We need to aim at the top: Factors associated with cybersecurity awareness of cyber and information security decision-makers
- URL: http://arxiv.org/abs/2404.04725v1
- Date: Sat, 6 Apr 2024 20:32:19 GMT
- Title: We need to aim at the top: Factors associated with cybersecurity awareness of cyber and information security decision-makers
- Authors: Simon Vrhovec, Blaž Markelj,
- Abstract summary: We study cybersecurity awareness of cyber and information security decision-makers.
Our findings indicate that awareness of well-known threats and solutions seems to be quite low for individuals in decision-making roles.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Cyberattacks pose a significant business risk to organizations. Although there is ample literature focusing on why people pose a major risk to organizational cybersecurity and how to deal with it, there is surprisingly little we know about cyber and information security decision-makers who are essentially the people in charge of setting up and maintaining organizational cybersecurity. In this paper, we study cybersecurity awareness of cyber and information security decision-makers, and investigate factors associated with it. We conducted an online survey among Slovenian cyber and information security decision-makers (N=283) to (1) determine whether their cybersecurity awareness is associated with adoption of antimalware solutions in their organizations, and (2) explore which organizational factors and personal characteristics are associated with their cybersecurity awareness. Our findings indicate that awareness of well-known threats and solutions seems to be quite low for individuals in decision-making roles. They also provide insights into which threats and solutions are cyber and information security decision-makers the least aware of. We uncovered that awareness of certain threats and solutions is positively associated with either adoption of advanced antimalware solutions with EDR/XDR capabilities or adoption of SOC. Additionally, we identified significant organizational factors (organizational role type) and personal characteristics (gender, age, experience with information security and experience with IT) related to cybersecurity awareness of cyber and information security decision-makers. Organization size and formal education were not significant. These results offer insights that can be leveraged in targeted cybersecurity training tailored to the needs of groups of cyber and information security decision-makers based on these key factors.
Related papers
- Cybersecurity Challenge Analysis of Work-from-Anywhere (WFA) and Recommendations guided by a User Study [1.1749564892273827]
Many organizations were forced to quickly transition to the work-from-anywhere (WFA) model as a necessity to continue with their operations and remain in business despite the restrictions imposed during the COVID-19 pandemic.
This paper attempts to uncover some challenges and implications related to the cybersecurity of the WFA model.
We conducted an online user study to investigate the readiness and cybersecurity awareness of employers and their employees who shifted to work remotely from anywhere.
arXiv Detail & Related papers (2024-09-11T18:47:04Z) - Security in IS and social engineering -- an overview and state of the art [0.6345523830122166]
The digitization of all processes and the opening to IoT devices has fostered the emergence of a new formof crime, i.e. cybercrime.
The maliciousness of such attacks lies in the fact that they turn users into facilitators of cyber-attacks, to the point of being perceived as the weak link'' of cybersecurity.
Knowing how to anticipate, identifying weak signals and outliers, detect early and react quickly to computer crime are therefore priority issues requiring a prevention and cooperation approach.
arXiv Detail & Related papers (2024-06-17T13:25:27Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - The New Frontier of Cybersecurity: Emerging Threats and Innovations [0.0]
The research delves into the consequences of these threats on individuals, organizations, and society at large.
The sophistication and diversity of these emerging threats necessitate a multi-layered approach to cybersecurity.
This study emphasizes the importance of implementing effective measures to mitigate these threats.
arXiv Detail & Related papers (2023-11-05T12:08:20Z) - knowCC: Knowledge, awareness of computer & cyber ethics between CS/non-CS university students [0.0]
This research focuses on the relations between cybersecurity awareness, cyber knowledge, computer ethics, cyber ethics, and cyber behavior.
The findings express that while internet users are alert of cyber threats, they only take the most elementary and easy-to-implement precautions.
arXiv Detail & Related papers (2023-10-19T12:29:26Z) - On the Security Risks of Knowledge Graph Reasoning [71.64027889145261]
We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors.
We present ROAR, a new class of attacks that instantiate a variety of such threats.
We explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries.
arXiv Detail & Related papers (2023-05-03T18:47:42Z) - Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society.
Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities.
With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z) - A System for Automated Open-Source Threat Intelligence Gathering and
Management [53.65687495231605]
SecurityKG is a system for automated OSCTI gathering and management.
It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
arXiv Detail & Related papers (2021-01-19T18:31:35Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - SMEs' Confidentiality Concerns for Security Information Sharing [1.3452510519858993]
Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks.
This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing.
The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing.
arXiv Detail & Related papers (2020-07-13T10:59:40Z) - Adversarial Machine Learning Attacks and Defense Methods in the Cyber
Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques.
It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.