Search results

Cyber resilience in cyber supply chain (CSC) systems security has become inevitable as attacks, risks and vulnerabilities increase in real-time critical infrastructure systems with little time for system failures. Cyber resilience approaches ensure the ability of a supply chain system to prepare, absorb, recover and adapt to adverse effects in the complex CPS environment. However, threats within the CSC context can pose a severe disruption to the overall business continuity. The paper aims to use machine learning (ML) techniques to predict threats on cyber supply chain systems, improve cyber resilience that focuses on critical assets and reduce the attack surface.

The approach follows two main cyber resilience design principles that focus on common critical assets and reduce the attack surface for this purpose. ML techniques are applied to various classification algorithms to learn a dataset for performance accuracies and threats predictions based on the CSC resilience design principles. The critical assets include Cyber Digital, Cyber Physical and physical elements. We consider Logistic Regression, Decision Tree, Naïve Bayes and Random Forest classification algorithms in a Majority Voting to predicate the results. Finally, we mapped the threats with known attacks for inferences to improve resilience on the critical assets.

The paper contributes to CSC system resilience based on the understanding and prediction of the threats. The result shows a 70% performance accuracy for the threat prediction with cyber resilience design principles that focus on critical assets and controls and reduce the threat.

Therefore, there is a need to understand and predicate the threat so that appropriate control actions can ensure system resilience. However, due to the invincibility and dynamic nature of cyber attacks, there are limited controls and attributions. This poses serious implications for cyber supply chain systems and its cascading impacts.

ML techniques are used on a dataset to analyse and predict the threats based on the CSC resilience design principles.

There are no social implications rather it has serious implications for organizations and third-party vendors.

The originality of the paper lies in the fact that cyber resilience design principles that focus on common critical assets are used including Cyber Digital, Cyber Physical and physical elements to determine the attack surface. ML techniques are applied to various classification algorithms to learn a dataset for performance accuracies and threats predictions based on the CSC resilience design principles to reduce the attack surface for this purpose.

MITRE and the National Security Agency cooperatively developed and maintained a D3FEND knowledge graph (KG). It provides concepts as an entity from the cybersecurity countermeasure domain, such as dynamic, emulated and file analysis. Those entities are linked by applying relationships such as analyze, may_contains and encrypt. A fundamental challenge for collaborative designers is to encode knowledge and efficiently interrelate the cyber-domain facts generated daily. However, the designers manually update the graph contents with new or missing facts to enrich the knowledge. This paper aims to propose an automated approach to predict the missing facts using the link prediction task, leveraging embedding as representation learning.

D3FEND is available in the resource description framework (RDF) format. In the preprocessing step, the facts in RDF format converted to subject–predicate–object triplet format contain 5,967 entities and 98 relationship types. Progressive distance-based, bilinear and convolutional embedding models are applied to learn the embeddings of entities and relations. This study presents a link prediction task to infer missing facts using learned embeddings.

Experimental results show that the translational model performs well on high-rank results, whereas the bilinear model is superior in capturing the latent semantics of complex relationship types. However, the convolutional model outperforms 44% of the true facts and achieves a 3% improvement in results compared to other models.

Despite the success of embedding models to enrich D3FEND using link prediction under the supervised learning setup, it has some limitations, such as not capturing diversity and hierarchies of relations. The average node degree of D3FEND KG is 16.85, with 12% of entities having a node degree less than 2, especially there are many entities or relations with few or no observed links. This results in sparsity and data imbalance, which affect the model performance even after increasing the embedding vector size. Moreover, KG embedding models consider existing entities and relations and may not incorporate external or contextual information such as textual descriptions, temporal dynamics or domain knowledge, which can enhance the link prediction performance.

Link prediction in the D3FEND KG can benefit cybersecurity countermeasure strategies in several ways, such as it can help to identify gaps or weaknesses in the existing defensive methods and suggest possible ways to improve or augment them; it can help to compare and contrast different defensive methods and understand their trade-offs and synergies; it can help to discover novel or emerging defensive methods by inferring new relations from existing data or external sources; and it can help to generate recommendations or guidance for selecting or deploying appropriate defensive methods based on the characteristics and objectives of the system or network.

The representation learning approach helps to reduce incompleteness using a link prediction that infers possible missing facts by using the existing entities and relations of D3FEND.

This study addresses the ever-increasing cyber risks confronting the global banking sector, particularly in India, amid rapid technological advancements. The purpose of this study is to de velop an innovative cyber fraud (CF) response system that effectively controls cyber threats, prioritizes fraud, detects early warning signs (EWS) and suggests mitigation measures.

The methodology involves a detailed literature review on fraud identification, assessment methods, prevention techniques and a theoretical model for fraud prevention. Machine learning-based data analysis, using self-organizing maps, is used to assess the severity of CF dynamically and in real-time.

Findings reveal the multifaceted nature of CF, emphasizing the need for tailored control measures and a shift from reactive to proactive mitigation. The study introduces a paradigm shift by viewing each CF as a unique “fraud event,” incorporating EWS as a proactive intervention. This innovative approach distinguishes the study, allowing for the efficient prioritization of CFs.

The practical implications of such a study lie in its potential to enhance the banking sector’s resilience to cyber threats, safeguarding stability, reputation and overall risk management.

The originality stems from proposing a comprehensive framework that combines machine learning, EWS and a proactive mitigation model, addressing critical gaps in existing cyber security systems.

This paper aims to focus on the different types of insider-led cyber frauds that gained mainstream attention in recent large-scale fraud events involving prominent Indian banking institutions. In addition to identifying and classifying cyber fraud, the study maps them on a severity scale for optimal mitigation planning.

The methodology used for identification and classification is an analysis of a detailed literature review, a focus group discussion with risk and vigilance officers and cyber cell experts, as well as secondary data of cyber fraud losses. Through machine learning-based random forest, the authors predicted the future of insider-led cyber frauds in the Indian banking business and prioritized and predicted the same. The projected future reveals the dominance of a few specific cyber frauds, which will make it easier to develop a fraud mitigation model based on a victim-centric approach.

The paper concludes with a conceptual framework that can be used to ensure a sustainable cyber fraud mitigation ecosystem within the scope of the study. By using the findings of this research, policymakers and fraud investigators will be able to create a more robust environment for banks through timely detection of cyber fraud and prevent it appropriately before it happens.

The study focuses on fraud, risk and mitigation from a victim-centric perspective and does not address it from the fraudster’s perspective. Data availability was a challenge. Banks are recommended to compile data that can be used for analysis both by themselves and other policymakers.

The structured, sustainable cyber fraud mitigation suggested in the study will provide an agile, quick, proactive, stakeholder-specific plan that helps to safeguard banks, employees, regulatory authorities, customers and the economy. It saves resources, cost and time for bank authorities and policymakers. The mitigation measures will also help improve the reputational status of the Indian banking business and prolong the banks’ sustenance.

The innovative cyber fraud mitigation approach contributes to the sustainability of a bank’s ecosystem quickly, proactively and effectively.

A zero-day vulnerability is a complimentary ticket to the attackers for gaining entry into the network. Thus, there is necessity to device appropriate threat detection systems and establish an innovative and safe solution that prevents unauthorised intrusions for defending various components of cybersecurity. We present a survey of recent Intrusion Detection Systems (IDS) in detecting zero-day vulnerabilities based on the following dimensions: types of cyber-attacks, datasets used and kinds of network detection systems.

Purpose: The study focuses on presenting an exhaustive review on the effectiveness of the recent IDS with respect to zero-day vulnerabilities.

Methodology: Systematic exploration was done at the IEEE, Elsevier, Springer, RAID, ESCORICS, Google Scholar, and other relevant platforms of studies published in English between 2015 and 2021 using keywords and combinations of relevant terms.

Findings: It is possible to train IDS for zero-day attacks. The existing IDS have strengths that make them capable of effective detection against zero-day attacks. However, they display certain limitations that reduce their credibility. Novel strategies like deep learning, machine learning, fuzzing technique, runtime verification technique, and Hidden Markov Models can be used to design IDS to detect malicious traffic.

Implication: This paper explored and highlighted the advantages and limitations of existing IDS enabling the selection of best possible IDS to protect the system. Moreover, the comparison between signature-based and anomaly-based IDS exemplifies that one viable approach to accurately detect the zero-day vulnerabilities would be the integration of hybrid mechanism.

The study aims to overview the different types of internal-led cyber fraud that have gained mainstream attention in recent major-value fraud events involving prominent Indian banks. The authors attempted to identify and classify cyber frauds and its drivers and correlate them for optimal mitigation planning.

The methodology opted for the identification and classification is through a detailed literature review and focus group discussion with risk and vigilance officers and cyber cell experts. The authors assessed the future of cyber fraud in the Indian banking business through the machine learning–based k-nearest neighbor (K-NN) approach and prioritized and predicted the future of cyber fraud. The predicted future revealing dominance of a few specific cyber frauds will help to get an appropriate fraud prevention model, using an associated parties centric (victim and offender) root-cause approach. The study uses correlation analysis and maps frauds with their respective drivers to determine the resource specific effective mitigation plan.

Finally, the paper concludes with a conceptual framework for preventing internal-led cyber fraud within the scope of the study. A cyber fraud mitigation ecosystem will be helpful for policymakers and fraud investigation officers to create a more robust environment for banks through timely and quick detection of cyber frauds and prevention of them.

Additionally, the study supports the Reserve Bank of India and the Government of India's launched cyber security initiates and schemes which ensure protection for the banking ecosystem i.e. RBI direct scheme, integrated ombudsman scheme, cyber swachhta kendra (botnet cleaning and malware analysis centre), National Cyber Coordination Centre (NCCC) and Security Monitoring Centre (SMC).

Structured and effective internal-led plans for cyber fraud mitigation proposed in this study will conserve banks, employees, regulatory authorities, customers and economic resources, save bank authorities’ and policymakers’ time and money, and conserve resources. Additionally, this will enhance the reputation of the Indian banking industry and extend its lifespan.

The innovative insider-led cyber fraud mitigation approach quickly identifies cyber fraud, prioritizes it, identifies its prominent root causes, map frauds with respective root causes and then suggests strategies to ensure a cost-effective and time-saving bank ecosystem.

Various organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their Internet with small and medium scale enterprises (SMEs) and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks and identifies mitigating circumstances to improve security controls in an evolving organizational landscape.

The approach follows two main cybercrime framework design principles that focus on existing attack detection phases and proposes a cybercrime mitigation framework (CCMF) that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models and validation of framework standards to improve security. The novelty contribution of this paper is threefold: first, the authors explore the existing threat landscapes, various cybercrimes, models and the methods that adversaries are deploying on organizations. Second, the authors propose a threat model required for mitigating the risk factors. Finally, the authors recommend control mechanisms in line with security standards to improve security.

The results show that cybercrimes can be mitigated using a CCMF to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape.

The paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration and obfuscations.

Attack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence (CTI) gathering, inadequate attack modeling and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes.

There are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage.

The paper’s originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.

The main purpose of this research is to produce the most accurate theoretical framework of the potential threat of cyberterrorism to the national security, compared to conventional terrorism. So it aims to identify the theoretical framework that best explains the threat of cyberterrorism and conventional terrorism to national security derived from empirical data, using grounded theory, and to validate the developed grounded theory statistically by quantitative data.

This paper presents the results of the quantitative study survey. It provides in the beginning basic information about the data. To purify the data, reliability and exploratory factor analysis, as well as confirmatory factor analysis (CFA), were performed. Then, structural equation modelling was utilised to test the final model of the theory and to assess the overall goodness-of-fit between the proposed model and the collected data set.

The first study, as a qualitative exploratory study, gives a rich data set that provides the foundation of the development of the second study, as a quantitative confirmatory study. In the researcher’s previous qualitative study, it provides a better theoretical understanding of the potential threat of cyber and conventional terrorism to Saudi national security. Also, it provides the development of the grounded theory of the study (Figure 1). It also has led to the development of the conceptual framework and the hypotheses for the second phase of the study (i.e. survey).

It is original study based on empirical data collected from Saudi military and security officials and experts in the critical infrastructures.

Cyber management of organizations includes eliminating security gaps, ensuring information confidentiality, and protecting customers' data. In addition, production and planning, protecting cyber and digital infrastructure are included in the chapter. The chapter deals with these issues in the context of strategy and management. In addition, the conflicts arising from competitors to access the tacit knowledge (confidential information, commercial secrets, commercial relations, customers, and tenders) of the businesses are discussed in the chapter. Cyber conflicts have now turned into a business-to-business war. Businesses have become targets in cyberwars. This chapter, therefore, examines these issues in depth.

Although risks are present in any organisation and the importance of their study is obvious, the authors find that risk analysis is an area still in its infancy, as reflected in the small number of existing publications on this topic. Human resources tend to understand risk in an elementary way. The ability of human resources to perceive risk is the ability and competence to identify a potential threat that does not always appear.

Aim: The aim of the this chapter was to provide additional knowledge on human resource competencies, in order to avoid the emergence and spread of risks at the organisational and cyber level.

Methodology: The authors used the quantitative–comparative analysis, by presenting all the details regarding the competencies of the human resource in order to manage the risks at organisational and cybernetic level.

Findings: The findings of this chapter show that the compulsory competencies of the human resource influence both the general competencies and the special competencies: information technology and communications, security ethics and economic ones. These, in turn, can improve or diminish cyber security competencies by almost 50%.

Originality of the Study: This study is highlighted by results obtained from the analysis of the capacity of human resources, to integrate theoretical knowledge and practical competencies on the perception of cyber risk. Of particular importance for this research are the analysis of data and the interpretation of results on human resources competencies. In this sense, throughout the chapter are assessed the skills of human resources, necessary for the management of cyber risks at the organisational level. In terms of future research implications, it could be important research to identify a method of assessing the competencies acquired by human resources applied from the perspective of cyber risk.