Search results

The cyber security industry emerged rapidly in recent years due to mounting cyber threats and increasing cyber hacking activities. Research on emerging technologies emphasizes the risks and sometimes neglects to address the potential positive contribution to cyber security. The purpose of this study is to conduct a relatively balanced long-term foresight study to elicit major significant threat drivers and to identify emerging technologies that are likely to have a significant impact on defense and attack capabilities in cyber security.

The main instruments used in this study were horizon scanning and an online survey among subject-matter experts that assessed emerging threats and the potential impact of several emerging technologies on cyber defense capabilities and cyber attack capabilities.

An expert survey shows that cyber resilience, homomorphic encryption and blockchain may be considered as technologies contributing mainly to defense capabilities. On the other hand, Internet of Things, biohacking and human machine interface (HMI) and autonomous technologies add mainly to attack capabilities. In the middle, we find autonomous technologies, quantum computing and artificial intelligence that contribute to defense, as well as to attack capabilities, with roughly similar impact on both.

This study adds to the current research a balanced long-term view and experts’ assessment of negative and positive impacts of emerging technologies, including their time to maturity and consensus levels. Two new Likert scale measures were applied to measure the potential impact of emerging technologies on cyber security, thus enabling the classification of the results into four groups (net positive, net negative, positive-positive and negative-negative).

The transformation of the United Arab Emirates (UAE) into an important global economic player has been accompanied by digitalization that has also left it at a risk to cybercrime. Concurrent with the rise in technology use, the UAE fast became one of the most targeted countries in the world. The purpose of this paper is to discuss how the UAE has tried to cope with accelerating levels of cyber threat using legislative and regulatory efforts as well as public- and private-sector initiatives meant to raise cybersecurity awareness.

The paper surveys the UAE’s cybersecurity legislative, regulatory and educational initiatives from 2003 to 2019.

Because the human factor still remains the number one reason for security breaches, robust cyber laws alone are not enough to protect against cyber threats. Building public awareness and educating internet users about cyber risks and safety have become essential components of the UAE's efforts in building a more secure cyber environment for the country.

The paper relies on English-language translations of primary sources (laws) originally in Arabic, as well as English-language studies from local media. This should not be considered a problem, as English is established as the language of business and commerce in the UAE.

The paper provides a detailed overview of the country’s cybersecurity environment to guide and aide practitioners with risk assessment and legal and regulatory compliance.

The paper presents a comprehensive overview of the UAE’s cybersecurity legislative, regulatory and educational environment. It also surveys government and private sector initiatives directed in protecting the country’s cyberspace.

Cyber resilience in cyber supply chain (CSC) systems security has become inevitable as attacks, risks and vulnerabilities increase in real-time critical infrastructure systems with little time for system failures. Cyber resilience approaches ensure the ability of a supply chain system to prepare, absorb, recover and adapt to adverse effects in the complex CPS environment. However, threats within the CSC context can pose a severe disruption to the overall business continuity. The paper aims to use machine learning (ML) techniques to predict threats on cyber supply chain systems, improve cyber resilience that focuses on critical assets and reduce the attack surface.

The approach follows two main cyber resilience design principles that focus on common critical assets and reduce the attack surface for this purpose. ML techniques are applied to various classification algorithms to learn a dataset for performance accuracies and threats predictions based on the CSC resilience design principles. The critical assets include Cyber Digital, Cyber Physical and physical elements. We consider Logistic Regression, Decision Tree, Naïve Bayes and Random Forest classification algorithms in a Majority Voting to predicate the results. Finally, we mapped the threats with known attacks for inferences to improve resilience on the critical assets.

The paper contributes to CSC system resilience based on the understanding and prediction of the threats. The result shows a 70% performance accuracy for the threat prediction with cyber resilience design principles that focus on critical assets and controls and reduce the threat.

Therefore, there is a need to understand and predicate the threat so that appropriate control actions can ensure system resilience. However, due to the invincibility and dynamic nature of cyber attacks, there are limited controls and attributions. This poses serious implications for cyber supply chain systems and its cascading impacts.

ML techniques are used on a dataset to analyse and predict the threats based on the CSC resilience design principles.

There are no social implications rather it has serious implications for organizations and third-party vendors.

The originality of the paper lies in the fact that cyber resilience design principles that focus on common critical assets are used including Cyber Digital, Cyber Physical and physical elements to determine the attack surface. ML techniques are applied to various classification algorithms to learn a dataset for performance accuracies and threats predictions based on the CSC resilience design principles to reduce the attack surface for this purpose.

Purpose: A cyber insurance policy’s purpose is to help in the recovering of a person or corporation following a cyber breach and to compensate for civil suit expenses stemming from first- and third-party responsibility claims.

Methodology: The usage of cybersecurity spending has forecast a variety of security categories using F&S projection methodology. Each of these is suited to the end-user organisations of in-scope security mechanisms, as well as the particular market circumstances. Critical national infrastructure (CNI), immigration control, big events, first responding, executive branch, infrastructure, and transportation security are among the worldwide forecast categories. This segmentation is further subdivided into 16 subsegments, each with its own security forecasting system. F&S protection marketplaces are anticipated using a bottom-up technique for each nation, which adds up to worldwide market penetration. This covers 177 nations spread throughout seven zones.

Findings: The cybersecurity insurer industry was valued at USD 7.36 billion in 2020 and is predicted to be worth USD 27.83 billion by 2026, growing at a compound annual growth rate (CAGR) of 24.30% during the forecast time frame (2021–2026). The expanding use of digitalisation innovations such as the cloud, big data, mobile computing, internet of things (IoT), and artificial intelligence (AI) across more lines of employment and society, as well as improved connectivity, have enhanced the burden of already overburdened information technology (IT) staff.

Practical implications: Accepted the innovative Insurance Data Security Model Law (#668), which necessitates insurance providers and other agencies registered by government insurance agencies to advance, integrate, and establish an information security management system; start investigating any cybersecurity events; and advise the private insurance superintendent of such happenings. Too far, the approach has been embraced by governorates.

Various organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their Internet with small and medium scale enterprises (SMEs) and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks and identifies mitigating circumstances to improve security controls in an evolving organizational landscape.

The approach follows two main cybercrime framework design principles that focus on existing attack detection phases and proposes a cybercrime mitigation framework (CCMF) that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models and validation of framework standards to improve security. The novelty contribution of this paper is threefold: first, the authors explore the existing threat landscapes, various cybercrimes, models and the methods that adversaries are deploying on organizations. Second, the authors propose a threat model required for mitigating the risk factors. Finally, the authors recommend control mechanisms in line with security standards to improve security.

The results show that cybercrimes can be mitigated using a CCMF to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape.

The paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration and obfuscations.

Attack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence (CTI) gathering, inadequate attack modeling and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes.

There are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage.

The paper’s originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.