The Global Risks Report 2016, 11th Edition

Now in its 11th edition, The Global Risks Report 2016 draws attention to ways that global risks could evolve and interact in the next decade. The year 2016 marks a forceful departure from past findings, as the risks about which the Report has been warning over the past decade are starting to manifest themselves in new, sometimes unexpected ways and harm people, institutions and economies. Warming climate is likely to raise this year's temperature to 1° Celsius above the pre-industrial era, 60 million people, equivalent to the world's 24th largest country and largest number in recent history, are forcibly displaced, and crimes in cyberspace cost the global economy an estimated US$445 billion, higher than many economies' national incomes. In this context, the Reportcalls for action to build resilience – the "resilience imperative" – and identifies practical examples of how it could be done.The Report also steps back and explores how emerging global risks and major trends, such as climate change, the rise of cyber dependence and income and wealth disparity are impacting already-strained societies by highlighting three clusters of risks as Risks in Focus. As resilience building is helped by the ability to analyse global risks from the perspective of specific stakeholders, the Report also analyses the significance of global risks to the business community at a regional and country-level

Cyber-threats and cybersecurity challenges: A cross-cultural perspective

As is the case of any economic activity, cultural factors are tightly linked to cybercrimes, cyberattacks and cybersecurity. Just like any other activities, some forms of cybercrime may be more acceptable in some cultures than in others. For some categories of cyberoffenses, cultural factors appear to play more important roles than other environmental factors. For instance, cybercrimes are more justifiable in some cultures. Quoting a Russian hacker-turned-teacher, Blau (2004) describes how he and his friends hacked programs and distributed them for free during their childhood: “It was like our donation to society, it was a form of honor; [we were] like Robin Hood bringing programs to people.” Likewise, it is argued that culture and ethical attitudes may be a more crucial factor in driving software piracy as well as a number of other cybercrimes than the levels of economic development (Donaldson, 1996; Kshetri, 2009b, 2013a, b, c, d; Kwong et al., 2003)

Applying Normal Accident Theory to Ideological and Nation-State-Sponsored Cybercrimes

This project aims to explore a new perspective on cyberattacks by applying normal accident theory, typically used to analyze complex system failures, to the realm of cybersecurity. The goal is to gain insights into the factors contributing to cyberattacks and identify potential strategies to prevent and mitigate them. Applying normal accident theory to cyberattacks reveals that while complete prevention is challenging, focusing on human and organizational aspects of cybersecurity can significantly reduce risks. Encouraging adherence to best practices and establishing cybersecurity audit and compliance entities are critical steps toward a more resilient cybersecurity landscape

A Framework for the Planning and Management of Cybersecurity Projects in Small and Medium-sized Enterprises

Cybersecurity remains one of the key investments for companies that want to protect their business in a digital era. Therefore, it is essential to understand the different steps required to implement an adequate cybersecurity strategy, which can be viewed as a cybersecurity project to be developed, implemented, and operated. This article proposes SECProject, a practical framework that defines and organizes the technical and economics steps required for the planning and implementation of a cost-effective cybersecurity strategy in Small and Medium-sized Enterprises (SME). As novelty, the SECProject framework allows for a guided and organized cybersecurity planning that considers both technical and economical elements needed for an adequate protection. This helps even companies without technical expertise to optimize their cybersecurity investments while reducing their business risks due to cyberattacks. In order to show the feasibility of the proposed framework, a case study was conducted within a Swiss SME from the pharma sector, highlighting the information and artifacts required for the planning and deployment of cybersecurity strategies. The results show the benefits and effectiveness of risk and cost management as a key element during the planning of cybersecurity projects using the SECProject as a guideline

Driving cybersecurity policy insights from information on the Internet

National Research Foundation (NRF) Singapor

Toward a sustainable cybersecurity ecosystem

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. Cybersecurity issues constitute a key concern of today’s technology-based economies. Cybersecurity has become a core need for providing a sustainable and safe society to online users in cyberspace. Considering the rapid increase of technological implementations, it has turned into a global necessity in the attempt to adapt security countermeasures, whether direct or indirect, and prevent systems from cyberthreats. Identifying, characterizing, and classifying such threats and their sources is required for a sustainable cyber-ecosystem. This paper focuses on the cybersecurity of smart grids and the emerging trends such as using blockchain in the Internet of Things (IoT). The cybersecurity of emerging technologies such as smart cities is also discussed. In addition, associated solutions based on artificial intelligence and machine learning frameworks to prevent cyber-risks are also discussed. Our review will serve as a reference for policy-makers from the industry, government, and the cybersecurity research community

Strategies to Reduce the Fiscal Impact of Cyberattacks

A single cyberattack event involving 1 major corporation can cause severe business and social devastation. In this single case study, a major U.S. airline company was selected for exploration of the strategies information technology administrators and airline managers implemented to reduce the financial devastation that may be caused by a cyberattack. Seven participants, of whom 4 were airline managers and 3 were IT administrators, whose primary responsibility included implementation of strategies to plan for and respond to cyberattacks participated in the data collection process. This study was grounded on the general systems theory. Data collection entailed semistructured face-to-face and telephone interviews and collection and review of public documents. The data analysis process of this study involved the use of Yin\u27s 5-step process of compiling, disassembling, reassembling, interpreting, and concluding, which provided a detailed analysis of the emerging themes. The findings produced results that identified strategies organizational managers and administrators of a U.S. airline implemented to reduce the fiscal influence of cyberattacks, such as proactive plans for education and training, active management, and an incident response plan. The findings of this study might affect social change by offering all individuals a perspective on creating effective cyberculture. An understanding of cyberculture could include the focus of a heightened understanding, whereby, to ensure the security of sensitive or privileged data and information and of key assets, thus, reducing the fiscal devastation that may be caused by cyberattacks

Cybersecurity in small and medium-sized enterprises

As technology is evolving so is the cybercrime, there are new tools and techniques for cyberattacks being developed continuously (Bendovschi, 2015, p. 24). Every business, no matter what size it is, faces some form of digital threat every day. Without knowledge about these threats a business can very quickly find itself in a tough situation with consequences that can shut down a business for good in a matter of hours. The digitalization has progressed quickly and may have created room for threats that we don’t necessarily have control over. A couple of very simple cybersecurity measures can sometimes be a deciding factor in preventing a cyberattack. The aim of this thesis is to discover how significant the cybersecurity risks are for SMEs (small and medium-sized enterprises), whether the SMEs are aware of these risks, and to present a framework which can help SMEs incorporate a strategy to manage cybersecurity risks. The most common causes of a successful cyberattack in SME sector are based around not having enough competence or technical tools in this field. Not only does successful cyberattack affect a business financially, but usually also comes with reputational damage if the case of a cyberattack was to go public. In addition, through the eyes of cyber criminals SMEs are seen as an easy target since attacking these organization brings in hardly any attention of media or law enforcement. The SMEs are therefore completely on their own in this battle, and therefore need to take responsibility themselves instead of allowing their “fate to rest on someone else’s hands”. There can be seen a slight increase in awareness towards cybersecurity risks, but not nearly as much as it should be considering how impactful these risks can be. It is very difficult to say for sure what the reason behind it is, but it seems that the lack of “talk” about successful cyberattacks in the business world contributes to it greatly. But on the other hand, it is understandable that businesses won’t go public with information about being targeted by cyber criminals since everyone wants to keep their reputation intact. This thesis offers a framework which SMEs can use to build a resilient system against cybersecurity risks. The framework that is presented also addresses the challenge most SMEs have which is very limited resources to devote to cybersecurity. Therefore this framework offers a simple process which can benefit an organization significantly. The framework incorporates risk science and is inspired by an international standard for information security management and emphasizes three key points which can point an organization in the right direction: risk assessment, leadership, and employee awareness and training