Skip to main content
main-content
Top

About this book

This book is a means to diagnose, anticipate and address new cyber risks and vulnerabilities while building a secure digital environment inside and around businesses. It empowers decision makers to apply a human-centred vision and a behavioral approach to cyber security problems in order to detect risks and effectively communicate them.

The authors bring together leading experts in the field to build a step-by-step toolkit on how to embed human values into the design of safe human-cyber spaces in the new digital economy. They artfully translate cutting-edge behavioral science and artificial intelligence research into practical insights for business.

As well as providing executives, risk assessment analysts and practitioners with practical guidance on navigating cyber risks within their organizations, this book will help policy makers better understand the complexity of business decision-making in the digital age.

Step by step, Pogrebna and Skilton show you how to anticipate and diagnose new threats to your business from advanced and AI-driven cyber-attacks.

Table of Contents

Frontmatter

Chapter 1. Introduction

Abstract
This chapter lays the foundation for the issues discussed in the book. We consider topical problems related to the paradigm shift in understanding our personal physical and digital rights as well as in rethinking business security and safety to fit the contemporary landscape of the global digital economy. We argue that in the current digital age, where rapid advances of technology reshape our understanding of secure and safe spaces, existing tools are no longer sufficient to safeguard personal data and commercial secrets. A new human-centered approach is necessary to successfully anticipate and address cybersecurity risks.
Ganna Pogrebna, Mark Skilton

New Cyberthreats and Why We Should Worry about Them

Frontmatter

Chapter 2. Cybersecurity Threats: Past and Present

Abstract
In this chapter we present our topology of cyberthreats, which we call the Periodic Table of Cyberthreats. We provide a brief history of cyberthreats and cybercrimes, complementing our narrative with the real-world examples. We conclude that the majority of threats, observed today, have existed for decades and what we seem to encounter now are new versions of existing criminal methods. We also distinguish between cybersecurity threats, vulnerabilities, and risks and describe the links and dependencies between them.
Ganna Pogrebna, Mark Skilton

Chapter 3. A Sneak Peek into the Motivation of a Cybercriminal

Abstract
In this chapter we analyze the motivation of cybercriminals by systematizing empirical evidence from hackers’ direct speech. We conjecture that while the hackers of the past were primarily motivated by intellectual curiosity, at the beginning of the 21st century the goals of contemporary cybercriminals shifted toward obtaining financial benefits. We provide a comprehensive topology of cybercriminals as well as their business models. We also consider cybercriminal ecosystems and the way they function. Finally, we consider costs versus benefits of engaging into cybercriminal activity and look at factors which may discourage adversaries from committing unlawful acts.
Ganna Pogrebna, Mark Skilton

Chapter 4. Wake Up: You Are the Target!

Abstract
This chapter goes beyond the usual understanding of cyberthreats and considers how humans perceive these threats. We start by listing 5 major misconceptions, which often cloud people’s ability to adequately assess cyber risks. We also present our Psycho-technological Matrix of Cybersecurity Threats and conclude that social engineering is a necessary part for the success of the majority of cybercriminal activities. We then argue that humans are prone to making mistakes when they engage in judgments about security and safety online. By presenting new experimental evidence, we show that people often behave recklessly with regard to their personal data. We also discuss measurement and context-dependency issues, which make accurate assessment of cybersecurity risks difficult in practice.
Ganna Pogrebna, Mark Skilton

Existing Solutions and Cybersecurity for Business

Frontmatter

Chapter 5. Existing Solutions Summary

Abstract
In this chapter we discuss the way in which businesses currently address existing cybersecurity risks. Specifically, we distinguish between the Canvas approach (“patching with frameworks and architectures”), the Technology-driven approach (“patching with technology”) and the Human-centered approach (“patching with people”). We discuss the pros and cons of each approach and analyze their related tools and methods.
Ganna Pogrebna, Mark Skilton

Chapter 6. Cybersecurity Business Goals and Stories Around Them

Abstract
In this chapter we consider how business goals may interfer with and impact on the way in which cyberdefense systems are designed within organizations. We discuss major issues associated with the trade-off between business and security priorities. We then offer a practical guide explaining how business goals can be harmonized with cybersecurity tasks through our Cybersecurity Investment Prioritization methodology.
Ganna Pogrebna, Mark Skilton

Chapter 7. Communication, Communication, Communication

Abstract
In this chapter we analyze how information about threats, vulnerabilities, and risks in cyberspaces are communicated within and between businesses. We identify major problems and barriers in risk communication and consider information sharing failures in detail. We show how behavioral science methodology can help alleviate or even eliminate these problems and barriers.
Ganna Pogrebna, Mark Skilton

Future Threats and Solutions

Frontmatter

Chapter 8. Future Threats

Abstract
This chapter considers characteristics of cyberthreats which businesses are likely to face in the future from traditional phishing to quantum computing attacks. By drawing a parallel between creative industries and cybercrime, we analyze how cybersecurity threats, vulnerabilities, and risks will change in the near as well as in the distant future. Implications of these changes for business cyberdefense strategy are also discussed.
Ganna Pogrebna, Mark Skilton

Chapter 9. Future Solutions

Abstract
In this chapter, we explore how algorithmic behavioral science can contribute to the cybersecurity debate. We discuss possible cybersecurity solutions of the future and show that decision-theoretic modeling can help practitioners identify potential targets as well as attribute cybercrimes to adversaries. We also demonstrate how behavioral segmentation within organizations can help prevent cybercrimes by designing tailored training programs for staff and customers.
Ganna Pogrebna, Mark Skilton

Chapter 10. Social and Ethical Aspects

Abstract
Even though this book does not intend to concentrate on social and ethical aspects of cybersecurity, in this chapter we provide a brief overview of the cyber-ethical landscape and discuss most important and relevant issues, which may be of interest to businesses. We pay particular attention to the link between human culture, human values, and cyberdefense systems. We also discuss several topical aspects related to how social systems influence users’ propensity to become victims of cybercrime.
Ganna Pogrebna, Mark Skilton

Cybersecurity: The New Frontier

Frontmatter

Chapter 11. The Next-Generation Cybersecurity

Abstract
Uncertainty and ways in which businesses can reduce it in order to build efficient cyberdefense systems is the main focus of this chapter. We consider whether and to what extent existing risk-assessment and risk-management tools can be employed to detect contemporary cybersecurity risks. We conclude that current methodologies are not always adequate for measuring uncertainty associated with building and managing safe cyberspaces. As an alternative, we provide a practical toolkit, which allows to assess the impact of cyber risks on businesses via our Cybersecurity Business Canvas Risk Assessment Tool as well as measure those risks using an innovative Cybersecurity Risk Navigation Matrix.
Ganna Pogrebna, Mark Skilton

Chapter 12. Navigating a Safe Space

Abstract
This chapter summarizes views, opinions, and ideas of leading researchers and practitioners in cybersecurity, which they shared with our research team during the interviews. Based on these views, we suggest ways in which businesses can plan, build, and manage secure spaces in the digital domain. Recommendations are illustrated by examples and case studies.
Ganna Pogrebna, Mark Skilton

Chapter 13. The Twelve Principles of Safe Places

Abstract
In this chapter, we systematize best cyberdefense practices, which came out of our discussions with expert researchers and practitioners. These practices are conveniently partitioned into twelve principles of safe places. Potential benefits associated with applying each principle to business cybersecurity systems are discussed.
Ganna Pogrebna, Mark Skilton

Chapter 14. In Place of a Conclusion

Abstract
This chapter concludes with a general discussion. Trust and ways in which trust can be enhanced within organizations lie at the core of successful cybersecurity solutions. It is also clear that cyberdefense mechanisms of the future should take into account both technical and behavioral aspects, as well as embrace principles of multi-layered security.
Ganna Pogrebna, Mark Skilton

Backmatter

Additional information

Premium Partner

    Image Credits