A New Role for Human Resource Managers: Social Engineering Defense

[Excerpt] The general risk of social engineering attacks to organizations has increased with the rise of digital computing and communications, while for an attacker the risk has decreased. In order to counter the increased risk, organizations should recognize that human resources (HR) professionals have just as much responsibility and capability in preventing this risk as information technology (IT) professionals. Part I of this paper begins by defining social engineering in context and with a brief history pre-digital age attacks. It concludes by showing the intersection of HR and IT through examples of operational attack vectors. In part II, the discussion moves to a series of measures that can be taken to help prevent social engineering attacks

Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Social Aspects of New Technologies - the CCTV and Biometric (Framing Privacy and Data Protection) in the Case of Poland

The purpose of this paper is to review the institution responsible for the protection of personal data within the European Union and national example - Polish as a country representing the new Member States. The analysis of institutional system - providing legal security of communication and information institutions, companies and citizens against the dangers arising from the ongoing development of innovative new technologies in the European Union and Poland. This article is an attempt to analyze the possibility of using security systems and Biometry CTTV in Poland in terms of legislation. The results of the analysis indicate that, in terms of institutions Poland did not do badly in relation to the risks arising from the implementation of technology. The situation is not as good when it comes to the awareness of citizens and small businesses. This requires that facilitate greater access to free security software companies from data leakage or uncontrolled cyber-terrorist attacks. With regard to the use of security systems, CCTV and biometrics, Poland in legal terms is still early in the process of adapting to EU Directive. The continuous development of technology should force the legislature to establish clear standards and regulations for the application of CCTV technology and biometrics, as it is of great importance in ensuring the fundamental rights and freedoms of every citizen of the Polish Republic.Wyniki analizy wskazują, że pod względem instytucji Polska nie wypada źle w odniesieniu do zagrożeń wynikających z wdrożenia technologii. Sytuacja nie jest tak dobra, jeśli chodzi o świadomość obywateli i mniejszych firm. Wymaga to ułatwiania szerszego dostępu do darmowych programów zabezpieczających firmy przed wyciekiem danych lub niekontrolowanych cyber-ataków terrorystycznych. W odniesieniu do stosowania systemów zabezpieczeń CCTV oraz biometrii, Polska pod względem prawnym jest wciąż na początku procesu dostosowania do dyrektywy UE. Ciągły rozwój technologii powinien zmusić ustawodawcę do stworzenia jednoznacznych standardów i przepisów obowiązujących w zakresie stosowania technologii CCTV oraz biometrii, gdyż ma to ogromne znaczenie w zapewnieniu podstawowych praw i wolności każdego obywatela Rzeczypospolitej Polskiej

How does intellectual capital align with cyber security?

Purpose – To position the preservation and protection of intellectual capital as a cyber security concern. We outline the security requirements of intellectual capital to help Boards of Directors and executive management teams to understand their responsibilities and accountabilities in this respect.Design/Methodology/Approach – The research methodology is desk research. In other words, we gathered facts and existing research publications that helped us to define key terms, to formulate arguments to convince BoDs of the need to secure their intellectual capital, and to outline actions to be taken by BoDs to do so.Findings – Intellectual capital, as a valuable business resource, is related to information, knowledge and cyber security. Hence, preservation thereof is also related to cyber security governance, and merits attention from boards of directors.Implications – This paper clarifies boards of directors’ intellectual capital governance responsibilities, which encompass information, knowledge and cyber security governance.Social Implications – If boards of directors know how to embrace their intellectual capital governance responsibilities, this will help to ensure that such intellectual capital is preserved and secured.Practical Implications – We hope that boards of directors will benefit from our clarifications, and especially from the positioning of intellectual capital in cyber space.Originality/Value – This paper extends a previous paper published by Von Solms and Von Solms (2018), which clarified the key terms of information and cyber security, and the governance thereof. The originality and value is the focus on the securing of intellectual capital, a topic that has not yet received a great deal of attention from cyber security researchers

Multinational perspectives on information technology from academia and industry

As the term \u27information technology\u27 has many meanings for various stakeholders and continues to evolve, this work presents a comprehensive approach for developing curriculum guidelines for rigorous, high quality, bachelor\u27s degree programs in information technology (IT) to prepare successful graduates for a future global technological society. The aim is to address three research questions in the context of IT concerning (1) the educational frameworks relevant for academics and students of IT, (2) the pathways into IT programs, and (3) graduates\u27 preparation for meeting future technologies. The analysis of current trends comes from survey data of IT faculty members and professional IT industry leaders. With these analyses, the IT Model Curricula of CC2005, IT2008, IT2017, extensive literature review, and the multinational insights of the authors into the status of IT, this paper presents a comprehensive overview and discussion of future directions of global IT education toward 2025

Sony, Cyber Security, and Free Speech: Preserving the First Amendment in the Modern World

Reprinted from 16 U.C. Davis Bus. L.J. 309 (2016). This paper explores the Sony hack in 2014 allegedly launched by the North Korean government in retaliation over Sony’s production of The Interview and considers the hack’s chilling impact on speech in technology. One of the most devastating cyber attacks in history, the hack exposed approximately thirty- eight million files of sensitive data, including over 170,000 employee emails, thousands of employee social security numbers and unreleased footage of upcoming movies. The hack caused Sony to censor the film and prompted members of the entertainment industry at large to tailor their communication and conform storylines to societal standards. Such censorship cuts the First Amendment at its core and exemplifies the danger cyber terror poses to freedom of speech by compromising Americans’ privacy in digital mediums. This paper critiques the current methods for combatting cyber terror, which consist of unwieldy federal criminal laws and controversial information sharing policies, while proposing more promising solutions that unleash the competitive power of the free market with limited government regulation. It also recommends legal, affordable and user-friendly tools anyone can use to secure their technology, recapture their privacy and exercise their freedom of speech online without fear of surreptitious surveillance or retaliatory exposure

INFORMATION TECHNOLOGY SECURITY CONCERNS FOR UNIVERSITY WORKFORCE AND SUPPORTING INFRASTRUCTURE DURING A PANDEMIC

Faculty and staff working from home during the COVID pandemic were presented with new challenges in adapting to emergency remote teaching, as well as new and expanded cyber security threats. Changes to course delivery, remote access from public locations, and the potential of faculty and staff storing confidential educational records on university-issued devices, and potentially personally owned devices, made faculty and staff prime targets of malicious attackers. Information technology departments were challenged to support and secure the remote workforce from new cyber threats to protect their faculty, staff, and students from cyber-attacks. The focus of this study was to identify faculty and staff perceptions of cyber security, assess their understanding of cybersecurity policies and procedures, and to also identify concerns they viewed that needed to be addressed to be prepared for the future. Using descriptive research methodology, an online survey containing 37 items was created and sent to faculty and staff at a midwestern university to answer three research questions. The study identified that the faculty and staff at the institution surveyed understood the role they and others have at the university to protect the university from cyber threats. It was also identified that they understood the policies and procedures of the university regarding cyber security. Faculty and staff also identified various forms of technology and accessibility issues they feel need to be addressed if they are required to perform emergency remote teaching and support to maintain university operations

"Not My Responsibility!" - A Comparative Case Study of Organizational Cybersecurity Subcultures

Despite significant technological advancements and the increasing sophistication of cyber- attacks in today’s modern society, organizations underestimate the human link in cybersecu- rity. Many still overlook that human behavior and decision-making are crucial in protecting sensitive information and mitigating risks. Organizations seemingly prioritize investigating time and resources into improving their technological cybersecurity measures rather than increasing the employees’ cybersecurity knowledge. These actions significantly impact the cybersecurity culture of the company. Cybersecurity culture refers to the shared values, beliefs, and actions of the employees in an organization that emphasize the importance of safeguarding digital assets, data, and systems against cyber threats. It encompasses the organization’s dedication, awareness, protocols, and ability to manage cybersecurity risks and promote a security-focused environment. Re- cent studies have primarily focused on discussing cybersecurity culture as a singular concept within an organization. This qualitative research aims to investigate the impact of cybersecurity subcultures within organizations. A systematic literature review was conducted to gain an overview of the existing theoretical background on cybersecurity subcultures. This process proved that there is a research gap in the topic of subcultures, as most of the current literature encompasses cybersecurity culture as a collective concept. Data was collected through semi-structured interviews with ten employees from two IT companies. Cybersecurity leaders from each company agreed that the sales and IT subcultures had the most significant differences; hence, employees from each subculture in both companies were interviewed. The results prove that the security leaders’ suspicions were correct. The sales subcultures need to gain more knowledge about cybersecurity. Cybersecurity measures are seen more as obstacles instead of improving their cybersecurity. There is also a significant need for more responsibility. They believe that someone better qualified will take care of their mistakes if they cause a cybersecurity incident. On the other hand, the IT subculture seems to understand cybersecurity better. They have comprehensive knowledge of the topic. However, they also share this uncertainty regarding responsibilities, stating they feel pressured to share their expertise with colleagues. This leaves them with limited time to complete their actual work tasks. They point to a lack of management responsibility as one of the critical reasons for this. This research sheds light on cybersecurity subcultures and challenges the notion that orga- nizations have only one cybersecurity culture. Organizations need to allocate their time and resources differently and acknowledge the significance of subcultures in maintaining overall cybersecurity. The findings and insights are meant to assist organizations in enhancing their cybersecurity operations and protocols

Contributing Factors in Building Cyber Resilience in Complex Organisations

Introduction: This master thesis explores the concept of cyber resilience and aims at identifying cyber resilience enhancing measures relevant to a complex organisation. Cyber security is a highly relevant field as the world gets more digitalised, and evaluating sufficient cyber protective measures is essential. Cyber Resilience can be seen as an extension of Risk Management and Cyber Security by providing a necessary layer of protection the fields currently lack; to continue operations and functions despite a threat. Methods: Semi-structured interviews with practitioners, senior management and expert informants were conducted, and relevant cyber-resilient frameworks were analysed to identify cyber-resilient enhancing measures. Results: The analysis showed that cyber resilience enhancing measures for complex organisations originate from understanding the construct, and adding it to existing structures is beneficial. However, for this to be effective, there must be a clear definition, directives and standards from which complex organisations can build a resilience understanding. The main findings include fostering a resilient mindset through adaptability, trust and flexibility, aligning to working with the complexity of such an organisation

Current Cyber Security Challenges

We have experienced exponential technical improvement during the last ten years. Cybersecurity issues are a result of the cyber world\u27s increasing growth. Due to the way cybercriminals have adjusted their tactics to the new environment, there are now significant CS challenges. More than 20 years later, the quantity and severity of cybercrimes have skyrocketed in just a few years as a result of previously unheard-of occurrences like the COVID-19 epidemic, contested elections, and rising geopolitical upheaval. Over time, it is likely that security risks will advance in sophistication and cost us more money: according to analysts, the worldwide cost of cybercrime will rise from $3 trillion in 2015 to$10.5 trillion in 2025, a 15% increase. The secret to averting a CS assault is proactive protection. Discover the top CS risks that, according to experts, the globe will face in 2022, along with what you can do to prevent yourself and your company from becoming a target. As a result, the sector is seeing an increase in demand for specialists who can decisively address security issues, creating the foundation for a safer cyberspace. If you are interested in developing a career in this field, you might think about checking out these CS courses. You could also look at the premium selection of CS courses