necessary for governments and organizations to be resilient and innovative in cybersecurity decisions to overcome the current and future effects of the pandemic or similar crisis, which could be long-lasting. Hence, this study's findings will guide the creation, development, and implementation of more secure systems to safeguard people from cyber-attacks.