Next Article in Journal / Special Issue
New Semi-Prime Factorization and Application in Large RSA Key Attacks
Previous Article in Journal
CyBERT: Cybersecurity Claim Classification by Fine-Tuning the BERT Language Model
Previous Article in Special Issue
Clone Node Detection Attacks and Mitigation Mechanisms in Static Wireless Sensor Networks
 
 
Review

Insights into Organizational Security Readiness: Lessons Learned from Cyber-Attack Case Studies

Department of Information Systems, College of Engineering and Information Technology, University of Maryland, Baltimore, MD 21250, USA
*
Authors to whom correspondence should be addressed.
Academic Editor: Nour Moustafa
J. Cybersecur. Priv. 2021, 1(4), 638-659; https://doi.org/10.3390/jcp1040032
Received: 5 August 2021 / Revised: 14 October 2021 / Accepted: 25 October 2021 / Published: 11 November 2021
This paper focuses on understanding the characteristics of multiple types of cyber-attacks through a comprehensive evaluation of case studies of real-world cyber-attacks. For each type of attack, we identify and link the attack type to the characteristics of that attack and the factors leading up to the attack, as observed from the review of case studies for that type of attack. We explored both the quantitative and qualitative characteristics for the types of attacks, including the type of industry, the financial intensity of the attack, non-financial intensity impacts, the number of impacted customers, and the impact on users’ trust and loyalty. In addition, we investigated the key factors leading up to an attack, including the human behavioral aspects; the organizational–cultural factors at play; the security policies adapted; the technology adoption and investment by the business; the training and awareness of all stakeholders, including users, customers and employees; and the investments in cybersecurity. In our study, we also analyzed how these factors are related to each other by evaluating the co-occurrence and linkage of factors to form graphs of connected frequent rules seen across the case studies. This study aims to help organizations take a proactive approach to the study of relevant cyber threats and aims to educate organizations to become more knowledgeable through lessons learned from other organizations experiencing cyber-attacks. Our findings indicate that the human behavioral aspects leading up to attacks are the weakest link in the successful prevention of cyber threats. We focus on human factors and discuss mitigation strategies. View Full-Text
Keywords: types of cyber-attacks; human factors in cyber threats; case studies; advanced persistent threat (APT); Association Rule Mining (ARM); organizational security readiness; lessons learned types of cyber-attacks; human factors in cyber threats; case studies; advanced persistent threat (APT); Association Rule Mining (ARM); organizational security readiness; lessons learned
Show Figures

Figure 1

MDPI and ACS Style

Quader, F.; Janeja, V.P. Insights into Organizational Security Readiness: Lessons Learned from Cyber-Attack Case Studies. J. Cybersecur. Priv. 2021, 1, 638-659. https://doi.org/10.3390/jcp1040032

AMA Style

Quader F, Janeja VP. Insights into Organizational Security Readiness: Lessons Learned from Cyber-Attack Case Studies. Journal of Cybersecurity and Privacy. 2021; 1(4):638-659. https://doi.org/10.3390/jcp1040032

Chicago/Turabian Style

Quader, Faisal, and Vandana P. Janeja. 2021. "Insights into Organizational Security Readiness: Lessons Learned from Cyber-Attack Case Studies" Journal of Cybersecurity and Privacy 1, no. 4: 638-659. https://doi.org/10.3390/jcp1040032

Find Other Styles

Article Access Map by Country/Region

1
Back to TopTop