2,291 research outputs found

    The future of Cybersecurity in Italy: Strategic focus area

    Get PDF
    This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

    POINTER:a GDPR-compliant framework for human pentesting (for SMEs)

    Get PDF
    Penetration tests have become a valuable tool in any organisation’s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs

    Strategies for Mitigating Cyberattacks Against Small Retail Businesses

    Get PDF
    Abstract Small retail businesses are increasingly becoming targets for social media cyberattacks, often losing profitability when forced to close operations after a cyberattack. Small retail business leaders are concerned with the negative impact of cyberattacks on firms’ viability and competitiveness. Grounded in general systems theory, the purpose of this qualitative multiple-case study was to explore strategies retail leaders use to deter social media cyberattacks. The participants were 11 small retail business leaders. Data were collected using semistructured interviews and analyzed using thematic analysis. Three themes emerged: using multiple strategies to deter social media cyberattacks, importance of training regarding cybersecurity best practices, and the need for a contingency plan. A key recommendation is for small retail business leaders to provide employees and customers with training regarding proper cybersecurity protocols. The implications for positive social change include the potential to improve cybersecurity measures and enhance a small business’ viability and employment opportunities, positively impacting local communities and tax revenues

    Strategies for Implementing Successful IT Security Systems in Small Businesses

    Get PDF
    Owners of small businesses who do not adequately protect business data are at high risk for a cyber attack. As data breaches against small businesses have increased, it has become a growing source of concern for consumers who rely on owners of small businesses to protect their data from data breaches. Grounded in general systems theory and routine activity approach, the focus of this qualitative multiple case study was to explore strategies used by owners of small businesses to protect confidential company data from cyber attacks. The process used for collecting data involved semistructured face-to-face interviews with 5 owners of small businesses in Florida, as well as a review of company documents that were relevant to strategies used by owners of small businesses to protect confidential company data from cyber attacks. The thematic analysis of the interview transcripts revealed 4 themes for protecting business data against cyber attacks, which are security information management strategy, organizational strategy, consistent security policy, and cybersecurity risk management strategy. A key finding is that owners of small businesses could develop an organizational strategy by incorporating procedures used to protect from and respond to cyber attacks. The implications for positive social change include the potential to increase customers’ confidence and businesses’ economic growth, as well as stimulate the socioeconomic lifecycle, resulting in potential employment gains for residents within the communities

    Cyber Threats and Healthcare Organizations: A Public Health Preparedness Perspective

    Get PDF
    Healthcare in the United States, heavily reliant on digital technology in service provision, has recently seen an increase risk of cyberattacks. Coordinated electronic medical records, imaging, pharmaceutical services, lab services and even treatment devices all rely on electronic connectivity and represent critical services that must be secured from cyber threats. Hospitals have become increasingly complex systems, and this often makes the organization more vulnerable to failure. Planning for these events is often hard for hospitals because their main charge is to provide life-saving care to patients as they need it. This is a relatively new threat to healthcare organizations, and there has not been limited research on this hazard and its impacts on healthcare organizations. Therefore, the aim of the first study was to assess the trend of successful major malware attacks on healthcare organizations in the United States between 2016 and 2017. Previous research found limited research specific to malware attacks and found most articles covering ransomware were restricted to news articles. A content analysis was conducted on articles from two well-renowned health IT organizations. This study identified 49 attack cases across 27 states. Based on previously reported statistics, the number of identified cases was low meaning healthcare organizations are not reporting their attacks. A true risk assessment cannot be completed by the industry until a more representative trend analysis can be completed. The aim of the second study was to assess the organizational outcomes of a malware attack on a healthcare organization. Previous research on this health hazard discussed healthcare’s lack of preparedness for this new threat but did not delve in to the organization’s response, mitigation, and recovery from attacks. Therefore, qualitative interviews were conducted with key stakeholders from three organizations that suffered malware attacks during the years 2016-2017. Topics covered were system impact, system recovery and business continuity, and changes to organizational preparedness efforts. One of the main findings from this study was the realization by health stakeholders how connected their organization, and therefore the provision of care, has become. Participants also discussed their lack of full understanding on the potential impact these attacks could have on their organizations before their attack, including the loss of every digital system within their facility. A need was expressed across all facilities that more information about these attacks need to become shared across the industry to better prepare organizations and protect patient safety. The final aim of the final study was to examine organizational preparedness efforts and to identify the organizational barriers to mitigating the threats arising from cyberattacks. A survey was conducted among healthcare emergency mangers to assess their perceptions of preparedness for cyber threats. While the majority of respondents reported feeling either confident or very confident in both their individual and their organizational ability to respond to a cyber attack, their responses regarding preparedness actions their organization has taken against cyber threats were lacking. When it comes to events like ransomware, where attack impacts are still not fully understood, the healthcare industry remains less prepared. In conclusion, these studies indicate a need for data related to cyberattacks to be collected in a central repository that is either made public or shared among healthcare stakeholders. In order to best prepare their organizations, there needs to be accurate risk assessments completed and areas for preparedness with the best return on investment can then be identified. Cyberattacks are only expected to increase over the next five years. Patient care is put at risk during each of these attacks and it is essential for healthcare organizations to be better prepared for this new hazard to keep the organization\u27s patients, workers, and community safe

    A FRAMEWORK FOR THE EVALUATION OF CYBERSECURITY EFFECTIVENESS OF ABU DHABI GOVERNMENT ENTITIES

    Get PDF
    Cyberspace has become one of the new frontiers for countries to demonstrate their power to survive in the digitized world. The UAE has become a major target for cyber conflicts due to the rapid increase in economic activity and technology. Further, the widespread use of the internet in the region to the tune of 88% by the end of 2014 has exposed the critical infrastructure to all forms of cyber threats. In this dissertation, the researcher presents a detailed study of the existing cybersecurity defences globally and an investigation into the factors that influence the effectiveness of cybersecurity defences in Abu Dhabi government entities. Further, the role of cybersecurity education, training, and awareness in enhancing the effectiveness of cybersecurity and the role of senior management in providing strategic direction to government entities on cybersecurity are evaluated in addition to determining the contribution of strategic planning and technology level in ensuring an effective cybersecurity system. The study has evaluated the level of Cybersecurity Effectiveness (CSE) in Abu Dhabi Government Entities and the results show that Science and Technology entity performed better than all other Entities with CSE Mean = 4.37 while Public Order showed the least performance with CSE Mean = 3.83 and the combined model of six factors with R-square value 0.317 after multiple regression implying that 32% change in CSE in the government entities is occurring due to the six (6) independent variables used in the study. Further, results show that management has the responsibility of putting in place strategies, frameworks and policies that respond appropriately to the prevention, detection and mitigation of cyberattacks. Results further indicate that culture-sensitive training and awareness programmes add to the quality and effectiveness of cybersecurity systems in government entities. Further, study findings reveal that qualified and experienced personnel in government entities show a greater understanding of cyber and information security issues. Finally, the researcher proposes a cybersecurity framework and a checklist, with checkpoints, for evaluating the effectiveness of cybersecurity systems within government entities and future research interventions

    Predicting the PEBCAK: A quantitative analysis of how cybersecurity education, literacy, and awareness affect individual preparedness.

    Get PDF
    This essay explores the relationship between individuals\u27 cybersecurity education, literacy, awareness, and preparedness. While cybersecurity is often associated with complex hacking scenarios, the majority of data breaches and cyber-attacks result from individuals inadvertently falling prey to phishing emails and malware. The lack of standardized education and training in cybersecurity, coupled with the rapid expansion of technology diversity, raises concerns about individuals\u27 cybersecurity preparedness. As individuals are the first line of defense and the weakest link in cybersecurity, understanding the influence of education, literacy, and awareness on their adherence to best practices is crucial. This work aims to survey a diverse sample population and analyze their cybersecurity education, literacy, awareness, and preparedness through regression analysis. By understanding the relationships between these factors, researchers can identify areas where individuals may lack knowledge or where increased knowledge may not be beneficial. The findings will contribute to strengthening individuals\u27 defensive abilities and identifying gaps caused by inadequate education or awareness. Additionally, the study considers the potential impacts of lax home cybersecurity on workplace security. Ultimately, this research aims to enhance understanding of the influence of education, literacy, and awareness on individuals\u27 cybersecurity posture and provide insights for future measures to improve cybersecurity practices
    • …
    corecore