Determinants of cyber-incidents among small and medium US cities

Caldarulo, Mattia; Welch, Eric W.; Feeney, Mary

doi:10.1016/j.giq.2022.101703

Cited by 12 publications

(3 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The lack of training opportunities and quality resources increases the likelihood of successful attack campaigns, and subsequently, increases the likelihood of a successful compromise. It has been found that "97% of users cannot identify a sophisticated phishing email" [9] and that investing in the employees' training "reduces the likelihood of cyber-incidents occurrence" [13].…”

Section: A Threat Landscapementioning

confidence: 99%

Small Cities, Big Threats

Moran,

Powers,

Billman

et al. 2024

CISSE

View full text Add to dashboard Cite

The following is a partner paper published to the CISSE journal. For more information, please visit the PISCES website. Small town governments were once thought to be at a lower risk from cyber threat actors due to their geographical isolation and small digital footprint. The past few years has shown that to be definitively false, with several different threat actors successfully attacking local municipalities, ultimately causing disruptions to critical services, monetary loss, and privacy breaches. With the now ubiquitous presence of the internet, the reality is small city governments are at the same, if not even higher, overall risk of being attacked as large entities. For small municipalities and organizations, there may not be much opportunity to invest additional resources into cyber security due to staffing concerns and limited budgets. This paper will discuss how, while it may seem the overall risk of a cyberattack is lower because these organizations are “small fish”, the probability and impact of an attack are just as high, if not higher in some circumstances, than large, high visibility organizations.

show abstract

Section: A Threat Landscapementioning

confidence: 99%

Small Cities, Big Threats

Moran,

Powers,

Billman

et al. 2024

CISSE

View full text Add to dashboard Cite

show abstract

“…This is due to a limited understanding of the probability and characteristics of potential attacks [9,18]. The lack of research into the adverse effects of cyber attacks hinders the researchers' ability to understand the organizational and societal implications of these malicious activities [19,20].…”

Section: Event Model (Em)mentioning

confidence: 99%

Security Attack Behavioural Pattern Analysis for Critical Service Providers

Seid,

Popov,

Blix

2024

JCP

View full text Add to dashboard Cite

Identifying potential system attacks that define security requirements is crucial to building secure cyber systems. Moreover, the attack frequency makes their subsequent analysis challenging and arduous in cyber–physical systems (CPS). Since CPS include people, organisations, software, and infrastructure, a thorough security attack analysis must consider both strategic (social and organisational) aspects and technical (software and physical infrastructure) aspects. Studying cyberattacks and their potential impact on internal and external assets in cyberspace is essential for maintaining cyber security. The importance is reflected in the work of the Swedish Civil Contingencies Agency (MSB), which receives IT incident reports from essential service providers mandated by the NIS directive of the European Union and Swedish government agencies. To tackle this problem, a multi-realm security attack event monitoring framework was proposed to monitor, model, and analyse security events in social(business process), cyber, and physical infrastructure components of cyber–physical systems. This paper scrutinises security attack patterns and the corresponding security solutions for Swedish government agencies and organisations within the EU’s NIS directive. A pattern analysis was conducted on 254 security incident reports submitted by critical service providers. A total of five critical security attacks, seven vulnerabilities (commonly known as threats), ten attack patterns, and ten parallel attack patterns were identified. Moreover, we employed standard mitigation techniques obtained from recognised repositories of cyberattack knowledge, namely, CAPEC and Mitre, in order to conduct an analysis of the behavioural patterns

show abstract

“…A nivel internacional, según (Kaspersky, 2022) la mayor respuesta a incidentes de clientes en Europa corresponde al 30,1%, Comunidad de Naciones de la CEI 24.7%, Oriente Medio 23,7%, y América Latina 15,5%. Según (Caldarulo et al, 2022;Inter American Development Bank (BID) & Organization of American States (OEA), 2020; Urueña López et al, 2019), el número de solicitudes de incidentes relacionados con la seguridad informática ha ido en aumento desde 2019 con 2.217, 2020 con 2.798 y 2021 con 3.948, que se clasifican entre "Alta" y "Muy alta" según su gravedad. Al respecto, (Sadri et al, 2022) menciona que los incidentes por ciberataques representan más del 1% del Producto Interno Bruto (PIB) del Perú.…”

Section: Introductionunclassified

Agente inteligente para la gestión de incidencias

Iparraguirre-Villanueva,

Obregon-Palomino,

Pujay-Iglesias

et al. 2023

risti

View full text Add to dashboard Cite

Un agente inteligente (AI) utiliza la inteligencia artificial (IA) para dialogar con los usuarios; las incidencias son interrupciones que surgen y que impiden a los usuarios hacer uso de las tecnologías de la información (TI); América Latina tiene un 15. 5% de las respuestas a incidencias de clientes. En Europa, cada año las incidencias de seguridad de TI se han visto incrementado desde 2019 en un 41%, las cuales se clasifican como de gravedad Alta y Muy Alta. El propósito de este estudio fue implementar un AI para mejorar la Gestión de Incidencias (GI), reducir el número de incidencias no resueltos, reducir el tiempo de resolución y aumentar la satisfacción de los usuarios. Para lograr este objetivo, se siguió un enfoque cuantitativo y un diseño preexperimental; se utilizó cuestionarios para el recojo de datos y, a continuación, todos los datos se sometieron a un análisis estadístico para validar la hipótesis. expertos verificaron la validez de los instrumentos, luego se obtuvo el índice de confiabilidad de los instrumentos utilizados. Además, se utilizó el marco de trabajo Scrum para el desarrollo de la solución inteligente. El logro de la implementación se obtuvo a través de la incorporación de diversas tecnologías como Dialogflow, Webhook, PostgreSQL; finalmente, se obtuvo un AI capaz de atender los incidentes reportados por los usuarios, asignando la tarea de manera automatizada. El desarrollo de este estudio permitió minimizar el número de incidencias no resueltas al día en un 14%; se redujo el tiempo de resolución de incidencias en un 63% y aumentó la satisfacción de los usuarios a "Satisfecho" al 43,3% y a "Muy Satisfecho" al 57,7%. Finalmente, se puede concluir que este trabajo proporciona una importante contribución para futuras implantaciones de diseños o desarrollos relacionados con la automatización de la GI mediante agentes inteligentes.

show abstract

Determinants of cyber-incidents among small and medium US cities

Cited by 12 publications

References 47 publications

Small Cities, Big Threats

Small Cities, Big Threats

Security Attack Behavioural Pattern Analysis for Critical Service Providers

Agente inteligente para la gestión de incidencias

Contact Info

Product

Resources

About