Building a Cybersecurity Culture in Organizations

Corradini, Isabella

doi:10.1007/978-3-030-43999-6

Cited by 26 publications

(16 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These include: (1) online fraud, (2) DDoS (Distributed Denial of Service), (3) drive by download, (4) social engineering attacks (Bendovschi 2015 ; Katsikas et al 2006 ; Sabillon et al 2016 ; Shabut et al 2016 ). In particular, social engineering attacks 1 are the top threats against CIS, as they target the ‘people link’, manipulating them into divulging confidential information through influence and persuasion (Corradini 2020 ; Krombholz et al 2015 ), or rendering sophisticated CIS technologies useless (Abawajy 2014 ; Dlamini et. al.…”

Section: Introductionmentioning

confidence: 99%

“…As a consequence, organisations have given great emphasis to technological solutions (e.g., firewalls, antivirus software, and intrusion detection systems) to tackle potential cyber threats (Abawajy 2014 ; Aoyama et al 2015 ; Mouton et al 2016 ; Segovia et al 2017 ). The recent research in cybersecurity widely agrees that a holistic approach as opposed to technical solutions alone is required to contrast cyber-attacks (Al-Darwish and Choe 2019; Bansal et al 2010 ; Corradini, 2020 ; Jeong et al 2019; Eminağaoğlu et al 2009 ). This has been especially recognised in well-addressed sectors, such as education and healthcare, but also in novel and emerging fields, such as autonomous vehicles, where users’ behaviours and attitudes are able to undermine technological advancements (Linkov et al 2019 ).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Leveraging human factors in cybersecurity: an integrated methodological approach

et al. 2021

View full text Add to dashboard Cite

Computer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users’ cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top–down and bottom–up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations’ management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Leveraging human factors in cybersecurity: an integrated methodological approach

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Thus, to limit these vulnerabilities and improve resilience to cyber threats and risks, cyberspace users must display high levels of cybersecurity mindset. Training and education on risk and defense strategies, as well as experiences of cyber‐harm, are also important factors in building a cybersecurity mindset (Corradini, 2020).…”

Section: Literature Reviewmentioning

confidence: 99%

“…Awareness-raising initiatives alone are not sufficient to change unsafe behavior (Young et al, 2017). Consistent training and education on risk and defense strategies, as well as experiences of cyber-harm, are other important contributing factors able to foster prioritizing security and improving skills and practice (Corradini, 2020). Instead in the three countries, while there were some awareness-raising campaigns, and there were experiences of cyber-harm, they were sporadic, insufficient and not linked to a sense of security urgency, and to any broad implementation of cybersecurity education and training programmes to significantly affect the cybersecurity mindset of public and private sectors, and among users.…”

mentioning

confidence: 99%

The impact of COVID‐19 on cybersecurity awareness‐raising and mindset in the southern African development community (SADC)

Bagui

Lusinga

Pule

et al. 2023

E J Info Sys Dev Countries

View full text Add to dashboard Cite

At the beginning of 2020, the world came to a stand-still when governments across the globe decided to enter states of 'emergency' or 'disaster' over the breakout of the COVID-19 pandemic. The responses to the pandemic included stringent movement restrictions and hygiene advice preventing face-to-face interactions. As a result, many activities, including schooling, working, and shopping were moved online, drastically increasing exposure to cyber threats and risks. It is unclear if and how the rapid increase in internet use corresponded to an improvement in cybersecurity mindset development in countries of the Southern African Development Community (SADC). This paper explores the effect of the increase in digital technology usage due to the COVID-19 pandemic restrictions on the relationship between cybersecurity awareness-raising initiatives and the development of higher levels of cybersecurity mindset in Botswana, Lesotho, and Malawi. These three countries have a similar cybersecurity footprint and an average cybersecurity capacity level for the region.The research applies a comparative multiple case study approach relying on a thematic review of the literature and related documents, supported by in-depth interviews with purposefully selected key informants from the three selected SADC countries. Findings suggest that since the start of the COVID-19 pandemic, awareness-raising programs have gained some momentum in our selected countries, but the cybersecurity mindset has not improved. That was attributed to low frequency and poor quality of campaigns added to the lack of training, education and lived experience. The paper highlights the need to increase the frequency and improve the quality of programmes, for greater impact on the development of local cybersecurity mindsets.

show abstract

“…Although these are the major concepts defining cybersecurity, we focus on an additional set of organizational elements. According to Corradini (2020), there is a strong need to improve the current approach to cybersecurity via critical thinking and a multidisciplinary concept of this phenomenon. Because cybersecurity goes beyond the detection of technological impacts and involves all the dimensions of an organization, a new approach now involves the management and organizational area (Tejay and Klein, 2021).…”

Section: Introductionmentioning

confidence: 99%

Organizational cybersecurity readiness in the ICT sector: a quanti-qualitative assessment

Neri

Niccolini

Martino

2023

ICS

View full text Add to dashboard Cite

Purpose Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness. Design/methodology/approach This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews. Findings Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness. Originality/value Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.

show abstract

Building a Cybersecurity Culture in Organizations

Cited by 26 publications

References 0 publications

Leveraging human factors in cybersecurity: an integrated methodological approach

Leveraging human factors in cybersecurity: an integrated methodological approach

The impact of COVID‐19 on cybersecurity awareness‐raising and mindset in the southern African development community (SADC)

Organizational cybersecurity readiness in the ICT sector: a quanti-qualitative assessment

Contact Info

Product

Resources

About