Re-thinking Decision-Making in Cybersecurity: Leveraging Cognitive Heuristics in Situations of Uncertainty

The prevailing consensus in cybersecurity is that individuals’ insecure behavior due to inadequate decision-making is a primary source of cyber incidents. The conclusion of this assumption is to enforce desired behavior via extensive security policies and suppress individuals’ intuitions or rules of thumb (cognitive heuristics) when dealing with critical situations. This position paper aims to change the way we look at these cognitive heuristics in cybersecurity. We argue that heuristics can be particularly useful in uncertain environments such as cybersecurity. Based on successful examples from other domains, we propose that heuristic decisionmaking should also be used to combat cyber threats. Lastly, we give an outlook on where such heuristics could be beneficial in cybersecurity (e.g., phishing detection or incident response) and how they can be found or created

FACTORS OF CYBERCRIME IN UKRAINE

The relevance of the research topic is determined by the need to form a holistic scientific approach to explaining the factors of cybercrime in the context of the global COVID-19 pandemic, the armed aggression of the Russian Federation against Ukraine, the accelerated digital transformation of the economy and society, the intensification of hybrid cyber threats, and the existence of a general upward trend in cybercrime. The purpose of the article is to identify, analyse and classify the factors of cybercrime, and to assess their impact on the level of cyberattacks and cybercrime. To achieve this goal, the author uses general scientific methods of cognition (system analysis, classification, synthesis, comparison) and special methods of criminological research (document study, factor analysis, statistical methods, expert opinions). It is found that the most significant impact on the growth of cybercrime is exerted by political (geopolitical and military-political), economic, socio-cultural, socio-psychological, technological factors, which are expressed in the escalation of geopolitical struggle, Russia's use of cyber means to gain an information advantage in the war against Ukraine, and functioning in the dark web of the criminal market of goods and services, insufficient social control over the digital environment, increased connectivity, ease of cyberattacks, low income, social exclusion, informal norms and values, opportunistic attitudes, criminogenic stereotypes of thinking and behaviour in cyberspace during electronic communications and online business. It is stated that favourable conditions for committing cybercrime are the depletion of resources and overload of cybersecurity entities of Ukraine due to the protracted war, vulnerabilities in computer and mobile device software, shortcomings in the cyber security system of public and private information resources, critical infrastructure facilities, and users' non-compliance with the rules of safe behaviour

Information security threat avoidance behavior: an empirical investigation

In recent years, with the continuous integration of information technology into daily life, users are facing more and more information security threats. Although many software and hardware protection methods have been put in place to achieve higher information security, the number of security incidents has not decreased. Traditionally, much of the work of providing security in information systems has focused on technology, and recent research has shown that user behavior does play a central role. Considering that end users are often the first line of defense and are often seen as the weakest link in information security, security defenses are very important. Therefore, the purpose of this study is to examine the relationship between perceived information security threats and information security behavior of users by using Technology Threat Avoidance Theory (TTAT). This study focuses on three types of threats: malware, data loss or leakage and identity theft. More importantly, a variety of information security behaviors were identified in this study, including password usage behavior, security software usage behavior, data storage behavior, physical security behavior, and proactive awareness behavior. Based on a survey data provided by 319 Internet users from a public university in Malaysia, the research results show that data loss or leakage is the most harmful threat to information security of users, followed by malware and identity theft. Moreover, these perceived threats have a positive impact on the five information security behaviors, where proactive awareness behavior is the top choice among these five information security behaviors

Operational Decision Making under Uncertainty: Inferential, Sequential, and Adversarial Approaches

Modern security threats are characterized by a stochastic, dynamic, partially observable, and ambiguous operational environment. This dissertation addresses such complex security threats using operations research techniques for decision making under uncertainty in operations planning, analysis, and assessment. First, this research develops a new method for robust queue inference with partially observable, stochastic arrival and departure times, motivated by cybersecurity and terrorism applications. In the dynamic setting, this work develops a new variant of Markov decision processes and an algorithm for robust information collection in dynamic, partially observable and ambiguous environments, with an application to a cybersecurity detection problem. In the adversarial setting, this work presents a new application of counterfactual regret minimization and robust optimization to a multi-domain cyber and air defense problem in a partially observable environment