The Missing Case of Disinformation from the Cybersecurity Risk Continuum: A Comparative Assessment of Disinformation with Other Cyber Threats
2. Literary Background
2.1. Disinformation vs. Other Information Disorders
2.2. An Overview of Cyber Threats
2.3. The Importance and Implications of Classifying Cyber Threats
2.4. Classification Criteria
4. Results and Analyses
5.1. Disinformation, Phishing, Social Engineering
5.2. Disinformation and Web Application Attacks
5.3. Disinformation and Distributed Denial of Service (DDoS)
5.4. Disinformation, Malware, and Ransomware
5.5. Disinformation, Zero-Day Attacks, and New Generation Threats
6. Conclusions and Future Works
Institutional Review Board Statement
Informed Consent Statement
Conflicts of Interest
- McCorkindale, T. IPR Disinformation in Society Report; p. 23. 2019. Available online: https://instituteforpr.org/ipr-disinformation-study (accessed on 11 December 2021).
- Coble, S. Cybersecurity Community Concerned about Misinformation. Available online: https://www.infosecurity-magazine.com/news/us-concerned-about-misinformation (accessed on 10 December 2021).
- Wardle, C.; Derakshan, H. Information Disorder: Toward an Interdisciplinary Framework for Research and Policy Making; Council of Europe: Strasbourg, France, 2017. [Google Scholar]
- Jaiman, A. Disinformation Is a Cybersecurity Threat. The Startup. Available online: https://medium.com/swlh/disinformation-is-a-cybersecurity-threat-335681b15b48 (accessed on 12 December 2021).
- Pendell, K. LibGuides: Identify & Challenge Disinformation (aka Fake News): Examples. Portland State University. Available online: https://guides.library.pdx.edu/fakenews (accessed on 12 December 2021).
- CISA. COVID-19 Disinformation Activity. May 2020. Available online: https://www.cisa.gov/publication/covid-19-disinformation-activity (accessed on 12 December 2021).
- National Academies of Sciences, Engineering, and Medicine. Appendix A—Categorized List of Cybersecurity Threats. In Guidebook on Best Practices for Airport Cybersecurity; The National Academies Press: Washington, DC, USA, 2015. [Google Scholar] [CrossRef]
- Caramancion, K.M. An exploration of disinformation as a cybersecurity threat. In Proceedings of the 2020 3rd IEEE International Conference on Information and Computer Technologies (ICICT), San Jose, CA, USA, 9–12 March 2020; pp. 440–444. [Google Scholar]
- European Union Agency for Cybersecurity. ENISA Threat Landscape 2021: April 2020 to Mid July 2021; European Union Agency for Cybersecurity: Attiki, Greece, 2021. Available online: https://data.europa.eu/doi/10.2824/324797 (accessed on 13 March 2022).
- Joshua, H.-C. Stop talking about fake news! Inquiry 2019, 62, 1033–1065. [Google Scholar]
- Caramancion, K.M. Understanding the Impact of Contextual Clues in Misinformation Detection. In Proceedings of the 2020 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), Toronto, ON, Canada, 21–24 April 2021; pp. 1–6. [Google Scholar]
- Stahl, B.C. On the difference or equality of information, misinformation, and disinformation: A critical research perspective. Informing Sci. Int. J. Emerg. Transdiscipl. 2006, 9, 83–96. [Google Scholar] [CrossRef][Green Version]
- Howard, P.N.; Bradshaw, S. The global organization of social media disinformation campaigns. J. Int. Aff. 2019, 71, 23–32. [Google Scholar]
- Larry, C. Cyber-Risk Oversight, Director’s Handbook Series; Internet Security Alliance: Arlington, VA, USA, 2017; Available online: https://regents.universityofcalifornia.edu/regmeet/july18/b4attach1.pdf (accessed on 10 December 2021).
- Hill, J. The 4 Levels of Cybersecurity Readiness. (n.d.). Available online: https://www.business.att.com/learn/research-reports/the-4-levels-of-cybersecurity-readiness.html (accessed on 12 December 2021).
- NIST. Special Publication 800-30 Revision 1—Guide for Conducting Risk Assessments; NIST Special Publication: Gaithersburg, MD, USA, 2012.
- Ross, R.; Michael, M.; Janet, O. Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems; No. NIST Special Publication (SP) 800-160 (Withdrawn); National Institute of Standards and Technology: Gaithersburg, MD, USA, 2016.
- Brauch, H.G.; Úrsula, O.S.; Czeslaw, M.; John, G.; Patricia, K.-M.; Béchir, C.; Pál, D.; Joern, B. Coping with Global Environmental Change, Disasters and Security: Threats, Challenges, Vulnerabilities and Risks; Springer Science & Business Media: Berlin/Heidelberg, Germany, 2011; Volume 5. [Google Scholar]
- Sinanaj, G.; Zafar, H. Who wins in a data breach?—A comparative study on the intangible costs of data breach incidents. In Proceedings of the Pacific Asia Conference on Information Systems, PACIS 2016, Chiayi, Taiwan, 27 June–1 July 2016; p. 60. [Google Scholar]
- Taylor, T. How Reputational Damage from a Data Breach Affects Consumer Perception. Available online: https://www.securelink.com/blog/reputation-risks-how-cyberattacks-affect-consumer-perception (accessed on 10 December 2021).
- Tounsi, W.; Rais, H. A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Secur. 2018, 72, 212–233. [Google Scholar] [CrossRef]
- Verizon. Verizon: 2021 Data Breach Investigations Report; Computer Fraud & Security: New York, NY, USA, 2021. [Google Scholar] [CrossRef]
- Goel, S.; Shawky, H.A. Estimating the market impact of security breach announcements on firm values. Inf. Manag. 2019, 46, 404–410. [Google Scholar] [CrossRef]
- Goel, S.; Shawky, H.A. The impact of federal and state notification laws on security breach announcements. Commun. Assoc. Inf. Syst. 2014, 34, 1–3. [Google Scholar] [CrossRef]
- Rosati, P.; Cummins, M.; Deeney, P.; Gogolin, F.; van der Werff, L.; Lynn, T. The effect of data breach announcements beyond the stock price: Empirical evidence on market activity. Int. Rev. Financ. Anal. 2017, 49, 146–154. [Google Scholar] [CrossRef][Green Version]
- Thales; Verint. The CyberThreat Handbook. Available online: https://www.thalesgroup.com/en/group/journalist/press-release/cyberthreat-handbook-thales-and-verint-release-their-whos-who (accessed on 10 December 2021).
- Verizon. Data Breach Investigations Report. 2019G02G15. 2018. Available online: https://enterprise.verizon.com/resources/reGports/dbir (accessed on 10 December 2021).
- Verizon. Verizon Data Breach Investigations Report; Verizon: New York, NY, USA, 2020. [Google Scholar]
- Prasad, R.; Rohokale, V. Cyber Threats and Attack Overview. In Springer Series in Wireless Technology; Springer Science and Business Media LLC: Berlin/Heidelberg, Germany, 2019; pp. 15–31. [Google Scholar]
- Seemma, P.S.; Nandhini, S.; Sowmiya, M. Overview of cyber security. Int. J. Adv. Res. Comput. Commun. Eng. 2018, 7, 125–128. [Google Scholar]
- Jagatic, T.N.; Johnson, N.A.; Jakobsson, M.; Menczer, F. Social phishing. Commun. ACM 2007, 50, 94–100. [Google Scholar] [CrossRef]
- Krombholz, K.; Hobel, H.; Huber, M.; Weippl, E. Advanced social engineering attacks. J. Inf. Secur. Appl. 2015, 22, 113–122. [Google Scholar] [CrossRef]
- Jouini, M.; Rabai, L.B.A.; Ben Aissa, A. Classification of security threats in information systems. Procedia Comput. Sci. 2014, 32, 489–496. [Google Scholar] [CrossRef][Green Version]
- Alhabeeb, M.; Almuhaideb, A.; Le, P.D.; Srinivasan, B. Information security threats classification pyramid. In Proceedings of the 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops, Los Alamitos, CA, USA, 20–23 April 2010; pp. 208–213. [Google Scholar]
- Gerić, S.; Željko, H. Information system security threats classifications. J. Inf. Organ. Sci. 2007, 31, 51–61. [Google Scholar]
- Amer, S.H.; Hamilton, J.A., Jr. Intrusion detection systems (IDS) taxonomy—A short review. J. Softw. Technol. 2010, 13, 1–3. [Google Scholar]
- Simmons, C.; Charles, E.; Sajjan, S.; Dipankar, D.; Qishi, W. AVOIDIT: A cyber attack taxonomy. In Proceedings of the 9th Annual Symposium on Information Assurance, Kyoto, Japan, 4–6 June 2014; pp. 2–12. [Google Scholar]
- Al Hwaitat, A.K.; Almaiah, M.A.; Almomani, O.; Al-Zahrani, M.; Al-Sayed, R.M.; Asaifi, R.M.; Adhim, K.K.; Althunibat, A.; Alsaaidah, A. Improved security particle swarm optimization (pso) algorithm to detect radio jamming attacks in mobile networks. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 2020, 11, 614–624. [Google Scholar] [CrossRef]
- Fenz, S.; Andreas, E.; Thomas, N. Information security risk management: In which security solutions is it worth investing? Commun. Assoc. Inf. Syst. 2011, 28, 1–3. [Google Scholar] [CrossRef]
- Farahmand, F.; Shamkant, B.; Navathe, G.; Sharp, P.; Enslow, P.H. A management perspective on risk of security threats to information systems. Inf. Technol. Manag. 2005, 6, 203–225. [Google Scholar] [CrossRef]
- Nektaria, K.; Li, J. The ai-based cyber threat landscape: A survey. ACM Comput. Surv. (CSUR) 2020, 53, 1–34. [Google Scholar]
- Almaiah, M.A.; Al-Zahrani, A.; Almomani, O. Classification of cyber security threats on mobile devices and applications. In Artificial Intelligence and Blockchain for Future Cybersecurity Applications; Springer: Cham, Switzerland, 2021; pp. 107–123. [Google Scholar]
- Heartfield, R.; Loukas, G.; Budimir, S.; Bezemskij, A.; Fontaine, J.R.; Filippoupolitis, A.; Roesch, E. A taxonomy of cyber-physical threats and impact in the smart home. Comput. Secur. 2018, 78, 398–428. [Google Scholar] [CrossRef][Green Version]
- Tsakalidis, G.; Kostas, V. A systematic approach toward description and classification of cybercrime incidents. IEEE Trans. Syst. Man Cybern. Syst. 2017, 49, 710–729. [Google Scholar] [CrossRef]
- Kang, C. A Tweet to Kurt Eichenwald, a Strobe and a Seizure. Now, an Arrest. Available online: https://www.nytimes.com/2017/03/17/technology/social-media-attack-that-set-off-a-seizure-leads-to-an-arrest.html (accessed on 22 February 2022).
- Tomić, I.; McCann, J.A. A survey of potential security issues in existing wireless sensor network protocols. IEEE Internet Things J. 2017, 4, 1910–1923. [Google Scholar] [CrossRef]
- King, J.; Lakkaraju, K.; Slagell, A. A taxonomy and adversarial model for attacks against network log anonymization. In Proceedings of the 2009 ACM Symposium on Applied Computing, New York, NY, USA, 8–12 March 2009; pp. 1286–1293. [Google Scholar]
- National Association of Regulatory Utility Commissioner (NARUC). NARUC Cybersecurity Manual. 2021. Available online: https://www.naruc.org/cpi-1/critical-infrastructure-cybersecurity-and-resilience/cybersecurity/cybersecurity-glossary (accessed on 10 December 2021).
- Australian Cyber Security Centre (ACSC). Information Security Manual. 2021. Available online: https://www.cyber.gov.au/acsc/view-all-content/ism (accessed on 10 December 2021).
- Canadian Centre for Cybersecurity. An Introduction to the Cyberthreat Environment. 2021. Available online: https://cyber.gc.ca/en/guidance/introduction-cyber-threat-environment (accessed on 10 December 2021).
- Bristol Cyber Security Group. CyBOK: The Cyber Security Book of Knowledge v1.1. 2021. Available online: https://www.cybok.org (accessed on 10 December 2021).
- Federal Financial Institutions Examination Council. Information Security. 2021. Available online: https://www.ffiec.gov/press/PDF/FFIEC_IT_Handbook_Information_Security_Booklet.pdf (accessed on 10 December 2021).
- CISA. Cybersecurity Glossary. National Initiative for Cybersecurity Careers and Studies, n.d. Available online: https://niccs.cisa.gov/about-niccs/cybersecurity-glossary (accessed on 10 December 2021).
- CNSS. Committee on National Security Systems (CNSS) Glossary, n.d. Available online: https://rmf.org/wp-content/uploads/2017/10/CNSSI-4009.pdf (accessed on 10 December 2021).
- NIST. Guide for Conducting Risk Assessments—NIST, n.d. Available online: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf (accessed on 10 December 2021).
- United States Department of Homeland Security. DHS Lexicon Terms and Definitions, n.d. Available online: https://www.dhs.gov/sites/default/files/publications/18_0116_MGMT_DHS-Lexicon.pdf (accessed on 10 December 2021).
- SANS. Glossary of Security Terms. Glossary of Security Terms|SANS Institute, n.d. Available online: https://www.sans.org/security-resources/glossary-of-terms (accessed on 10 December 2021).
- ISACA. ISACA Interactive Glossary & Term Translations. ISACA, n.d. Available online: https://www.isaca.org/resources/glossary (accessed on 10 December 2021).
- IETF. RFC4949. Document Search and Retrieval Page, n.d. Available online: https://datatracker.ietf.org/doc/html/rfc4949 (accessed on 10 December 2021).
- Tjostheim, I.; Waterworth, J.A. Predicting personal susceptibility to phishing. In International Conference on Information Technology & Systems; Springer: Cham, Switzerland, 2020; pp. 564–575. [Google Scholar]
- Pennycook, G.; Adam, B.; Evan, T.C.; David, G.R. The implied truth effect: Attaching warnings to a subset of fake news headlines increases perceived accuracy of headlines without warnings. Manag. Sci. 2020, 66, 4944–4957. [Google Scholar] [CrossRef][Green Version]
- McAfee. What Is Malware and Why Do Cybercriminals Use Malware? 2021. Available online: https://www.mcafee.com/en-us/antivirus/malware.html (accessed on 10 December 2021).
- Piper, S. Definitive Guide™ to Next-Generation Threat Protection; CyberEdge Group, LLC: Annapolis, MD, USA, 2013. [Google Scholar]
- Choo, K.-K.R.; Smith, R.G.; McCusker, R. Future Directions in Technology-Enabled Crime: 2007–2009; Australian Institute of Criminology: Canberra, Australia, 2007.
|Threat Agent||Attack Vector||Target||Impact||Defense|
|Hansman and Hunt (2005)||0||0||0||0||1||1||1||0||0||0|
|Simmons et al., (2014)||0||0||0||0||1||1||1||1||1||1|
|Jouini et al., (2014)||1||1||1||1||0||0||1||0||0||0|
|Heartfield et al., (2018)||0||0||0||0||1||0||1||1||1||0|
|Tsakalidis and Vergidis (2019)||1||1||1||0||1||1||1||1||1||1|
|Humayun et al., (2020)||1||0||0||0||1||1||0||0||1||0|
|Almaiah et al., (2021)||0||1||1||1||1||1||1||0||0||0|
|Threat Agent||Actor||The agents that cause threats including human and technological agents; human agents can be at the individual level or entity level|
|Source||The origin of threat, either internal or external|
|Motivation||Whether the objective of threat actors is malicious or non-malicious|
|Goal||The objectives or the type of damage that the actor wants to achieve out of the cyberattack|
|Attack Vector||The path that attackers use to exploit the vulnerabilities of the target|
|Target||The attacked hosts within the attacked entity, sometimes known as security layers, including operating system, network, local computer, user, application, transport, network, data link, etc.|
|Impact||System||Negative impact on the target’s operations and information confidentiality, integrity, and availability.|
|Users||Negative impact on user assets, experience, socialization, and/or emotions, etc.|
|Defense||Mitigation||Procedures employed prior to vulnerability exploitation or during an attack to mitigate the negative impact|
|Remediation||Steps used by defenders to correct the situation prior to or during an exploitation|
|Source||Definition of Cyber Threat||Inclusion of|
|Enisa Thread Landscape|
|Incidents that are usually not restricted to one particular sector and in most cases affect more than one of them. This is indeed true since in many cases the threats manifest themselves by exploiting vulnerabilities in underlying ICT systems that are being used in a variety of sectors.||One record found|
|NARUC Cybersecurity Manual (2021) ||Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), resources, and other organizations through an I.T. and I.C.S. via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.||None found|
|The Australian Cyber Security Centre (ACSC)’s Information Security Manual (I.S.M.) (2021) ||Any circumstance or event with the potential to harm systems or data.||None found|
|Canadian Centre for|
Cybersecurity’s an Introduction to The Cyberthreat
Environment (2021) 
|An activity intended to compromise the security of an information system by altering the availability, integrity, or confidentiality of a system or the information it contains.||None found|
|CyBOK: The Cyber Security Body of Knowledge v1.1 (2021) ||An individual, event, or action that has the capability to exploit a vulnerability. Threats are also socio-technical and could include hackers, disgruntled or poorly trained employees, poorly designed software, a poorly articulated or understood operational process, etc. To give a concrete example that differentiates vulnerabilities from threats—a software interface has a vulnerability in that malicious input could cause the software to behave in an undesirable manner (e.g., delete tables from a database on the system), while the threat is an action or event that exploits the vulnerability (e.g., the hacker who introduces the malicious input to the system).||One record found|
|FFIEC Information Technology Examination Handbook Information Security (2021) ||An internal or external circumstance, event, action, occurrence, or person with the potential to exploit technology-based vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.||None found|
|Source||Definition of Cyber threat||Inclusion of|
|Cybersecurity and Infrastructure Security Agency (CISA) ||A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.||None found|
|Committee on National Security Systems (CNSS) ||Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.||None found|
|National Institute of Standards and Technology (NIST) ||Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.||None found|
|United States Department of Homeland Security ||Indication of potential harm to life, information, operations, the environment, and/or property may be a natural or human-created occurrence and includes capabilities, intentions, and attack methods of adversaries used to exploit circumstances or occurrences with the intent to cause harm.||None found|
|Escal Institute of Advanced Technologies (SANS Institute) ||A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.||None found|
|Information Systems Audit and Control Association (ISACA) ||Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm.||None found|
|Internet Engineering Task Force (IETF) ||A potential for violation of security, which exists when there is an entity, circumstance, capability, action, or event that could cause harm. Any circumstance or event with the potential to adversely affect a system through unauthorized access, destruction, disclosure, or modification of data, or denial of service.||None found|
|Threats||Threat Agent||Attack Vector||Target Layer(s) from OSI||Impact||Defense|
|Disinformation||States, adversarial networks||Internal or external||Radicalism, interference in elections, cyberwarfare||Shape public perception||Advertisements, web searches, social networking platforms||Application||Reputational and economic damage; systemic deception||Negative user psychological effects, social conflicts||Fake news detection, astroturf (bots) removal||Public awareness on proper user recognition of content legitimacy|
|Phishing||Nation-state attackers, criminal organizations||External||Financial gain, trade secrets, social and political reasons, a competitor’s loss of reputation||Impersonate victims and access important online accounts||Fake emails, fake SMS or instant messages, and fake websites that may look authentic||Application||Disruption of system operations;|
alter, damage, steal, or disrupt data
loss of money, intellectual property and customers;
heavy regulatory fines
|Security measures deployed by modern browsers (blacklists and visual indicators) that highlight the top-level domain of a URL;|
anti-phishing training; and public awareness campaigns that sensitize and teach users to spot phishing URLs
|Strong firewall and IPS protection on the network perimeter;|
strengthen password policies;
monitor all database access
|Social engineering||Largely nation-states, cybercriminals and criminal organizations,|
some hacktivists, or even individuals
|External (invaders) or internal (saboteurs)||Financial gain, trade secrets, social and political reasons, a competitor’s loss of reputation||Trick targets into divulging sensitive information or performing certain actions||Psychological manipulation of targeted individuals||Front-end users,|
|Disruptions of system operations; alter, damage, steal, or disrupt data||Loss of money and intellectual property; reputational damage||Train employees about password confidentiality and security protocols and enforce these protocols||Strong firewall and IPS protection on the network perimeter;|
strengthen password policies;
monitor all database access; top-down approach with security measures in case saboteurs could be from all privilege levels
|Web application attacks||Nation-states, cybercriminals||Internal||Disruption||Gain access to sensitive information, profit||Program alterations, unauthorized software code injections||Application, presentation, session||Can alter, damage, steal, or disrupt systems or data; lock access to or release system information or data||Steal personal information (i.e., financial or health); falsify or modify personal data; lock access to or release sensitive information to the public||Software updates; anomaly detection; software quality checks/assurance||Correction of compromised software components; backup versions rollback|
|Distributed denial of service (DDoS)||Nation-states, cybercriminals||External||Operational disruption||Impair systems||Overwhelming a target device, network, or web program/software with traffic||Network, transport||Network outage, operational disruption, financial loss||Lock out of networks/systems; productivity loss||Frequent network traffic monitoring; regular update of authorized traffic sources||Enforce access control lists; filter unauthorized traffic from networked attackers|
|Malware||Nation-states, cybercriminals||Internal or external||Ideology, profit||Gain access to sensitive information, damage systems or data||Viruses, worms, trojans; viruses are executable programs that insert codes into legitimate programs.Worms are self-replicating programs that spread in systems to drain their resources. Trojans are malicious programs disguised as legitimate software aimed at damaging a system.||Application, presentation, session||Can alter, damage, steal, or disrupt systems or data Lock access to or release system information or data||Steal personal information (i.e., financial or health); falsify or modify personal data; lock access to or release sensitive information to the public||Anomaly detection; misuse detection approach; host-based monitoring of system activities; network-based monitoring of traffic; machine learning security detection analysis; employee training||Update firewall and network intrusion detection system rules at local network access point; take down malware command and control infrastructure at internet service providers of top-level domain; perform attack attribution to identify culprits; machine learning–based detection approaches|
|Ransomware||Nation-states, cybercriminals||External||Ideology, profit||Extortion: block access to data or systems, or lock systems until ransom is paid||A Trojan or a worm is deployed via phishing or visiting a compromised website, where malicious software installs on a system or computer, causing that system or information to be encrypted. Upon encryption, a ransom message is displayed stating the deadline for monetary payment (often in bitcoin). Once paid, an encryption key is provided to unlock the system.||Application, presentation, session||Lock system until ransom is paid||Expose sensitive, personal, or embarrassing information unless ransom is paid||Anomaly detection; misuse detection approach; host-based monitoring of system activities; network-based monitoring of traffic; machine learning security detection analysis; employee training||Prepare recovery plan, protect privileged roles, incrementally remove risks|
|Advanced persistent threats (APTs)||Nation-states or state-sponsored groups||External||Malicious, geopolitical||Stay undetected to steal data||Spear phishing for initial network entry||Application||Disruption, data breach||Financial damage, data exfiltration||Malicious traffic detection, access control, user education||Threat intelligence|
|Polymorphic threats||Nation-states or state-sponsored groups||External||Geopolitical||Gain access to sensitive information, damage system or data||Social engineering or phishing||Application||Disruption||Financial damage||Behavior-based detection, user education||Behavior blocking and containment|
|Zero-day threats||Cyber criminals, hacktivists||Internal||Financial gain, ideology||Gain access to sensitive information||Unknown software vulnerability, social engineering, or phishing||Application||Disruption, data breach||Financial damage, identity theft||Traffic monitoring, malware detection, user education||Patch|
|Composite threats||Organizations, cyber criminals||External||Financial gain, disruption||Gain access to sensitive information, damage system or data||Social engineering or phishing||Multiple layers||Disruption, destruction||Data exfiltration||User education, intrusion prevention, continuous monitoring||Network behavior analysis|
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Caramancion, K.M.; Li, Y.; Dubois, E.; Jung, E.S. The Missing Case of Disinformation from the Cybersecurity Risk Continuum: A Comparative Assessment of Disinformation with Other Cyber Threats. Data 2022, 7, 49. https://doi.org/10.3390/data7040049
Caramancion KM, Li Y, Dubois E, Jung ES. The Missing Case of Disinformation from the Cybersecurity Risk Continuum: A Comparative Assessment of Disinformation with Other Cyber Threats. Data. 2022; 7(4):49. https://doi.org/10.3390/data7040049Chicago/Turabian Style
Caramancion, Kevin Matthe, Yueqi Li, Elisabeth Dubois, and Ellie Seoe Jung. 2022. "The Missing Case of Disinformation from the Cybersecurity Risk Continuum: A Comparative Assessment of Disinformation with Other Cyber Threats" Data 7, no. 4: 49. https://doi.org/10.3390/data7040049