Search results

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

Cyberattacks have become a major threat to small and medium-sized enterprises. Their prevention efforts often prioritize technical solutions over human factors, despite humans posing the greatest risk. This article highlights the importance of developing tailored behavioral interventions. Through qualitative interviews, we identified three persona types with different psychological biases that increase the risk of cyberattacks. These psychological biases are a basis for creating behavioral interventions to strengthen the human factor and, thus, prevent cyberattacks.

We conducted structured, in-depth interviews with 44 employees, decision makers and IT service providers from small and medium-sized Swiss enterprises to understand insecure cyber behavior.

A thematic analysis revealed that, while knowledge about cyber risks is available, no one assumes responsibility for employees’ and decision makers’ behavior. The interview results suggest three personas for employees and decision makers: experts, deportees and repressors. We have derived corresponding biases from these three persona types that help explain the interviewees’ insecure cyber behavior.

This study provides evidence that employees differ in their cognitive biases. This implies that tailored interventions are more effective than one-size-fits7-all interventions. It is inherent in the idea of tailored interventions that they depend on multiple factors, such as cultural, organizational or individual factors. However, even if the segments change somewhat, it is still very likely that there are subgroups of employees that differ in terms of their misleading cognitive biases and risk behavior.

This article discusses behavior directed recommendations for tailored interventions in small and medium-sized enterprises to minimize cyber risks.

The contribution of this study is that it is the first to use personas and cognitive biases to understand insecure cyber behavior, and to explain why small and medium-sized enterprises do not implement behavior-based cybersecurity best practices. The personas and biases provide starting points for future research and interventions in practice.

Researchers looking for ways to change the insecure behaviour that results in phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this paper is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises overly optimistic or unrealistic individuals, to ensure secure behaviour. Research that focused on issues such as personality traits, trust, attitude and Security, Education, Training and Awareness (SETA) was considered.

This study built on a recontextualized version of the theory of planned behaviour to evaluate the influence that optimism bias has on phishing susceptibility. To model the data, an analysis was performed on 226 survey responses from a South African financial services organisation using partial least squares (PLS) path modelling.

This study found that overly optimistic employees were inclined to behave insecurely, while factors such as attitude and trust significantly influenced the intention to behave securely.

Our contribution to practice seeks to enhance the effectiveness of SETA by identifying and addressing the optimism bias weakness to deliver a more successful training outcome.

Our study enriches the Information Systems literature by evaluating the effect of a cognitive bias on phishing susceptibility and offers a contextual explanation of the resultant behaviour.

The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.

The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.

The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.

Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.

The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.

The purpose of the study is to identify cybersecurity threats that hinder the adoption of digital banking and provide sustainable strategies to combat cybersecurity risks in the banking industry.

Systematic literature review guidelines were used to conduct a quantitative synthesis of empirical evidence regarding the impact of cybersecurity threats and risks on the adoption of digital banking.

A total of 84 studies were initially examined, and after applying the selection and eligibility criteria for this systematic review, 58 studies were included. These selected articles consistently identified identity theft, malware attacks, phishing and vishing as significant cybersecurity threats that hinder the adoption of digital banking.

With the country’s banking sector being new in this area, this study contributes to the scant literature on cyber security, which is mostly in need due to the myriad breaches that the industry has already suffered thus far.

This study aims to investigate the interplay between a proactive attitude towards disruptions – supply chain disruption orientation – and supply chain resilience, increasing our understanding of their influence on reducing the impact of supply chain disruptions within the B2B context.

As unexpected disruptions are closely related to a dynamic and changing perception of the environment, this research is framed under the dynamic capabilities lens, consistent with existing resilience literature. The authors used partial least squares-path modeling (PLS-PM) to empirically test the proposed research model using survey data from 216 firms.

Results show that a proactive approach to disruptions alone is insufficient in mitigating their negative impact. Instead, a firm’s disruption orientation plays a crucial role in boosting its resilience, which acts as a mediator, reducing the impact of disruptions.

This paper sheds light on the mechanisms by which firms can mitigate the effects of supply chain disruptions and offers insights into how certain capabilities are needed so that firms’ attitudes can effectively impact firm performance. This research thus suggests that dynamic capabilities, traditionally perceived as being enabled by other elements, act themselves as enablers. Consequently, they have the potential to translate strategic orientation or attitudes into tangible effects on performance, enriching our understanding of how firms combine their internal attitudes and capabilities to achieve sustained competitive advantage.

Recent years have witnessed an unexpected and astonishing rise of AI-generated (AIGC), thanks to the rapid advancement of technology and the omnipresence of social media. AIGCs created to mislead are more commonly known as DeepFakes, which erode our trust in online information and have already caused real damage. Thus, countermeasures must be developed to limit the negative impacts of AIGC. This position paper aims to provide a conceptual analysis of the impact of DeepFakes considering the production cost and overview counter technologies to fight DeepFakes. We will also discuss future perspectives of AIGC and their counter technology.

We summarize recent developments in generative AI and AIGC, as well as technical developments to mitigate the harmful impacts of DeepFakes. We also provide an analysis of the cost-effect tradeoff of DeepFakes.

The mitigation of DeepFakes call for multi-disciplinary research across the traditional disciplinary boundaries.

Government and business sectors need to work together to provide sustainable solutions to the DeepFake problem.

The research and development in counter-technologies and other mitigation measures of DeepFakes are important components for the health of future information ecosystem and democracy.

Unlike existing reviews in this topic, our position paper focuses on the insights and perspective of this vexing sociotechnical problem of our time, providing a more global picture of the solutions landscape.

Developing cybersecurity awareness (CSA) is becoming a more and more important goal for modern organizations. CSA is a complex sociotechnical system where social, technical and organizational aspects affect each other in an intertwined way. With the goal of providing a holistic representation of CSA, this paper aims to develop a taxonomy of factors that contribute to organizational CSA.

The research used a design science approach including a literature review and practitioner interviews. A taxonomy was drafted based on 71 previous research publications. It was then updated and refined in two iterations of interviews with domain experts.

The result of this research is a taxonomy which outline six domains for importance for organization CSA. Each domain includes several activities which can be undertaken to increase CSA within an organization. As such, it provides a holistic overview of the CSA field.

Organizations can adopt the taxonomy to create a roadmap for internal CSA practices. For example, an organization could assess how well it performs in the six main themes and use the subthemes as inspiration when deciding on CSA activities.

The output of this research provides an overview of CSA based on information extracted from existing literature and then reviewed by practitioners. It also outlines how different aspects of CSA are interdependent on each other.

This research aims to offers a new method for assessing geoeconomic risks in bilateral relations and evaluate the level of such risks from Vietnam’s economic dependency on China.

I apply descriptive analysis to identify asymmetrical dependency in Vietnam–China economic relations and propose a geoeconomic risk assessment framework to evaluate risk levels in bilateral economic linkages.

The proposed geoeconomic risk framework assesses risk levels, which are positively influenced by the degree of asymmetrical relations (vulnerabilities), the net impacts on the receiving economy (impacts) and the sending state’s ability to control economic tools (threats). In contrast, risk levels are negatively affected by the effectiveness of existing mitigation efforts. The framework employs ordinal likelihood scales to rank various risk levels. In the context of Vietnam–China relations, market access for agricultural products and control of the Mekong water emerge as the most risky areas for economic coercion, followed by Chinese official development finance in infrastructure and critical input imports. On the other hand, debt dependency and foreign direct investment in the energy sector are considered more secure areas—less likely targets for economic coercion. Hence, risk mitigation strategies should prioritize reducing asymmetry in vulnerable dependence areas while maintaining current practices in more secure areas.

Methodologically, it introduces a new approach for assessing bilateral geoeconomic risk. Empirically, it provides Vietnam’s policymakers with a comprehensive evaluation of the implications of economic interdependence with China.

The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company.

Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in.

Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved.

This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.