Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems

This mixed-methods study focused on the internal human factors responsible for data breaches that could cause adverse impacts on organizations. Based on the Swiss cheese theory, the study was designed to examine preventative measures that managers could implement to minimize potential data breaches resulting from internal employees\u27 behaviors. The purpose of this study was to provide insight to managers about developing strategies that could prevent data breaches from cyber-threats by focusing on the specific internal human factors responsible for data breaches, the root causes, and the preventive measures that could minimize threats from internal employees. Data were collected from 10 managers and 12 employees from the business sector, and 5 government managers in Ivory Coast, Africa. The mixed methodology focused on the why and who using the phenomenological approach, consisting of a survey, face-to-face interviews using open-ended questions, and a questionnaire to extract the experiences and perceptions of the participants about preventing the adverse consequences from cyber-threats. The results indicated the importance of top managers to be committed to a coordinated, continuous effort throughout the organization to ensure cyber security awareness, training, and compliance of security policies and procedures, as well as implementing and upgrading software designed to detect and prevent data breaches both internally and externally. The findings of this study could contribute to social change by educating managers about preventing data breaches who in turn may implement information accessibility without retribution. Protecting confidential data is a major concern because one data breach could impact many people as well as jeopardize the viability of the entire organization

An analysis of cybersecurity culture in an organisation managing Critical Infrastructure

The 4th industrial revolution (4IR) is transforming the way businesses operate, making them more efficient and data-driven while also increasing the threat-landscape brought on by the convergence of technologies and increasingly so for organisations managing critical infrastructure. Environments that traditionally operated entirely independent of networks and the internet are now connecting in ways that are exposing critical infrastructure to a new level of cyber-risks that now need to be managed. Due to the stable nature of technologies and knowledge in traditional industrial environments, there is a misalignment of skills to emerging technology trends. Globally cyber-crime attacks are on the rise with Cisco reporting in 2018 that 31% of all respondents had seen a cyber-attack in their operational environment[1]. With up to 67% of breaches reported in the Willis Towers report due to employee negligence [2], the importance of cybersecurity culture is no longer in question in organisations managing critical infrastructure. Developing an understanding of the drivers for behaviours, attitudes and beliefs related to cybersecurity and aligning these to an organisations risk appetite and tolerance is crucial to managing cyber-risk. There is a very divergent understanding of cyber-risk in the engineering environment. This study endeavours to investigate employee perceptions, attitudes and values associated with cybersecurity and how these potentially affects their behaviour and ultimately the risk to the plant or organisation. Most traditional culture questionnaires focus on information security with observations focussing more on social engineering, email hygiene and physical controls. This cybersecurity culture study was conducted to gain insight into people's beliefs, attitudes and behaviours related to cybersecurity encompassing people, process and technology focussing on the operational technology environment in Eskom1. Both technical (Engineering and IT) and nontechnical (business support staff) staff were questionnaireed. The questionnaire was categorised into four sections dealing with cybersecurity culture as they relate to individuals, processes and technology, leadership and the organisation at large. The results from the analysis, revealed that collaboration, information sharing, reporting of vulnerabilities, high dependence and trust in technology, leadership commitment, vigilance, compliance, unclear processes and lack of understanding around cybersecurity all contribute to the current levels of cybersecurity culture. Insights from this study will generate recommendations that will form part of a cybersecurity culture transformation journey

A Dynamic Framework Enhancing Situational Awareness in Cybersecurity SOC—IR

Organizations today face a significant challenge in protecting their valuable IT assets. Cyber criminals unlimited to physical boundaries are able to disrupt and destroy cyber infrastructure, deny organizations access to IT services and steal sensitive data. With the purpose of employing socio-technical systems to detect, analyze and respond to these threats, enterprises organize security operations centres at the heart of their entities. As the environment constantly shifts (i.e., in 2020 the corona virus triggered a digital upheaval creating new attack surfaces; today the Ukrainian war have triggered cyber-conflict) the dependency on these systems increases the need for situational awareness. Essentially, having the capability to gather relevant information from the environment, the means to understand the gathered information, and reflecting that gained understanding for the current environment. This exploratory study examines how such capabilities are operationalized in leading Managed security service providers (MSSPs) providing cybersecurity operations and incident response, and looks at how situation awareness knowledge is constructed through the organizational levels of the enterprise detection & response. In this context, situational awareness span over different levels in the organization starting from team personnel, ending at top management. Thus, providing situational awareness at the different organizational levels is considered a complex process involving various sources of information, different levels of perspective, and different interpretations which trigger a complex set of decision-making processes. To explore this, we constructed a theory-informed narrative using a theoretical lens that resulted in the formulation of a conceptual framework. Thus, through interviews with practitioners from across the organizational levels of two leading MSSPs; parallel to inquiring about general aspects surrounding the subject of enterprise response, the conceptual frame-work was validated. The interview responses were then coded using categorization. The analysis informed the development of the conceptual framework, and so the framework was adjusted to account for the findings. Through interpretation of empirical evidence, the result is a final validated framework which models how cybersecurity operations are operationalized in the enterprise detection & response of leading MSSPs. With emphasis on situation awareness, the framework shows how technology, people and processes either support or engage in the perception, comprehension and projection of situation awareness knowledge in order to make informed decisions. Consequently, the framework takes into account the activities held post-incident to reflect upon the response, which we argue allows for the construction of team situation awareness. Our work contributes to situation awareness theory in the context of cybersecurity operations and incident response by advancing the understanding of the organizational capabilities of MSSPs to develop awareness of the cyber-threat landscape and the broader operational dynamics. By introducing the dynamic framework enhancing situation awareness in cybersecurity SOC—IR we expand on the models of Endsley (1995) and Ahmad et al. (2021) by combining elements of existing work with empirical findings to reflect best practices applied in MSSPs

A Dynamic Framework Enhancing Situational Awareness in Cybersecurity SOC—IR

Organizations today face a significant challenge in protecting their valuable IT assets. Cyber criminals unlimited to physical boundaries are able to disrupt and destroy cyber infrastructure, deny organizations access to IT services and steal sensitive data. With the purpose of employing socio-technical systems to detect, analyze and respond to these threats, enterprises organize security operations centres at the heart of their entities. As the environment constantly shifts (i.e., in 2020 the corona virus triggered a digital upheaval creating new attack surfaces; today the Ukrainian war have triggered cyber-conflict) the dependency on these systems increases the need for situational awareness. Essentially, having the capability to gather relevant information from the environment, the means to understand the gathered information, and reflecting that gained understanding for the current environment.This exploratory study examines how such capabilities are operationalized in leading Managed security service providers (MSSPs) providing cybersecurity operations and incident response, and looks at how situation awareness knowledge is constructed through the organizational levels of the enterprise detection & response. In this context, situational awareness span over different levels in the organization starting from team personnel, ending at top management. Thus, providing situational awareness at the different organizational levels is considered a complex process involving various sources of information, different levels of perspective, and different interpretations which trigger a complex set of decision-making processes. To explore this, we constructed a theory-informed narrative using a theoretical lens that resulted in the formulation of a conceptual framework. Thus, through interviews with practitioners from across the organizational levels of two leading MSSPs; parallel to inquiring about general aspects surrounding the subject of enterprise response, the conceptual framework was validated. The interview responses were then coded using categorization. The analysis informed the development of the conceptual framework, and so the framework was adjusted to account for the findings. Through interpretation of empirical evidence, the result is a final validated framework which models how cybersecurity operations are operationalized in the enterprise detection & response of leading MSSPs. With emphasis on situation awareness, the framework shows how technology, people and processes either support or engage in the perception, comprehension and projection of situation awareness knowledge in order to make informed decisions. Consequently, the framework takes into account the activities held post-incident to reflect upon the response, which we argue allows for the construction of team situation awareness. Our work contributes to situation awareness theory in the context of cybersecurity operations and incident response by advancing the understanding of the organizational capabilities of MSSPs to develop awareness of the cyber-threat landscape and the broader operational dynamics. By introducing the dynamic framework enhancing situation awareness in cybersecurity SOC—IR we expand on the models of Endsley (1995) and Ahmad et al. (2021) by combining elements of existing work with empirical findings to reflect best practices applied in MSSPs

Mobile bullying : investigating the non-technical factors that influence forensic readiness in township schools in South Africa

The increasing use of mobile devices by high school learners has resulted in increased networking activities for learners who take advantage of opportunities presented by mobile technologies. Mobile technology continues to play a key role in facilitating online interactions amongst South African youth, and some learners use mobile technology to enhance their learning capabilities. However, such electronic operations have also presented new risks particularly in the developing countries where online bullying is on the rise and investigations of such incidents or threats are expensive. Mobile bullying and lack of discipline of bullies, for instance, are major concerns in the society at large. To control these incidents, learners and teachers need to know what to do when incidents arise. The process of digital forensic investigation is typically left for those specialising in the field of digital forensics. Those responsible for learner's safety in schools are often faced with situations where they have to perform basic investigations or preserve evidence for incident escalation to the specialists. However, schools often do not prepare themselves well enough for the challenges relating to mobile bullying. They find themselves not knowing where to start or how to preserve evidence. Digital forensic investigations are even more challenging in school settings because of the dynamic nature of these environments. While studies have been conducted in the developed countries, little is still known about how schools in the developing world, for instance South Africa, may handle mobile bullying. Very little is known about how schools in the developing countries may maximise their potential to use digital evidence while minimising the impact resulting from the incident. There is limited guidance on how to be digital forensic ready in schools where teachers, learners, principals, and other role players are not trained well enough to deal with mobile bullying. The objective of this study was to provide insight into factors that enhance the non-technical forensic readiness program in township schools and the ability of teachers to investigate mobile bullying incidents. The study aimed at employing concepts of forensic readiness to ignite schools' ability to prepare for response to mobile bullying incidents and create a digital forensic ready learning environment. The study was conducted in South Africa, Limpopo and North West provinces. Five schools agreed to participate in this study; eighty-two valid responses were obtained from teachers. The study followed mixed methods approach to the theory

RAISING THE CYBER GUARD: ANALYZING THE COST AND USE OF THE NATIONAL GUARD IN LOCAL MUNICIPAL AND STATE CYBER DEFENSE

Cybersecurity is a national priority for the Homeland Security enterprise. Yet, despite a prioritization at the federal level, municipal and state governments have struggled to incorporate the National Guard in cyber incident response. Cyber incidents strain municipalities and states, which have spent significant resources to mitigate cyber threats. The glaring gap in the National Guard’s role in municipal and state cyber incident response warrants two key questions as to why the National Guard isn’t more readily used. “Is it cost prohibitive to use National Guard assets when compared to private entities?” Or “is there an underlying sociological disconnect regarding the National Guard’s role in cyber disaster when compared to physical disasters.”? Both questions and the National Guard’s role have largely underexamined by Homeland Security professionals and academia requires additional examination. This dissertation seeks to study via a sequential mixed method approach answers to both questions. First, using a quantitative analysis method examining case studies this study seeks to examine if “it is less expensive for municipal and state governments to use the National Guard instead of private sector assistance for cyber incident responses? Sequentially if it is less expensive, this dissertation seeks to utilize a survey-based questionnaire from associations of National Guard and Emergency response personal to answer, “is there and underlying sociological misperceptions that contribute to National Guard’s underutilization for cyber disasters when compared to their role in traditional disaster response?” This study achieved complimenting results: with quantitative testing affirming the initial hypothesis regarding the National Guard’s cost effectiveness versus private sector entities in case studies examined. This led to qualitive studies using surveys to examine possible misperceptions of the National Guard’s role in cyber incident response for municipal and state level operations. Surveys revealed both a lack of understanding and disconnect between the National Guard’s role in cyber incident response when compared it is normal role in physical disasters. This research creates opportunity and future growth for homeland Security professionals to prioritize the understanding and growing role of the National Guard for public and private enterprise at the municipal and state level of cyber incident response

Development and Validation of a Proof-of-Concept Prototype for Analytics-based Malicious Cybersecurity Insider Threat in a Real-Time Identification System

Insider threat has continued to be one of the most difficult cybersecurity threat vectors detectable by contemporary technologies. Most organizations apply standard technology-based practices to detect unusual network activity. While there have been significant advances in intrusion detection systems (IDS) as well as security incident and event management solutions (SIEM), these technologies fail to take into consideration the human aspects of personality and emotion in computer use and network activity, since insider threats are human-initiated. External influencers impact how an end-user interacts with both colleagues and organizational resources. Taking into consideration external influencers, such as personality, changes in organizational polices and structure, along with unusual technical activity analysis, would be an improvement over contemporary detection tools used for identifying at-risk employees. This would allow upper management or other organizational units to intervene before a malicious cybersecurity insider threat event occurs, or mitigate it quickly, once initiated. The main goal of this research study was to design, develop, and validate a proof-of-concept prototype for a malicious cybersecurity insider threat alerting system that will assist in the rapid detection and prediction of human-centric precursors to malicious cybersecurity insider threat activity. Disgruntled employees or end-users wishing to cause harm to the organization may do so by abusing the trust given to them in their access to available network and organizational resources. Reports on malicious insider threat actions indicated that insider threat attacks make up roughly 23% of all cybercrime incidents, resulting in $2.9 trillion in employee fraud losses globally. The damage and negative impact that insider threats cause was reported to be higher than that of outsider or other types of cybercrime incidents. Consequently, this study utilized weighted indicators to measure and correlate simulated user activity to possible precursors to malicious cybersecurity insider threat attacks. This study consisted of a mixed method approach utilizing an expert panel, developmental research, and quantitative data analysis using the developed tool on simulated data set. To assure validity and reliability of the indicators, a panel of subject matter experts (SMEs) reviewed the indicators and indicator categorizations that were collected from prior literature following the Delphi technique. The SMEs’ responses were incorporated into the development of a proof-of-concept prototype. Once the proof-of-concept prototype was completed and fully tested, an empirical simulation research study was conducted utilizing simulated user activity within a 16-month time frame. The results of the empirical simulation study were analyzed and presented. Recommendations resulting from the study also be provided

The Effect of Cybersecurity Training on Government Employee’s Knowledge of Cybersecurity Issues and Practices

There is an ever-pressing need for cybersecurity awareness and implementation of learning strategies in the workplace to mitigate the increased threat posed by cyber-attacks and exacerbated by an untrained workforce. The lack of cybersecurity knowledge amongst government employees has increased to critical levels due to the amount of sensitive information their agencies are responsible for. The digital compromise of a government entity often leads to a compromise of constituent data along with the disruption of public services (Axelrod, 2019; Yazdanpanahi, 2021). The need for awareness is further complicated by agencies looking to cater to a digital culture looking for a balance in government transparency and access by providing more services online. This act of modernizing services for a connected constituency adds further risk to the agency by exposing its workforce to threats associated with the internet-connected world. If their workforce is not prepared for the tactics used by cybercriminals, the consequences can be both fiscally and politically reprehensible. This study considers the knowledge enhancements resulting from the incorporation of cybersecurity training for local government employees in South Texas and the potential effects it will have on the cybersecurity awareness of the population. This study requires the collection and analysis of the following archival data: the results of a state-mandated cybersecurity awareness training and Cybersecurity Awareness Survey, which was adapted from the Pew Research Center’s (2016) Cybersecurity Knowledge Quiz. The purpose of this study is to analyze the effect of a cybersecurity awareness training program on government employees’ knowledge of cybersecurity issues and their ability to mitigate cybersecurity threats