The use of offensive cyber operations in war is no longer theoretical conjecture. Still, as we witness their use, important questions remain. How are offensive cyber operations employed in conventional warfighting, and what is their utility for the warfighting? This article answers these questions by analyzing new empirical evidence from the Russo–Ukrainian War, drawing on the novel TECI-model built for systematically analyzing and understanding offensive cyber operations in war through the model’s four constituent variables: target, effect, complexity, and integration. The article finds the utility of cyber operations in war is limited owing to an unsuitability for physical destruction, high risks of failure, high costs of complex operations that are more likely to attain successful and destructive effects, and a dichotomy between the tempi of conventional and cyber operations leading to cross-domain integration difficulties. Still, two narrow windows for achieving utility exist. Cumulative strategic utility is achievable by targeting critical infrastructure and governments in a persistent barrage of less complex cyber operations. Operational and tactical utility is achievable in the beginning of warfighting where the temporal dichotomy is less pronounced because cross-domain integration can be planned before warfighting commences. Filling a gap in the literature, TECI provides a common and operationalized model for future research systematically analyzing cyber operations, allowing for comparisons on the evolving role of cyberspace in war.
{"title":"Narrow windows of opportunity: the limited utility of cyber operations in war","authors":"Frederik A H Pedersen, Jeppe T Jacobsen","doi":"10.1093/cybsec/tyae014","DOIUrl":"https://doi.org/10.1093/cybsec/tyae014","url":null,"abstract":"The use of offensive cyber operations in war is no longer theoretical conjecture. Still, as we witness their use, important questions remain. How are offensive cyber operations employed in conventional warfighting, and what is their utility for the warfighting? This article answers these questions by analyzing new empirical evidence from the Russo–Ukrainian War, drawing on the novel TECI-model built for systematically analyzing and understanding offensive cyber operations in war through the model’s four constituent variables: target, effect, complexity, and integration. The article finds the utility of cyber operations in war is limited owing to an unsuitability for physical destruction, high risks of failure, high costs of complex operations that are more likely to attain successful and destructive effects, and a dichotomy between the tempi of conventional and cyber operations leading to cross-domain integration difficulties. Still, two narrow windows for achieving utility exist. Cumulative strategic utility is achievable by targeting critical infrastructure and governments in a persistent barrage of less complex cyber operations. Operational and tactical utility is achievable in the beginning of warfighting where the temporal dichotomy is less pronounced because cross-domain integration can be planned before warfighting commences. Filling a gap in the literature, TECI provides a common and operationalized model for future research systematically analyzing cyber operations, allowing for comparisons on the evolving role of cyberspace in war.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"78 1","pages":""},"PeriodicalIF":3.9,"publicationDate":"2024-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141940833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Gareth Mott, Sarah Turner, Jason R C Nurse, Nandita Pattnaik, Jamie MacColl, Pia Huesch, James Sullivan
Ransomware is a pernicious contemporary cyber threat for organizations, with ransomware operators intentionally leveraging a range of harms against their victims in order to solicit increasingly significant ransom payments. This article advances current research by engaging in a topical analysis into the depth and breadth of harms experienced by victim organizations and their members of staff. We, therefore, enhance the understanding of the negative experiences from ransomware attacks, particularly looking beyond the financial impact which dominates current narratives. Having conducted an interview or workshop with 83 professionals including ransomware victims, incident responders, ransom negotiators, law enforcement, and government, we identify a wide array of severe harms. For organizations, the risk of business interruption and/or data exposure presents potentially highly impactful financial and reputational harm(s). The victim organization’s staff can also experience a range of under-reported harms, which include physiological and physical harms that may be acute. We also identify factors that can either alleviate or aggravate the experiencing of harms at the organizational and employee level; including ransomware preparedness, leadership culture, and crisis communication. Given the scale and scope of the identified harms, the paper provides significant new empirical evidence to emphasize ransomware’s positioning as a whole-of-organization crisis phenomenon, as opposed to an ‘IT problem’. We argue that the wider discourse surrounding ransomware harms and impacts should be reflective of the nature of the real-term experience(s) of victims. This, in turn, could help guide efforts to alleviate ransomware harms, through improved organizational ransomware preparedness and tailored post-ransomware mitigation.
{"title":"‘There was a bit of PTSD every time I walked through the office door’: Ransomware harms and the factors that influence the victim organization’s experience","authors":"Gareth Mott, Sarah Turner, Jason R C Nurse, Nandita Pattnaik, Jamie MacColl, Pia Huesch, James Sullivan","doi":"10.1093/cybsec/tyae013","DOIUrl":"https://doi.org/10.1093/cybsec/tyae013","url":null,"abstract":"Ransomware is a pernicious contemporary cyber threat for organizations, with ransomware operators intentionally leveraging a range of harms against their victims in order to solicit increasingly significant ransom payments. This article advances current research by engaging in a topical analysis into the depth and breadth of harms experienced by victim organizations and their members of staff. We, therefore, enhance the understanding of the negative experiences from ransomware attacks, particularly looking beyond the financial impact which dominates current narratives. Having conducted an interview or workshop with 83 professionals including ransomware victims, incident responders, ransom negotiators, law enforcement, and government, we identify a wide array of severe harms. For organizations, the risk of business interruption and/or data exposure presents potentially highly impactful financial and reputational harm(s). The victim organization’s staff can also experience a range of under-reported harms, which include physiological and physical harms that may be acute. We also identify factors that can either alleviate or aggravate the experiencing of harms at the organizational and employee level; including ransomware preparedness, leadership culture, and crisis communication. Given the scale and scope of the identified harms, the paper provides significant new empirical evidence to emphasize ransomware’s positioning as a whole-of-organization crisis phenomenon, as opposed to an ‘IT problem’. We argue that the wider discourse surrounding ransomware harms and impacts should be reflective of the nature of the real-term experience(s) of victims. This, in turn, could help guide efforts to alleviate ransomware harms, through improved organizational ransomware preparedness and tailored post-ransomware mitigation.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"145 1","pages":""},"PeriodicalIF":3.9,"publicationDate":"2024-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141866680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Miguel A Toro-Jarrin, Pilar Pazos, Miguel A Padilla
Numerous factors determine information security-related actions (IS-actions) in the workplace. Attitudes toward following security rules and recommendations and attitudes toward specific IS actions determine intentions associated with those actions. IS research has examined the role of the instrumental aspect of attitudes. However, authors argue that attitudes toward a behavioral object are a multidimensional construct. We examined the dimensionality of attitudes toward security recommendations, hypothesized its multidimensional nature, and developed a new scale [attitudes toward security recommendations (ASR scale)]. The results indicated the multidimensional nature of attitudes toward security recommendations supporting our hypothesis. The results revealed two dimensions corresponding to the perceived legitimacy and effectiveness of security recommendations and its perceived rigor. The new ASR scale showed good psychometric properties. This work contributes to the IS research at suggesting that attitudes are a multidimensional construct in the IS context. These findings imply that the employee’s evaluation of information security policy can be examined considering their instrumentality (security recommendations are important) and rigor (security recommendations are strict). Different effects of the dimensions of attitudes over IS-action suggest different interventions. Additionally, this study offers the ASR scale as a new instrument to capture employees’ evaluation of security recommendations.
工作场所中与信息安全有关的行动(IS-行动)由许多因素决定。对遵守安全规则和建议的态度以及对具体 IS 行动的态度决定了与这些行动相关的意向。对 IS 的研究探讨了态度的工具性作用。然而,有学者认为,对行为对象的态度是一个多维度的结构。我们研究了对安全建议的态度的维度,假设其具有多维性,并开发了一个新的量表[对安全建议的态度(ASR 量表)]。结果表明,对安全建议的态度具有多维性,支持了我们的假设。结果显示了两个维度,分别对应于对安全建议合法性和有效性的感知以及对其严谨性的感知。新的 ASR 量表显示出良好的心理测量特性。这项研究表明,在 IS 环境中,态度是一个多维度的结构,这对 IS 研究做出了贡献。这些发现意味着,员工对信息安全政策的评价可以考虑其工具性(安全建议很重要)和严格性(安全建议很严格)。态度维度对 IS 行动的不同影响建议采取不同的干预措施。此外,本研究还提供了 ASR 量表,作为了解员工对安全建议评价的新工具。
{"title":"It is not only about having good attitudes: factor exploration of the attitudes toward security recommendations","authors":"Miguel A Toro-Jarrin, Pilar Pazos, Miguel A Padilla","doi":"10.1093/cybsec/tyae011","DOIUrl":"https://doi.org/10.1093/cybsec/tyae011","url":null,"abstract":"Numerous factors determine information security-related actions (IS-actions) in the workplace. Attitudes toward following security rules and recommendations and attitudes toward specific IS actions determine intentions associated with those actions. IS research has examined the role of the instrumental aspect of attitudes. However, authors argue that attitudes toward a behavioral object are a multidimensional construct. We examined the dimensionality of attitudes toward security recommendations, hypothesized its multidimensional nature, and developed a new scale [attitudes toward security recommendations (ASR scale)]. The results indicated the multidimensional nature of attitudes toward security recommendations supporting our hypothesis. The results revealed two dimensions corresponding to the perceived legitimacy and effectiveness of security recommendations and its perceived rigor. The new ASR scale showed good psychometric properties. This work contributes to the IS research at suggesting that attitudes are a multidimensional construct in the IS context. These findings imply that the employee’s evaluation of information security policy can be examined considering their instrumentality (security recommendations are important) and rigor (security recommendations are strict). Different effects of the dimensions of attitudes over IS-action suggest different interventions. Additionally, this study offers the ASR scale as a new instrument to capture employees’ evaluation of security recommendations.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"24 1","pages":""},"PeriodicalIF":3.9,"publicationDate":"2024-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141547245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Network games are commonly used to capture the strategic interactions among interconnected agents in simultaneous moves. The agents’ actions in a Nash equilibrium must take into account the mutual dependencies connecting them, which is typically obtained by solving a set of fixed point equations. Stackelberg games, on the other hand, model the sequential moves between agents that are categorized as leaders and followers. The corresponding solution concept, the subgame perfect equilibrium, is typically obtained using backward induction. Both game forms enjoy very wide use in the (cyber)security literature, the network game often as a template to study security investment and externality—also referred to as the interdependent security games—and the Stackelberg game as a formalism to model a variety of attacker–defender scenarios. In this study, we examine a model that combines both types of strategic reasoning: the interdependency as well as sequential moves. Specifically, we consider a scenario with a network of interconnected first movers (firms or defenders, whose security efforts and practices collectively determine the security posture of the eco-system) and one or more second movers, the attacker(s), who determine how much effort to exert on attacking the many potential targets. This gives rise to an equilibrium concept that embodies both types of equilibria mentioned above. We will examine how its existence and uniqueness conditions differ from that for a standard network game. Of particular interest are comparisons between the two game forms in terms of effort exerted by the defender(s) and the attacker(s), respectively, and the free-riding behavior among the defenders.
{"title":"Interdependent security games in the Stackelberg style: how first-mover advantage impacts free riding and security (under-)investment","authors":"Ziyuan Huang, Parinaz Naghizadeh, Mingyan Liu","doi":"10.1093/cybsec/tyae009","DOIUrl":"https://doi.org/10.1093/cybsec/tyae009","url":null,"abstract":"Network games are commonly used to capture the strategic interactions among interconnected agents in simultaneous moves. The agents’ actions in a Nash equilibrium must take into account the mutual dependencies connecting them, which is typically obtained by solving a set of fixed point equations. Stackelberg games, on the other hand, model the sequential moves between agents that are categorized as leaders and followers. The corresponding solution concept, the subgame perfect equilibrium, is typically obtained using backward induction. Both game forms enjoy very wide use in the (cyber)security literature, the network game often as a template to study security investment and externality—also referred to as the interdependent security games—and the Stackelberg game as a formalism to model a variety of attacker–defender scenarios. In this study, we examine a model that combines both types of strategic reasoning: the interdependency as well as sequential moves. Specifically, we consider a scenario with a network of interconnected first movers (firms or defenders, whose security efforts and practices collectively determine the security posture of the eco-system) and one or more second movers, the attacker(s), who determine how much effort to exert on attacking the many potential targets. This gives rise to an equilibrium concept that embodies both types of equilibria mentioned above. We will examine how its existence and uniqueness conditions differ from that for a standard network game. Of particular interest are comparisons between the two game forms in terms of effort exerted by the defender(s) and the attacker(s), respectively, and the free-riding behavior among the defenders.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"20 1","pages":""},"PeriodicalIF":3.9,"publicationDate":"2024-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141502761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Albesë Demjaha, David Pym, Tristan Caulfield, Simon Parkin
Increasingly, organizations are acknowledging the importance of human factors in the management of security in workplaces. There are challenges in managing security infrastructures in which there may be centrally mandated and locally managed initiatives to promote secure behaviours. We apply a co-design methodology to harmonize employee behaviour and centralized security management in a large university. This involves iterative rounds of interviews connected by the co-design methodology: 14 employees working with high-value data with specific security needs; seven support staff across both local and central IT and IT-security support teams; and two senior security decision-makers in the organization. We find that employees prefer local support together with assurances that they are behaving securely, rather than precise instructions that lack local context. Trust in support teams that understand local needs also improves engagement, especially for employees who are unsure what to do. Policy is understood by employees through their interactions with support staff and when they see colleagues enacting secure behaviours in the workplace. The iterative co-design approach brings together the viewpoints of a range of employee groups and security decision-makers that capture key influences that drive secure working practices. We provide recommendations for improvements to workplace security, including recognizing that communication of the policy is as important as what is in the policy.
越来越多的组织认识到人的因素在工作场所安全管理中的重要性。在管理安全基础设施方面存在着挑战,其中可能有中央授权和地方管理的措施来促进安全行为。我们在一所大型大学中采用了共同设计方法来协调员工行为和集中式安全管理。这包括通过共同设计方法进行的一轮又一轮的访谈,访谈对象包括:14 名处理高价值数据并有特殊安全需求的员工;7 名跨本地和中央 IT 及 IT 安全支持团队的支持人员;以及两名组织中的高级安全决策者。我们发现,员工更喜欢本地支持,以及确保他们行为安全的保证,而不是缺乏本地背景的精确指示。对了解本地需求的支持团队的信任也会提高员工的参与度,尤其是那些不知道该怎么做的员工。员工通过与支持人员的互动,以及看到同事在工作场所实施安全行为,就能理解政策。迭代式共同设计方法汇集了一系列员工群体和安全决策者的观点,抓住了推动安全工作实践的关键影响因素。我们提出了改进工作场所安全的建议,包括认识到政策沟通与政策内容同等重要。
{"title":"‘The trivial tickets build the trust’: a co-design approach to understanding security support interactions in a large university","authors":"Albesë Demjaha, David Pym, Tristan Caulfield, Simon Parkin","doi":"10.1093/cybsec/tyae007","DOIUrl":"https://doi.org/10.1093/cybsec/tyae007","url":null,"abstract":"Increasingly, organizations are acknowledging the importance of human factors in the management of security in workplaces. There are challenges in managing security infrastructures in which there may be centrally mandated and locally managed initiatives to promote secure behaviours. We apply a co-design methodology to harmonize employee behaviour and centralized security management in a large university. This involves iterative rounds of interviews connected by the co-design methodology: 14 employees working with high-value data with specific security needs; seven support staff across both local and central IT and IT-security support teams; and two senior security decision-makers in the organization. We find that employees prefer local support together with assurances that they are behaving securely, rather than precise instructions that lack local context. Trust in support teams that understand local needs also improves engagement, especially for employees who are unsure what to do. Policy is understood by employees through their interactions with support staff and when they see colleagues enacting secure behaviours in the workplace. The iterative co-design approach brings together the viewpoints of a range of employee groups and security decision-makers that capture key influences that drive secure working practices. We provide recommendations for improvements to workplace security, including recognizing that communication of the policy is as important as what is in the policy.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"14 1","pages":""},"PeriodicalIF":3.9,"publicationDate":"2024-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141502762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Aviram Zrahia, Neil Gandal, Sarit Markovich, Michael Riordan
We first provide background on the “nuts and bolts” of a bug bounty platform: a two-sided marketplace that connects firms and individual security researchers (“ethical” hackers) to facilitate the discovery of software vulnerabilities. Researchers get acknowledged for valid submissions, but only the first submission of a distinct vulnerability is rewarded money in this tournament-like setting. We then empirically examine the effect of an exogenous external shock (COVID-19) on Bugcrowd, one of the leading platforms. The shock presumably reduced the opportunity set for many security researchers who might have lost their jobs or been placed on a leave of absence. We show that the exogenous shock led to a huge rightward shift in the supply curve and increased the number of submissions and new researchers on the platform. During the COVID period, there was a significant growth in duplicate (already known) valid submissions, leading to a lower probability of winning a monetary reward. The supply increase resulted in a significant decline in the equilibrium price of valid submissions, mostly due to this duplicate submission supply-side effect. The results suggest that had there been a larger increase in the number of firms and bug bounty programs on the platform, many more unique software vulnerabilities could have been discovered.
{"title":"The simple economics of an external shock to a bug bounty platform","authors":"Aviram Zrahia, Neil Gandal, Sarit Markovich, Michael Riordan","doi":"10.1093/cybsec/tyae006","DOIUrl":"https://doi.org/10.1093/cybsec/tyae006","url":null,"abstract":"We first provide background on the “nuts and bolts” of a bug bounty platform: a two-sided marketplace that connects firms and individual security researchers (“ethical” hackers) to facilitate the discovery of software vulnerabilities. Researchers get acknowledged for valid submissions, but only the first submission of a distinct vulnerability is rewarded money in this tournament-like setting. We then empirically examine the effect of an exogenous external shock (COVID-19) on Bugcrowd, one of the leading platforms. The shock presumably reduced the opportunity set for many security researchers who might have lost their jobs or been placed on a leave of absence. We show that the exogenous shock led to a huge rightward shift in the supply curve and increased the number of submissions and new researchers on the platform. During the COVID period, there was a significant growth in duplicate (already known) valid submissions, leading to a lower probability of winning a monetary reward. The supply increase resulted in a significant decline in the equilibrium price of valid submissions, mostly due to this duplicate submission supply-side effect. The results suggest that had there been a larger increase in the number of firms and bug bounty programs on the platform, many more unique software vulnerabilities could have been discovered.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"75 1","pages":""},"PeriodicalIF":3.9,"publicationDate":"2024-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140928704","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Serverless computing is an ever-growing programming paradigm being adopted by developers all over the world. Its highly scalable, automatic load balancing, and pay for what you use design is a powerful tool that can also greatly reduce operational costs. However, these advantages also leave serverless computing open to a unique threat, Denial-of-Wallet (DoW). It is the intentional targeting of serverless function endpoints with request traffic in order to artificially raise the usage bills for the application owner. A subset of these attacks are leeches. They perform DoW at a rate that could go undetected as it is not a sudden violent influx of requests. We devise a means of detecting such attacks by utilizing a novel approach of representing request traffic as heat maps and training an image classification algorithm to distinguish between normal and malicious traffic behaviour. Our classifier utilizes convolutional neural networks and achieves 97.98% accuracy. We then design a system for the implementation of this model that would allow application owners to monitor their traffic in real time for suspicious behaviour.
{"title":"DoWNet—classification of Denial-of-Wallet attacks on serverless application traffic","authors":"Daniel Kelly, Frank G Glavin, Enda Barrett","doi":"10.1093/cybsec/tyae004","DOIUrl":"https://doi.org/10.1093/cybsec/tyae004","url":null,"abstract":"Serverless computing is an ever-growing programming paradigm being adopted by developers all over the world. Its highly scalable, automatic load balancing, and pay for what you use design is a powerful tool that can also greatly reduce operational costs. However, these advantages also leave serverless computing open to a unique threat, Denial-of-Wallet (DoW). It is the intentional targeting of serverless function endpoints with request traffic in order to artificially raise the usage bills for the application owner. A subset of these attacks are leeches. They perform DoW at a rate that could go undetected as it is not a sudden violent influx of requests. We devise a means of detecting such attacks by utilizing a novel approach of representing request traffic as heat maps and training an image classification algorithm to distinguish between normal and malicious traffic behaviour. Our classifier utilizes convolutional neural networks and achieves 97.98% accuracy. We then design a system for the implementation of this model that would allow application owners to monitor their traffic in real time for suspicious behaviour.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"309 1","pages":""},"PeriodicalIF":3.9,"publicationDate":"2024-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140199772","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Efficient risk transfer is an important condition for ensuring the sustainability of a market according to the established economics literature. In an inefficient market, significant financial imbalances may develop and potentially jeopardize the solvency of some market participants. The constantly evolving nature of cyber-threats and lack of public data sharing mean that the economic conditions required for quoted cyber-insurance premiums to be considered efficient are highly unlikely to be met. This paper develops Monte Carlo simulations of an artificial cyber-insurance market and compares the efficient and inefficient outcomes based on the informational setup between the market participants. The existence of diverse loss distributions is justified by the dynamic nature of cyber-threats and the absence of any reliable and centralized incident reporting. It is shown that the limited involvement of reinsurers when loss expectations are not shared leads to increased premiums and lower overall capacity. This suggests that the sustainability of the cyber-insurance market requires both better data sharing and external sources of risk tolerant capital.
{"title":"The barriers to sustainable risk transfer in the cyber-insurance market","authors":"Henry R K Skeoch, Christos Ioannidis","doi":"10.1093/cybsec/tyae003","DOIUrl":"https://doi.org/10.1093/cybsec/tyae003","url":null,"abstract":"Efficient risk transfer is an important condition for ensuring the sustainability of a market according to the established economics literature. In an inefficient market, significant financial imbalances may develop and potentially jeopardize the solvency of some market participants. The constantly evolving nature of cyber-threats and lack of public data sharing mean that the economic conditions required for quoted cyber-insurance premiums to be considered efficient are highly unlikely to be met. This paper develops Monte Carlo simulations of an artificial cyber-insurance market and compares the efficient and inefficient outcomes based on the informational setup between the market participants. The existence of diverse loss distributions is justified by the dynamic nature of cyber-threats and the absence of any reliable and centralized incident reporting. It is shown that the limited involvement of reinsurers when loss expectations are not shared leads to increased premiums and lower overall capacity. This suggests that the sustainability of the cyber-insurance market requires both better data sharing and external sources of risk tolerant capital.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"24 5 1","pages":""},"PeriodicalIF":3.9,"publicationDate":"2024-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139945993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Those charged with protecting the homeland through intelligence analysis, particularly in counterterrorism, must be capable of rapidly adopting innovative technologies to detect and prevent exploitation and disruption of vulnerable critical infrastructures. However, implementing these responses requires a highly skilled technical workforce that is continually provided with timely educational and training programs. Yet, questions remain regarding the technical aptitude necessary to respond to today’s terrorism threats and the Department of Homeland Security’s ability to provide consistent and rigorous standards for technology training and education. By surveying analysts, we examine what, if any, educational and training programs have been provided to adapt and remain technologically competitive and effectively utilize emerging technologies. We find a distinct need to focus on improvements that involve clarifying terms, building a technology and cybersecurity roadmap for analysts, allocating additional training time for employees, and building partnerships with private industry.
{"title":"Behind the curve: technology challenges facing the homeland intelligence and counterterrorism workforce","authors":"Michelle Black, Lana Obradovic, Deanna House","doi":"10.1093/cybsec/tyae002","DOIUrl":"https://doi.org/10.1093/cybsec/tyae002","url":null,"abstract":"Those charged with protecting the homeland through intelligence analysis, particularly in counterterrorism, must be capable of rapidly adopting innovative technologies to detect and prevent exploitation and disruption of vulnerable critical infrastructures. However, implementing these responses requires a highly skilled technical workforce that is continually provided with timely educational and training programs. Yet, questions remain regarding the technical aptitude necessary to respond to today’s terrorism threats and the Department of Homeland Security’s ability to provide consistent and rigorous standards for technology training and education. By surveying analysts, we examine what, if any, educational and training programs have been provided to adapt and remain technologically competitive and effectively utilize emerging technologies. We find a distinct need to focus on improvements that involve clarifying terms, building a technology and cybersecurity roadmap for analysts, allocating additional training time for employees, and building partnerships with private industry.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"141 1","pages":""},"PeriodicalIF":3.9,"publicationDate":"2024-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139773215","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This research examined the lives of Australian employees who moved to work from home during COVID-19. Taking a unique approach to cybersecurity, we sought to gain insights into the intermingling of individuals’ personal lives and technology to inform policies and educational programmes. The study employed interpretative phenomenological analysis to understand 27 participants’ lived experiences under lockdown. We found that psychological (e.g. stress, anxiety, confidence, motivation) and sociological (e.g. sharing physical spaces, digital divide) factors impacted employees’ likelihood and ability to engage in effective cybersecurity practices. So did new ways of using technology (e.g. teaching via Zoom), which elucidated unexpected but significant security concerns (e.g. naked children in virtual classrooms). We suggest that cyber educators and policymakers take a Vygotskian approach, which considers that social interaction is central to learning. This assumption means that personal factors must be considered instead of a ‘one-size-fits-all approach’. We argue that organizations should think about approaches that consider the employees’ psychological state before training (and perhaps find ways to reduce anxiety), helping employees redesign their home workspaces to ensure privacy and concentration, and updating employees’ digital devices. Practitioners and scholars can also apply these results post-COVID-19, especially if the ‘new working normal’ provides options for employees to work from home.
{"title":"Cybersecurity when working from home during COVID-19: considering the human factors","authors":"Monica T Whitty, Nour Moustafa, Marthie Grobler","doi":"10.1093/cybsec/tyae001","DOIUrl":"https://doi.org/10.1093/cybsec/tyae001","url":null,"abstract":"This research examined the lives of Australian employees who moved to work from home during COVID-19. Taking a unique approach to cybersecurity, we sought to gain insights into the intermingling of individuals’ personal lives and technology to inform policies and educational programmes. The study employed interpretative phenomenological analysis to understand 27 participants’ lived experiences under lockdown. We found that psychological (e.g. stress, anxiety, confidence, motivation) and sociological (e.g. sharing physical spaces, digital divide) factors impacted employees’ likelihood and ability to engage in effective cybersecurity practices. So did new ways of using technology (e.g. teaching via Zoom), which elucidated unexpected but significant security concerns (e.g. naked children in virtual classrooms). We suggest that cyber educators and policymakers take a Vygotskian approach, which considers that social interaction is central to learning. This assumption means that personal factors must be considered instead of a ‘one-size-fits-all approach’. We argue that organizations should think about approaches that consider the employees’ psychological state before training (and perhaps find ways to reduce anxiety), helping employees redesign their home workspaces to ensure privacy and concentration, and updating employees’ digital devices. Practitioners and scholars can also apply these results post-COVID-19, especially if the ‘new working normal’ provides options for employees to work from home.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"7 1","pages":""},"PeriodicalIF":3.9,"publicationDate":"2024-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139583452","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: