Search results

Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also face a constant stream of cyberattacks through varied methods by actors with myriad motivations. These threats are not expected to diminish in the near future. As a result, homeland security and national security professionals at all levels of government must understand the unique motivations and capabilities of malicious cyber actors in order to better protect against and respond to cyberattacks. This chapter outlines the most common cyberattacks; explains the motivations behind these attacks; and describes the federal, state, and local efforts to address these threats.

Cyber management of organizations includes eliminating security gaps, ensuring information confidentiality, and protecting customers' data. In addition, production and planning, protecting cyber and digital infrastructure are included in the chapter. The chapter deals with these issues in the context of strategy and management. In addition, the conflicts arising from competitors to access the tacit knowledge (confidential information, commercial secrets, commercial relations, customers, and tenders) of the businesses are discussed in the chapter. Cyber conflicts have now turned into a business-to-business war. Businesses have become targets in cyberwars. This chapter, therefore, examines these issues in depth.

Although risks are present in any organisation and the importance of their study is obvious, the authors find that risk analysis is an area still in its infancy, as reflected in the small number of existing publications on this topic. Human resources tend to understand risk in an elementary way. The ability of human resources to perceive risk is the ability and competence to identify a potential threat that does not always appear.

Aim: The aim of the this chapter was to provide additional knowledge on human resource competencies, in order to avoid the emergence and spread of risks at the organisational and cyber level.

Methodology: The authors used the quantitative–comparative analysis, by presenting all the details regarding the competencies of the human resource in order to manage the risks at organisational and cybernetic level.

Findings: The findings of this chapter show that the compulsory competencies of the human resource influence both the general competencies and the special competencies: information technology and communications, security ethics and economic ones. These, in turn, can improve or diminish cyber security competencies by almost 50%.

Originality of the Study: This study is highlighted by results obtained from the analysis of the capacity of human resources, to integrate theoretical knowledge and practical competencies on the perception of cyber risk. Of particular importance for this research are the analysis of data and the interpretation of results on human resources competencies. In this sense, throughout the chapter are assessed the skills of human resources, necessary for the management of cyber risks at the organisational level. In terms of future research implications, it could be important research to identify a method of assessing the competencies acquired by human resources applied from the perspective of cyber risk.

There is a research gap in the explanation of cyber incident response approaches in management to increase cyber maturity for small–medium-size enterprises (SMEs). Therefore, based on the literature analysis, the chapter aims to (1) provide cyber incident response characteristics, (2) show the importance for SMEs, (3) identify cyber incident response feasibility and causal factors, (4) provide scenarios for consideration to create an incident response plan (IRP), and (5) discuss the cyber incident response and managerial approaches in SMEs. The authors used content analysis of scientific and professional articles to develop the theoretical foundation of incident response approaches in management for SMEs. The authors start from the fundamentals to obtain knowledge and understanding of the latest threats and opportunities, and how to defend themselves using the limited capacity of resources might be the starting point to building an extensive incident response capability. Incident response capabilities and maturity levels vary widely between various organisations. There is no simple one-size-fits-all process for incident response; each case is unique and requires continuous refinement. Differentiation and adaptation to different types of SMEs are pivotal to developing cyber maturity and defining requirements that fit the market’s needs and are therefore more efficient in achieving the goal of increasing cyber security (CS) among business management. SMEs may not have a mature IRP, but at least one readiness indicator could lead to the preparation of a mature IRP. Implementation of the secure undertakings and information processes requires using modern information and communication technologies, incident response processes, and other modules that could enhance support for decision-making processes in management. The approach requires a systematic approach to issues related to constructing these solutions. The authors highlight that building efficient incident response approaches in management to improve cyber maturity will begin with infrastructure and people factors.

The concept of cyber-spirituality and digital security has recently emerged due to the increasing dependence on technology. Using technology in spiritual contexts presents opportunities for enhanced spiritual experiences and risks that can compromise one's digital security. It emphasizes how the intersection of spirituality and technology can potentially result in a more fulfilling spiritual practice while adding to the existing concerns about data security.

In contemporary times, the impact of technology on mental health has emerged as a critical concern that demands ethical conduct in cyberspace. People are increasingly invested in fostering interfaith dialogues, achieving social equity, and promoting fair play within online communities. This chapter highlights the imperative need to approach technology with mindfulness while prioritizing digital safety in the fast-paced world.

In today's interconnected world, internet users are constantly exposed to a host of risks, including cyberattacks, cyberbullying, cyber-victimizations, and privacy violations. This chapter critically examines these severe threats to personal safety as well as overall societal well-being caused by increasing digitization. Focusing on critical factors such as digital literacy, digital citizenship, cybersecurity practices, and the legal framework concerning data protection, it stresses responsible conduct in the virtual space through informed decision-making by individuals.

Overall, this chapter aims to investigate how cyber-spirituality intersects with digital security in the context of the workplace. Accordingly, it advocates for an introspective attitude toward technology usage that underscores responsible behavior while helping us strike a balanced relationship with digital tools. Through this approach, we can not only safeguard against potential threats but also enhance our emotional well-being.

This chapter focuses on a critical issue in cyber intelligence in the United States (US) that concerns the engagement of state-owned or state-controlled entities with overseeing citizen’s activity in cyberspace. The emphasis in the discussion is placed on the constitutionality of state actions and the shifting boundaries in which the state can act in the name of security to protect its people from the nation’s enemies. A second piece of this discussion is which state actors and agencies can control the mechanisms by which this sensitive cyber information is collected, stored, and if needed, acted upon. The most salient case with regard to this debate is that of Edward Snowden. It reveals the US government’s abuses of this surveillance machinery prompting major debates around the topics of privacy, national security, and mass digital surveillance. When observing the response to Snowden’s disclosures one can ask what point of view is being ignored, or what questions are not being answered. By considering the silence as a part of our everyday language we can improve our understanding of mediated discourses. Recommendations on cyber-intelligence reforms in response to Snowden’s revelations – and whether these are in fact practical in modern, high-technology societies such as the US – follow.

Purpose: Small and medium enterprises (SMEs) are the most significant contributors to maximum employment generation, the gross domestic product (GDP) of many countries, and the overall global economy. It is also evident that cyber threats are becoming a big challenge for SMEs, which is directly impacting global economy.

Methodology: Existing research inputs were accessed to understand current cyber threats for SMEs and their cybersecurity posture. Additionally, this research has collected the latest insights by taking direct inputs from SMEs and conducting a well-designed research survey. It has provided a few direct inputs to designing solutions for the SME segment. For analysis and recommendations, cybersecurity best practices and core cybersecurity concepts are considered at the centre of the solution.

Findings: Implementing existing cybersecurity standards or frameworks is not easy for SMEs, as they generally have limited resources and different priorities for their business when it comes to the implementation of any cybersecurity controls. Currently, many cybersecurity standards are not able to support the implementation of business domain-specific controls.

Practical implications: Along with the research findings shared in this chapter, as a resolution to the problems faced by SMEs, the authors will propose a new framework as a solution. This framework is designed using core concepts of cybersecurity such as confidentiality, integrity, and availability (CIA triad) as well as defence in depth (DiD) mechanisms in each layer of organisation. The authors will also share a high-level idea about how reliable artificial intelligence-based software can help identify recommended controls for particular SMEs.

A cyberattack is an attempt by cybercriminals as individuals or organizations with unauthorized access using one or more computers and computer systems to steal, expose, change, disable or eliminate information, or to breach computer information systems, computer networks, and computer infrastructures. Cyberattackers gain a benefit from victims, which may be criminal such as stealing data or money, or political or personal such as revenge. In cyberattacks, various targets are possible. Some potential targets for businesses include business and customer financial data, customer lists, trade secrets, and login credentials.

Cyberattackers use a variety of methods to gain access to data, including malware such as viruses, worms, and spyware and phishing methods, man-in-the-middle attacks, denial-of-service attacks, SQL injection, zero-day exploit, and DNS tunneling.

Related to cyberattack, the term cyberwarfare is gaining popularity nowadays. Cyberwarfare is the use of cyberattacks by a state or an organization to cause harm as in warfare against another state's or organization's computer information systems, networks, and infrastructures.

Military, civil, and ideological motivations, or hacktivism can be used to launch a cyberwarfare. For these reasons, cyberwarfare may be used to conduct espionage, sabotage, propaganda, and economic disruption.

Considering highly digitalized business processes such as e-mails, digital banking, online conference, and digital manufacturing methods, damage of cyberwarfare to businesses and countries are unavoidable. As a result, developing strategies for defending against cyberattacks and cyberwarfare is critical for businesses. The concepts of cyberattack and cyberwarfare, as well as business strategies to be protected against them will be discussed in this chapter.