Search results

Cyber terrorism poses a serious technology risk to businesses and the economies they operate in. Cyber terrorism is a digital attack on computers, networks or digital information systems, carried out to coerce people or governments to further the social or political objectives of the attacker. Cyber terrorism is costly in terms of impaired operations and damaged assets. Cyber terrorism harms a firm’s reputation, thereby negatively affecting a firm’s stock market valuation. This poses grave worries to company management, financial analysts, creditors and investors. This study aims to evaluate the effect of cyber terrorism on the market value of publicly traded firms.

Financial information was obtained on business firms that were featured in news stories as targets of cyber terrorism. The firm’s stock price was recorded for 1, 3 and 7 days before and after the news article. Percentage changes in the firm’s stock price were compared to percentage changes in the Dow Jones Index to ascertain whether the firm’s stock price went up or down matching the market overall.

Results indicate that stock prices are significantly negatively affected by news of cyber terrorist attacks on companies. In all three time periods after the cyber terrorist attack, there was a significant negative decline in the stock value relative to the Dow Jones Index. Thus, the market valuation of the firm is damaged. As a result, the shareholders and institutions are financially damaged. Furthermore, exposed system vulnerability may lead to loss of business from consumers who have reduced confidence in the firm’s operations.

This paper examines the risks posed by cyber terrorism, including its impact on individual business firms, which in turn affect entire national economic systems. This makes clear the high value of cybersecurity in safeguarding computer systems. Taking steps to avoid being a victim of cyber terrorism is an important aspect of cybersecurity. Preventative steps are normally far less costly than rebuilding an information system after a cyber terrorist attack.

This study is original in examining the effect of cyber terrorism on the stock value of a company.

Cyber resilience in cyber supply chain (CSC) systems security has become inevitable as attacks, risks and vulnerabilities increase in real-time critical infrastructure systems with little time for system failures. Cyber resilience approaches ensure the ability of a supply chain system to prepare, absorb, recover and adapt to adverse effects in the complex CPS environment. However, threats within the CSC context can pose a severe disruption to the overall business continuity. The paper aims to use machine learning (ML) techniques to predict threats on cyber supply chain systems, improve cyber resilience that focuses on critical assets and reduce the attack surface.

The approach follows two main cyber resilience design principles that focus on common critical assets and reduce the attack surface for this purpose. ML techniques are applied to various classification algorithms to learn a dataset for performance accuracies and threats predictions based on the CSC resilience design principles. The critical assets include Cyber Digital, Cyber Physical and physical elements. We consider Logistic Regression, Decision Tree, Naïve Bayes and Random Forest classification algorithms in a Majority Voting to predicate the results. Finally, we mapped the threats with known attacks for inferences to improve resilience on the critical assets.

The paper contributes to CSC system resilience based on the understanding and prediction of the threats. The result shows a 70% performance accuracy for the threat prediction with cyber resilience design principles that focus on critical assets and controls and reduce the threat.

Therefore, there is a need to understand and predicate the threat so that appropriate control actions can ensure system resilience. However, due to the invincibility and dynamic nature of cyber attacks, there are limited controls and attributions. This poses serious implications for cyber supply chain systems and its cascading impacts.

ML techniques are used on a dataset to analyse and predict the threats based on the CSC resilience design principles.

There are no social implications rather it has serious implications for organizations and third-party vendors.

The originality of the paper lies in the fact that cyber resilience design principles that focus on common critical assets are used including Cyber Digital, Cyber Physical and physical elements to determine the attack surface. ML techniques are applied to various classification algorithms to learn a dataset for performance accuracies and threats predictions based on the CSC resilience design principles to reduce the attack surface for this purpose.

The paper aims to analyze the impact of cyber attacks on stock returns of companies operating in the hospitality sector. The fast development of information and communication technologies has been posited as both an opportunity and a challenge to the United Nations Global Sustainable Development Goals. Digital technologies are significant tools for sustainable development, but if they are not addressed appropriately, they can potentially hinder the progress toward sustainability. Among negative impacts, it is necessary to consider cyber risk, a major concern today, in particular for industries which work with sensitive data, such as tourism businesses. Hospitality businesses have to adequately manage cyber insecurity and digital privacy issues, to prevent losses and contribute to socioeconomic sustainable growth.

Using event-study methodology, the paper provides empirical evidence on the effect of announcements of 170 information security breaches on the market value of firms operating in the hospitality sector in the past five years.

The study focuses on identifying potential threats of cyber attacks for the economic value of listed companies. The authors find that negative market returns occur following announcements of cyber attacks suffered by hospitality companies. Adequate investments in technology for cyber security and staff training are relevant in the hospitality sector to reduce cyber risk.

The paper contributes to identifying potential threats of cyber attacks for the economic value of listed companies operating in the hospitality sector. The analysis is carried out by collecting an original sample of global cyber attacks from newspaper announcements sourced from the LexisNexis database.

论酒店业的网络攻击：股票市场的反应

信息通讯技术的快速发展, 对UN全球可持续发展战略目标带来机遇和挑战。电子技术对可持续发展起到重要作用, 但是如果它们未被合理使用, 则对可持续性构成潜在威胁。在众多负面影响中, 网络攻击不可忽视, 成为现今重大担忧, 尤其是对于处理敏感数据的行业, 比如旅游产业。酒店业必须具备管理网络安全和处理电子隐私的能力, 以防止损失, 对社会经济可持续增长做出贡献。

本论文分析酒店业内因网络攻击而遭受股票的影响。借用事件分析法, 本论文研究了近五年来, 170项信息安全泄露消息对酒店市场价值的影响。

本论文主要确立了上市公司因网络攻击而受到的经济价值影响。我们发现, 酒店公司在宣布网络攻击后, 其市场收益受到负面影响。充足的网络安全技术投入和人员培训与酒店减少网络攻击有一定的联系。

本论文分析了酒店业中上市公司因网络攻击而带来的潜在经济价值的损失。研究分析样本来自Lexis Nexis数据库中的全球网络攻击的新闻报道。

Cyber-attacks that generate technical disruptions in organisational operations and damage the reputation of organisations have become all too common in the contemporary organisation. This paper explores the reputation repair strategies undertaken by organisations in the event of becoming victims of cyber-attacks.

For developing the authors’ contribution in the context of the Internet service providers' industry, the authors draw on a qualitative case study of TalkTalk, a British telecommunications company providing business to business (B2B) and business to customer (B2C) Internet services, which was a victim of a “significant and sustained” cyber-attack in October 2015. Data for the enquiry is sourced from publicly available archival documents such as newspaper articles, press releases, podcasts and parliamentary hearings on the TalkTalk cyber-attack.

The findings suggest a dynamic interplay of technical and rhetorical responses in dealing with cyber-attacks. This plays out in the form of marshalling communication and mortification techniques, bolstering image and riding on leader reputation, which serially combine to strategically orchestrate reputational repair and stigma erasure in the event of a cyber-attack.

Analysing a prototypical case of an organisation in dire straits following a cyber-attack, the paper provides a systematic characterisation of the setting-in-motion of strategic responses to manage, revamp and ameliorate damaged reputation during cyber-attacks, which tend to negatively shape the evaluative perceptions of the organisation's salient audience.

The purpose of this study is to examine cyber security risks in globalized supply chains (SCs). It has been seen to have a greater impact on the performance of SCs. The information and communication technology of a firm, which enhances the efficiency and effectiveness in the SC, could simultaneously be the cause of vulnerabilities and exposure to security threats. Researchers have primarily focussed on the cyber-physical system (CPS) vulnerabilities impacting SC. This paper tries to categorize the cyber security risks occurring because of the SCs operating in CPS.

Based on the flow of information along the upstream and downstream SC, this paper tries to identify cyber security risks in the global SCs. It has further tried to categorize these cyber security risks from a strategic point of view.

This paper tries to identify the various cyber security risk and cyber-attacks in globalized SC for improving the performance. The 16 cyber security risks have been categorized into three categories, namely, supply risk, operational risk and demand risk. The paper proposes a framework consisting of different cyber-attacks across the information that flows in global SCs along-with suitable mitigation strategies.

The paper presents the conceptual model of cyber security risks and cyber-attacks in globalized SCs based on literature review and industry experts. Further validation and scale development of these risks can be done through empirical study.

This paper provides significant managerial insights by developing a framework for understanding the cyber security risks in terms of the drivers of these risks and how to deal with them. From a managerial perspective, this framework can be used as a decision-making process while considering different cyber security risks across the stages of globalized SCs.

The major contribution of this study is the identification and categorization of cyber security risks across the global SCs in the digital age. Thus, this paper introduces a new phenomenon to the field of management that has the potential to investigate new areas of future research. Based on the categorization, the paper provides insights on how cyber security risks impact the continuity of SC operations.

The increasing number of cyber attacks has transformed the “cyberspace” into a “battlefield”, bringing out “cyber warfare” as the “fifth dimension of war” and emphasizing the States’ need to effectively protect themselves against these attacks. The existing legal framework seem inadequate to deal effectively with cyber operations and, from a strictly legal standpoint, it indicates that addressing cyber attacks does not fall within the jurisdiction of just one legal branch. This is mainly because of the fact that the concept of cyber warfare itself is open to many different interpretations, ranging from cyber operations performed by the States within the context of armed conflict, under International Humanitarian Law, to illicit activities of all kinds performed by non-State actors including cybercriminals and terrorist groups. The paper initially presents major cyber-attack incidents and their impact on the States. On this basis, it examines the existing legal framework at the European and international levels. Furthermore, it approaches “cyber warfare” from the perspective of international law and focuses on two major issues relating to cyber operations, i.e. “jurisdiction” and “attribution”. The multi-layered process of attribution in combination with a variety of jurisdictional bases in international law makes the successful tackling of cyber attacks difficult. The paper aims to identify technical, legal and, last but not least, political difficulties and emphasize the complexity in applying international law rules in cyber operations.

The paper focuses on the globalization of the “cyber warfare phenomenon” by observing its evolutionary process from the early stages of its appearance until today. It examines the scope, duration and intensity of major cyber-attacks throughout the years in relation to the reactions of the States that were the victims. Having this as the base of discussion, it expands further by exemplifying “cyber warfare” from the perspective of the existing European and International legal framework. The main aim of this part is to identify and analyze major obstacles that arise, for instance in terms of “jurisdiction” and “attribution” in applying international law rules to “cyber warfare”.

The absence of a widely accepted legal framework to regulate jurisdictional issues of cyber warfare and the technical difficulties in identifying, with absolute certainty, the perpetrators of an attack, make the successful tackling of cyber attacks difficult.

The paper fulfills the need to identify difficulties in applying international law rules in cyber warfare and constitutes the basis for the creation of a method that will attempt to categorize and rank cyber operations in terms of their intensity and seriousness.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

Additive manufacturing also known as 3D printing is an evolving advanced manufacturing technology critical for the new era of complex machinery and operating systems. Manufacturing systems are increasingly faced with risk of attacks not only by traditional malicious actors such as hackers and cyber-criminals but also by some competitors and organizations engaged in corporate espionage. This paper aims to elaborate a plausible risk practice of designing and demonstrate a case study for the compromised-based malicious for polymer 3D printing system.

This study assumes conditions when a machine was compromised and evaluates the effect of post compromised attack by studying its effects on tensile dog bone specimens as the printed object. The designed algorithm removed predetermined specific number of layers from the tensile samples. The samples were visually identical in terms of external physical dimensions even after removal of the layers. Samples were examined nondestructively for density. Additionally, destructive uniaxial tensile tests were carried out on the modified samples and compared to the unmodified sample as a control for various mechanical properties. It is worth noting that the current approach was adapted for illustrating the impact of cyber altercations on properties of additively produced parts in a quantitative manner. It concurrently pointed towards the vulnerabilities of advanced manufacturing systems and a need for designing robust mitigation/defense mechanism against the cyber altercations.

Density, Young’s modulus and maximum strength steadily decreased with an increase in the number of missing layers, whereas a no clear trend was observed in the case of % elongation. Post tensile test observations of the sample cross-sections confirmed the successful removal of the layers from the samples by the designed method. As a result, the current work presented a cyber-attack model and its quantitative implications on the mechanical properties of 3D printed objects.

To the best of the authors’ knowledge, this is the original work from the team. It is currently not under consideration for publication in any other avenue. The paper provides quantitative approach of realizing impact of cyber intrusions on deteriorated performance of additively manufactured products. It also enlists important intrusion mechanisms relevant to additive manufacturing.

As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within the current highly competitive environment. Many recorded industrial cyber-attacks have successfully beaten technical security solutions by exploiting human-factor vulnerabilities related to security knowledge and skills and manipulating human elements into inadvertently conveying access to critical industrial assets. Knowledge and skill capabilities contribute to human analytical proficiencies for enhanced cybersecurity readiness. Thus, a human-factored security endeavour is required to investigate the capabilities of the human constituents (workforce) to appropriately recognise and respond to cyber intrusion events within the industrial control system (ICS) environment.

A quantitative approach (statistical analysis) is adopted to provide an approach to quantify the potential cybersecurity capability aptitudes of industrial human actors, identify the least security-capable workforce in the operational domain with the greatest susceptibility likelihood to cyber-attacks (i.e. weakest link) and guide the enhancement of security assurance. To support these objectives, a Human-factored Cyber Security Capability Evaluation approach is presented using conceptual analysis techniques.

Using a test scenario, the approach demonstrates the capacity to proffer an efficient evaluation of workforce security knowledge and skills capabilities and the identification of weakest link in the workforce.

The approach can enable organisations to gain better workforce security perspectives like security-consciousness, alertness and response aptitudes, thus guiding organisations into adopting strategic means of appropriating security remediation outlines, scopes and resources without undue wastes or redundancies.

This paper demonstrates originality by providing a framework and computational approach for characterising and quantify human-factor security capabilities based on security knowledge and security skills. It also supports the identification of potential security weakest links amongst an evaluated industrial workforce (human agents), some key security susceptibility areas and relevant control interventions. The model and validation results demonstrate the application of action research. This paper demonstrates originality by illustrating how action research can be applied within socio-technical dimensions to solve recurrent and dynamic problems related to industrial environment cyber security improvement. It provides value by demonstrating how theoretical security knowledge (awareness) and practical security skills can help resolve cyber security response and control uncertainties within industrial organisations.

Literature repeatedly complains about the lack of empirical data on the costs of cyber incidents within organizations. Simultaneously, managers urgently require transparent and reliable data in order to make well-informed and cost-benefit optimized decisions. The purpose of this paper is to (1) provide managers with differentiated empirical data on costs, and (2) derive an activity plan for organizations, the government and academia to improve the information base on the costs of cyber incidents.

The authors analyze the benchmark potential of costs within existing literature and conduct a large-scale interview survey with 5,000 German organizations. These costs are directly assignable to the most severe incident within the last 12 months, further categorized into attack types, cost items, employee classes and industry types. Based on previous literature, expert interviews and the empirical results, the authors draft an activity plan containing further research questions and action items.

The findings indicate that the majority of organizations suffer little to no costs, whereas only a small proportion suffers high costs. However, organizations are not affected equally since prevalence rates and costs according to attack types, employee classes, and other variables tend to vary. Moreover, the findings indicate that board members and IS/IT-managers show partly different response behaviors.

The authors present differentiated insights into the direct costs of cyber incidents, based on the authors' knowledge, this is the largest empirical survey in continental Europe and one of the first surveys providing in-depth cost information on German organizations.