The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence

Kweon, Eunkyung; Lee, Hansol; Chai, Sangmi; Yoo, Kyeongwon

doi:10.1007/s10796-019-09977-z

Cited by 55 publications

(24 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As noted in Figure 2 , the topic of cybersecurity in confluence with organisational awareness and training is a necessity. It is also evident that the frequency of such articles becoming published is gradually increasing year over year, even in the short span of six months in 2021 [ 3 , 7 , 17 , 22 , 23 , 24 , 26 , 34 , 38 , 39 , 40 , 41 ]. The total number of articles in this domain is already almost half the number of published articles from last year, and more than 75% of the articles from 2019.…”

Section: Resultsmentioning

confidence: 99%

“…In this section, we present a summary analysis of the key aspects being addressed in the literature that relate to the impact of “social engineering” attacks launched against healthcare professionals. The publications are classified into three main categories, namely (i) training and awareness activities on social engineering attacks (e.g., phishing) [ 8 , 9 , 10 , 11 , 12 , 13 , 14 , 15 , 16 , 17 ]; (ii) activities related to promoting general awareness on information security against cyber attacks [ 18 , 19 , 20 , 21 , 22 , 23 ]; and (iii) best practice recommendations adopted in promoting cyber hygiene from other industrial sectors [ 24 , 25 , 26 , 27 , 28 , 66 ].…”

Section: Resultsmentioning

confidence: 99%

“…Following the increasing number of articles being published, addressing the role of humans in the loop for enhancing the cybersecurity since 2016 [ 8 , 9 , 10 , 11 , 12 , 13 , 14 , 15 , 16 , 17 , 18 , 19 , 20 , 21 , 22 , 23 , 24 , 25 , 26 , 27 , 28 ], there is a need to consolidate the research findings. The main objective of this systematic review is to review the literature to gather evidence from organisational case studies, author observations and scientific developments in cybersecurity to identify the role of including humans in the loop for strengthening cyber defence within the healthcare industry.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Nifakos

Chandramouli

Nikolaou

et al. 2021

Sensors

126

View full text Add to dashboard Cite

Background: Cybersecurity is increasingly becoming a prominent concern among healthcare providers in adopting digital technologies for improving the quality of care delivered to patients. The recent reports on cyber attacks, such as ransomware and WannaCry, have brought to life the destructive nature of such attacks upon healthcare. In complement to cyberattacks, which have been targeted against the vulnerabilities of information technology (IT) infrastructures, a new form of cyber attack aims to exploit human vulnerabilities; such attacks are categorised as social engineering attacks. Following an increase in the frequency and ingenuity of attacks launched against hospitals and clinical environments with the intention of causing service disruption, there is a strong need to study the level of awareness programmes and training activities offered to the staff by healthcare organisations. Objective: The objective of this systematic review is to identify commonly encountered factors that cybersecurity postures of a healthcare organisation, resulting from the ignorance of cyber threat to healthcare. The systematic review aims to consolidate the current literature being reported upon human behaviour resulting in security gaps that mitigate the cyber defence strategy adopted by healthcare organisations. Additionally, the paper also reviews the organisational risk assessment methodology implemented and the policies being adopted to strengthen cybersecurity. Methods: The topic of cybersecurity within healthcare and the clinical environment has attracted the interest of several researchers, resulting in a broad range of literature. The inclusion criteria for the articles in the review stem from the scope of the five research questions identified. To this end, we conducted seven search queries across three repositories, namely (i) PubMed®/MED-LINE; (ii) Cumulative Index to Nursing and Allied Health Literature (CINAHL); and (iii) Web of Science (WoS), using key words related to cybersecurity awareness, training, organisation risk assessment methodologies, policies and recommendations adopted as counter measures within health care. These were restricted to around the last 12 years. Results: A total of 70 articles were selected to be included in the review, which addresses the complexity of cybersecurity measures adopted within the healthcare and clinical environments. The articles included in the review highlight the evolving nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks launched with the intent of exploiting human vulnerability. A steady increase in the literature on the threat of phishing attacks evidences the growing threat of social engineering attacks. As a countermeasure, through the review, we identified articles that provide methodologies resulting from case studies to promote cybersecurity awareness among stakeholders. The articles included highlight the need to adopt cyber hygiene practices among healthcare professionals while accessing social media platforms, which forms an ideal test bed for the attackers to gain insight into the life of healthcare professionals. Additionally, the review also includes articles that present strategies adopted by healthcare organisations in countering the impact of social engineering attacks. The evaluation of the cybersecurity risk assessment of an organisation is another key area of study reported in the literature that recommends the organisation of European and international standards in countering social engineering attacks. Lastly, the review includes articles reporting on national case studies with an overview of the economic and societal impact of service disruptions encountered due to cyberattacks. Discussion: One of the limitations of the review is the subjective ranking of the authors associated to the relevance of literature to each of the research questions identified. We also acknowledge the limited amount of literature that focuses on human factors of cybersecurity in health care in general; therefore, the search queries were formulated using well-established cybersecurity related topics categorised according to the threats, risk assessment and organisational strategies reported in the literature.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Nifakos

Chandramouli

Nikolaou

et al. 2021

Sensors

126

View full text Add to dashboard Cite

show abstract

“…Furthermore, many employees fail to comply with their organizations' information security policies (Li et al , 2019). This lack of compliance can lead to more security and data breaches, even as it underscores the ineffectiveness of many CSAT programs (Kweon et al , 2019). Hence, a good CSAT program must be designed in such a way that it not only improves employees' knowledge but also motivates them to develop compliant behaviors.…”

Section: Introductionmentioning

confidence: 99%

Cybersecurity awareness training programs: a cost–benefit analysis framework

Zhang

et al. 2021

IMDS

View full text Add to dashboard Cite

PurposeEmployees must receive proper cybersecurity training so that they can recognize the threats to their organizations and take the appropriate actions to reduce cyber risks. However, many cybersecurity awareness training (CSAT) programs fall short due to their misaligned training focuses.Design/methodology/approachTo help organizations develop effective CSAT programs, we have developed a theoretical framework for conducting a cost–benefit analysis of those CSAT programs. We differentiate them into three types of CSAT programs (constant, complementary and compensatory) by their costs and into four types of CSAT programs (negligible, consistent, increasing and diminishing) by their benefits. Also, we investigate the impact of CSAT programs with different costs and the benefits on a company's optimal degree of security.FindingsOur findings indicate that the benefit of a CSAT program with different types of cost plays a disparate role in keeping, upgrading or lowering a company's existing security level. Ideally, a CSAT program should spend more of its expenses on training employees to deal with the security threats at a lower security level and to reduce more losses at a higher security level.Originality/valueOur model serves as a benchmark that will help organizations allocate resources toward the development of successful CSAT programs.

show abstract

“…To identify the assets related to the system, system functions were first had identified [32][33][34][35][36][37][38]. The scope of the risk assessment was the company's booking system, represented by an application that provides reservation and ticketing services to various transport sectors through the company's digital channels (see Table IV).…”

Section: ) Asset Identificationmentioning

confidence: 99%

Assessing and Proposing Countermeasures for Cyber-Security Attacks

Alzahrani¹

2022

IJACSA

View full text Add to dashboard Cite

Cyber-attacks on IT domain infrastructure directly affect the security of businesses' operational processes, potentially leading to system failure. Some industries have a high risk than others due to the sensitivity of their data, including the transportation industry, which has recently moved from traditional data management to digitalization. This study aims to identify the main cyber threats in the transportation sector by analyzing related works and highlighting the main countermeasures used to respond to such threats as well as enhance overall cybersecurity. This paper presents a comprehensive cybersecurity risk assessment for the transportation companies, identifying the most common attacks and proposing methods to minimize risk as much as possible. A risk assessment analysis was prepared by industry experts that included previous cyberattack scenarios. The results of our paper identified the most critical attacks on the transportation company's booking system and recommended suitable countermeasures to minimize the risk of those attacks.

show abstract

The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence

Cited by 55 publications

References 44 publications

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Cybersecurity awareness training programs: a cost–benefit analysis framework

Assessing and Proposing Countermeasures for Cyber-Security Attacks

Contact Info

Product

Resources

About