Analyzing the Effect of IT Decision-Making on Cybersecurity Breaches in Higher Education

 Analyzing the Effect of IT Decision-Making on Cybersecurity Breaches in Higher Education  

Lawrence J. Awuah, PhD

Abstract: The recent and current data breaches and cyberattacks continue to spike at an alarming rate, which in most cases can be consequential if proactive measures are not taken. Unfortunately, taking a closer look at most of those breaches and/or cyberattacks indicates that risk-based and event-based decision-making could have intended or unintended impacts on potential threats and the level of mitigated effort implemented. In this view, the lack of centralized IT governance, particularly in Higher Ed institutions, over the years, has witnessed frequent breaches associated with rising security incidents. It has therefore become critically important that IT and cybersecurity executives do well to balance IT uptime with data protection requirements while adhering to security policy enforcement.

Liu, C. W., Huang, P., & Lucas Jr, H. C. (2020). Centralized IT decision making and cybersecurity breaches: Evidence from US higher education institutions. Journal of Management Information Systems37(3), 758-787.

Summary: “Despite the consensus that information security should become an important consideration in information technology (IT) governance rather than the sole responsibility of the IT department, important IT governance decisions are often made on the basis of fulfilling business needs with a minimal amount of attention paid to their implications for information security. We study how an important IT governance mechanism—the degree of centralized decision making—affects the likelihood of cybersecurity breaches. Examining a sample of 504 U.S. higher-education institutions over a four-year period, we find that a university with centralized IT governance is associated with fewer breaches. Interestingly, the effect of centralized IT governance is contingent on the heterogeneity of a university’s computing environment: Universities with more heterogeneous IT infrastructure benefit more from centralized IT decision making. In addition, we find the relationship between centralized governance and cybersecurity breaches is most pronounced in public universities and those with more intensive research activities. Collectively, these findings highlight the tradeoff between granting autonomy and flexibility in the use of information systems and enforcing standardized, organization-wide security protocols.” 

Keywords: Risk management, risk assessment, IT security; IT governance; cybersecurity breach; centralized decision making; cybersecurity analytics; security operations 

Recent high-profile security breaches, notably those involving much-publicized and large-scale breaches and ransomware attacks on Colonial Pipeline, Facebook data breach, Kaseya Ransomware attack, and Sony Pictures have attracted scrutiny as to how the seemingly flawed decisions of employees or IT leadership can have major cybersecurity implications. Additionally, the recent and current data breaches and cyberattacks continue to spike at an alarming rate with associated consequential impacts. A closer examination of most of those breaches indicates that risk-based and event-based decision-making could have intended or unintended impacts on potential threats and the level of mitigated effort implemented. With cyberattacks becoming more widespread and more sophisticated than ever before, due care and due diligence should consistently be the focal point of IT executives. By the third quarter of 2022, [8] indicated a total of 112 publicly disclosed security incidents were identified, resulting in over 97 million compromised records. This finding represents an increase of approximately 11% in security incidents compared to the previous year. In their study, Liu et al. [1] found that academic institutions with centralized IT governance record fewer security breaches. This claim was in part attributed to the fact that those institutions with distributed IT infrastructure benefit more from centralized IT decision-making than those who do not. This assertion suggests that lack of centralized IT governance, whether in the corporate establishments or in Higher Ed institutions, can lead to frequent breaches associated as a result of rising security incidents. As well, several studies have examined financial loss, legal implications, and moral obligations involving data breaches and their impact on organizations, data owners, and victims [1]-[6], [8]. It is therefore incumbent on IT and cybersecurity leadership to do more to balance IT functionality and uptime with data protection needs while instituting security policy enforcement. This practice can make cybersecurity a business enabler to minimize risks while maximizing revenue for continued business growth.

On the other side of the spectrum, IT governance and decision-making are contingent on human factors. Human error has been known to be the main cause of most cyber security breaches; indeed, humans are the weakest link in the security chain [12]. For this reason, cybersecurity leadership cannot ignore security awareness training programs. The executives should be mindful of the fact that humans form a significant factor contributing to data breaches. This awareness can augment the centralized IT decision-making in confronting cybersecurity breaches in Higher Ed institutions in particular and the industry in general. According to [11], security awareness training programs are educational in nature that equip employees with tools to identify, mitigate, and report such attacks crafted by social engineering techniques. One of the biggest risks to an organization’s IT security is often not a weakness in the technology control environment per se; rather it is the action or inaction by employees and other personnel that can lead to security incidents. For example, employee noncompliance related to IT security policies continues to raise eyebrows for most organizations today. In other words, considering the variety of IS security policy compliance strategies in place, security awareness training [9], [10]-[11] forms a crucial part of the war on cyber threats. Evidently, despite widespread awareness of risks, significant investments in cybersecurity protection, and substantial economic incentives to avoid security breaches, organizations remain vulnerable to phishing attacks [2].

 

Furthermore, several studies [4]-[6] suggest that while cybersecurity is usually treated as a technology problem, most data breaches are the result of human error. By identifying the social behavior indicators, along with the rationales behind the decision-making process, the development of cybersecurity architecture can be improved. This aligns with the assertion by Liu et al. [1] that that adopting a centralized IT unit with a better understanding of the overall IT architecture can better equip the executives in managing risks even in a sophisticated IT environment. This is particularly important to the average cybersecurity team who could possibly make reactive decisions in addressing reported breaches. In any case, the human factor needs to be an integral part of every IT implementation when reducing and protecting against information security risks accompanying the development, architecture, and maintenance of an IT system [5]. In other words, discussing IT security problems must factor in policies, behavior, and user compliance requirements [6].

Over the past few years, [1] noted that the management of information security has gained significant research interests in the research community, as well as expert interests in the field. Typically, risk-based decision-making is reflective of strategic investments by virtue of the desire for detection, prevention, and response plans. These three parameters need to be balanced for optimum gains. Additionally, the importance of good management practices in protecting organizational assets and enforcement policies in checking employee security behaviors in organizations has also been recognized [5]-[6], [9]-[10]. One typical example is law enforcement, which can play a key role in this effort. Hui et al. estimated the impact of enforcing the Convention on Cybercrime (COC) on the desire to deter and reduce distributed denial of service (DDOS) attacks, for example [7]. The authors noted that directly observing attacker behavior can impact deterrence to complement law enforcement and leadership actions. Overall, making well-informed decisions regarding the value and benefits of secure IT implementations in the organization is great if cybersecurity is considered a business enabler. For instance, proactive investment strategies should be adopted to help minimize risks to the organization and maximize return on investment (ROI) from the perspective of understanding cybersecurity as a business enabler.

Moreover, there are other factors that make the role of IT and information security leadership an important ingredient in ensuring a substantial security posture. In some literature, there have been constant calls for IT executives to improve security operations capabilities with the aim of identifying and confronting cyberattacks using applicable incident response techniques as presented by [3]. For example, by automating security controls and policies, the security operations teams can operationalize cyber response best practices with the right guidance. In another study, strict security policies surrounding Bring Your Own Device (BYOD) computing environment in organizations were studied. Thus, complying with BYOD security policies is necessary within organizations to address the factors that lead to the desired security behavior [4]. As mentioned earlier, [1], [5] examined the implications of IT decision-making on the effect of information security management on the protection of assets and critical data. In their justification, the authors developed and tested hypotheses considering how centralized and strategic IT decision-making affect the value of information security over a certain period.

 

Key Takeaways

IT/Cybersecurity executives in academic institutions must consider doing the following:

  1. Endeavor to put safeguards in place including security controls, policies, security awareness programs, disaster recovery plans (DRP)/ business continuity plans (BCP) and others.
  2. Focus on embracing strategic goals in line with cybersecurity as a business enabler in terms of risk reduction, cost-effectiveness, and resource optimization targeted at high ROI.
  3. Understand the threat landscape, assess cybersecurity maturity, improve cybersecurity program, and document short- and long-term cybersecurity strategy.
  4. Balanced prevention techniques, response strategies, and detection capabilities with actionable intelligence.

In a nutshell, the theoretical development and empirical analyses yielded two important findings about the adoption of centralized IT governance in the enterprise. The main goal is that this practice tends to minimize cybersecurity breaches, especially when an academic institution has a heterogeneous IT environment in place. In these days of escalating attempts to breach information systems everywhere at any time, it is imperative that senior executives—including CISO, CIO, CFO, CRO, and CEO—consider the impact of IT governance decisions on their cybersecurity maturity and the value it brings to the organization. Therefore, the quest for reinventing cybersecurity solutions must be a continuous focus to bolsters cybersecurity infrastructure with appreciable visibility and the need to gravitate toward broader security strategies for added benefits to the organization.

Full article: Centralized IT Decision Making and Cybersecurity Breaches (Harvard)

References:

[1] Liu, C., Huang, P., & Lucas, H., C. (2020). Centralized Information Technology Decision Making and Cybersecurity Breaches: Evidence from U.S. Higher Education Institutions. Journal Of Management Information Systems, 37(3), 758–787. [2] Wright, R., Johnson, S. L., & Kitchens, B. (2022). Phishing Susceptibility in Context: A Multi-level Information Processing Perspective on Deception Detection. Wright, RT, Johnson, SL, Kitchens, B.” Phishing Susceptibility in Context: A Multi-level Information Processing Perspective on Deception Detection” MIS Quarterly.

[3] Kinyua, J. & Awuah, L. (2021). AI/ML in Security Orchestration, Automation and Response: Future Research Directions. Intelligent Automation & Soft Computing, 28(2), 527–545. DOI:10.32604/iasc.2021.016240

[4] Palanisamy, R., Norman, A. A., & Kiah, M. L. M. (2020). Compliance with Bring Your Own Device security policies in organizations: A systematic literature review. Computers & Security, 98, 101998.

[5] Bhaharin, S., H., Sulaiman, R., Mokhtar, U., A., & Yusof, M., M., (2019). Issues and Trends in Information Security Policy Compliance. 2019 6th International Conference on Research and Innovation in Information Systems (ICRIIS). DOI: 10.1109/ICRIIS48246.2019.9073645

[6] Angraini, A., & Okfalisa, R. Y. (2019). Information security policy compliance: Systematic literature review. Procedia Computer Science, 161, 1216-1224.

[7] Hui, K. L., Kim, S. H., & Wang, Q. H. (2017). Cybercrime deterrence and international legislation: Evidence from distributed denial of service attacks. Mis Quarterly, 41(2), 497.

[8] Irwin, L. (2022, September 1). List of Data Breaches and Cyber Attacks in August 2022–97 Million Records Breached. IT Governance[9] Puhakainen, P., & Siponen, M. (2010). Improving Employees’ Compliance Through Information Systems Security Training: An Action Research Study. MIS Quarterly 34(4), 757-778.

[10] Richet, J. L. (2012). How to Become a Black Hat Hacker? An Exploratory Study of Barriers to Entry Into Cybercrime. In AIM.

[11] Solomon, A., Michaelshvili, M., Bitton, R., Shapira, B., Rokach, L., Puzis, R., & Shabtai, A. (2022). Contextual security awareness: A context-based approach for assessing the security awareness of users. Knowledge-Based Systems246, 108709.

 [12] Richet, J. L. (2022). How cybercriminal communities grow and change: An investigation of ad-fraud communities. Technological Forecasting and Social Change, 174, 121282.

Employing Detection Techniques to Confront the Rapid Spread of Fake News

 Employing Detection Techniques to Confront the Rapid Spread of Fake News 

Lawrence J. Awuah, PhD

Abstract: Today, the use of social networks such as Facebook, Twitter, and Instagram has become a key part of continuous human engagement in the sense that these platforms are available for users to share personal messages, pictures, videos, and other forms of multimedia. However, these changing trends have become catalysts for creating misleading activities including misinformation, disinformation, and fake news. For example, the spread of false news on social media has adversely impacted mainstream news media, politics, public trust, and healthcare needs. Therefore, the desire to confront the spread of misinformation, disinformation, and false or misleading news remains a challenge for these social media platforms, policymakers, and law enforcement agencies. Several solutions have been suggested by the research community such as the application of machine intelligence, crowd technologies, and social media ranking algorithms with the aim of addressing this ever-evolving infodemic menace.

Wei, X., Zhang, Z., Zhang, M., Chen, W., & Zeng, D. D. (2021). Combining Crowd and Machine Intelligence to Detect False News on Social Media. MIS Quarterly.

 Summary: “The explosive spread of false news on social media has severely affected many areas such as news ecosystems, politics, economics, and public trust, especially amid the COVID-19 infodemic. Machine intelligence has met with limited success in detecting and curbing false news. Human knowledge and intelligence hold great potential to complement machine-based methods. Yet they are largely underexplored in current false news detection research, especially in terms of how to efficiently utilize such information. We observe that the crowd contributes to the challenging task of assessing the veracity of news by posting responses or reporting. We propose combining these two types of scalable crowd judgments with machine intelligence to tackle the false news crisis. Specifically, we design a novel framework called CAND, which first extracts relevant human and machine judgments from data sources including news features and scalable crowd intelligence. The extracted information is then aggregated by an unsupervised Bayesian aggregation model. Evaluation based on Weibo and Twitter datasets demonstrates the effectiveness of crowd intelligence and the superior performance of the proposed framework in comparison with the benchmark methods. The results also generate many valuable insights, such as the complementary value of human and machine intelligence, the possibility of using human intelligence for early detection, and the robustness of our approach to intentional manipulation. This research significantly contributes to relevant literature on false news detection and crowd intelligence. In practice, our proposed framework serves as a feasible and effective approach for false news detection.” 

Keywords: Crowd intelligence, collective intelligence, crowdsourcing, misinformation, fake news, social media analytics, machine learning, and deep learning.

With the rapid growth of social media, the ease of access, sharing, and transfer of information by numerous users on various platforms have in part necessitated the rapid spread of misinformation and disinformation in all spheres of our life. Misleading information has been known to negatively impact our social lives, financial situations, and even political affiliations around the world. Today, the use of social media has become a key part of continuous human engagement in the sense that these platforms are available for users to share personal messages, pictures, videos, and other forms of multimedia. However, these changing trends have become catalysts for creating misleading activities including misinformation and disinformation such as fake news that can quickly spread through social networks. Therefore, the desire to confront the spread of false or misleading news remains a challenge for these social media platforms, policymakers, and law enforcement agencies. In other words, detecting and combating fake news has become imperative in today’s world. Consequently, several solutions have been proposed by the research community and professionals in the field including the application of machine intelligence, crowd technologies, and social media ranking algorithms to confront this infodemic menace.

According to Wei et al. [1], while human knowledge and machine intelligence have great potential to complement machine-based strategies in this direction, both of these entities still exhibit limited success in detecting and thwarting false news permeating through social media. The authors were of the view that crowd contributes to the challenging task of assessing the veracity of news and proposed combining the capabilities of crowd judgments with machine intelligence to tackle persistent false news. The research generated valuable insights based on synergy savings involving crowd techniques, and human and machine intelligence, which not only be useful for early detection but also for the intentional manipulation of information. Additionally, a recent stream of developments suggests that the proliferation of social media platforms promotes the prevalence of false news from generation to consumption of information with consequential effects on individuals and organizations in particular and society in general [1] – [4]. The authors of this baseline paper were able to achieve this in several folds. First, they surveyed several streams of relevant literature that serves as the theoretical foundations of their work. Second, they summarize existing studies about false news detection on social media. Third, they reviewed false news studies that are related to crowd intelligence. This approach was the basis of their proposed framework designed to aggregate the extracted judgments.

Even though social media platforms and tech giants such as Facebook, Amazon, Google, and others have started taking action to address the false news epidemic, they seem to lag behind the alarming and continuous spread of misinformation. In addition, the research community has also devoted much effort to address the prevalence of false news based on two types of data sources including news content and social context [1]. According to this baseline research, the authors acknowledged other major challenges noting that in real-world applications, the number of responses and reports usually increases daily while in the development of false news events, debunking information often happens at a later stage [1]. The fake news (i.e. infodemic), propagated by social media and other mobile message-sharing platforms, has progressed from causing a nuisance to seriously impacting law and order through deliberate and large-scale manipulation of public sentiments [4,14].  A typical example is a COVID-19 pandemic. The global uncertainty due to the pandemic has manifested in a breeding ground for fake news resulting in widespread panic and hindering the efforts of governments around the world to disseminate credible information to their citizens [4]. What makes the spread of false news terrifying is its distinctive characteristic of information sharing as a result of many of the users of social media hastily sharing every piece of news content they come across regardless of its source [7].

In the recent past, several studies [1] – [4], [8] – [14] have used machine intelligence related methods to detect false news and other forms of misinformation via various means such as in social media news articles crowd intelligence, and surveys. For example, one study noted that fake news has shown adverse effects of propagation on social media, and to mitigate these effects, it is required to detect fake news at an early stage when limited information about the news is available [13]. On another note, information sharing is the most important thing among human beings; however, the shared information needs to be authentic and realistic [6]. As well, it is a fact that the ability to distinguish truth from fake is a knowledge that people acquire through experience and age [7]. Furthermore, the proposed framework is a demonstration of the complementary value of human and machine intelligence in aiding false news detection, which could also be attributed to the broader literature on hybrid human-machine intelligence and other crowd intelligence applications [1]. The authors revealed that their research has several practical implications and actionable insights for relevant stakeholders.  For social media platforms, the proposed CAND framework serves as a feasible and effective approach for false news detection on social media platforms. They believe that the practical implications translate into cost-effective measures, which can save social media platforms millions of dollars invested to thwart the spread of false news.

Other researchers have proposed state-of-the-art solutions to address the false news menace. In one paper, Chon and Kim proposed another excellent way to optimize social media analytics to manage crises by using the framework of attribution theory to analyze a bunch of tweets [2]. The authors indicated that social media analytics is a valid tool to monitor how the spread of COVID-19 evolved from an issue to a crisis. Others presented a novel collection of news articles originating from fake and real news media sources for the analysis and prediction of news virality [3]. Unlike existing fake news datasets, which contain news articles, the authors’ article collection is supported by a Facebook engagement count. Yet, Gupta et al. [4] presented a survey on combating fake news and evaluates the challenges involved in its detection with the help of existing detection mechanisms and techniques to control its spread. Additionally, Sharma et al, discussed existing methods and techniques applicable to both identification and mitigation, with a focus on the significant advances in each method and their advantages and limitations [14]. Further, in one study, an ensemble classifier was developed for detecting fake news with better accuracy results using the LIAR dataset [6]. In their study, Mladenova and Valova examined the ability to detect fake news and clickbait in the use of social networks [7]. To help understand the current state of affairs, Hu et al, conducted a survey to review and analyze existing deep learning-based fake news detection methods that focus on various features such as news content, social context, and external knowledge [8]. Furthermore, to address the data scarcity problems, one study proposed an automated approach for labeling data using verified fact-checked statements on a Twitter dataset [9]. Li et al. [10] and Chen [11] described the concept of crowd intelligence and explain its relationship to crowdsourcing and human computation. The authors also introduced four categories of representative crowd intelligence platforms as a solution [10]. Despite these research studies, misinformation campaigns, with the spread of false news, can also divert users’ attention from serious problems that need urgent attention.

In the final analysis, increased global access to emerging technologies and accompanying devices with the prevalence of social media has led to the exponential growth of information thereby creating an infodemic. In other words, we have a situation where a lot of information is being produced and shared in every corner of the world, thus reaching billions of users at once. the authors revealed that their research has several practical implications and actionable insights for relevant stakeholders. The information age enables people to obtain news online through various channels, yet in the meanwhile making false news spread at unprecedented speed and has detrimental effects on social stability and public trust [8]. Furthermore, given the role of popular social media platforms in recent political and economic climates, understanding such processes might enhance information and the impact of communication technology on living environments [11].  Ultimately, the unified CAND framework proposed by Wei et al. [1] for detecting fake news and halting its dissemination can further improve the usefulness of crowd and machine intelligence to mitigate the effect of false news propagated mostly by social media platforms.

view full article here: Employing innovative detection techniques to confront fake news

References:

[1] Wei, X., Zhang, Z., Zhang, M., Chen, W., & Zeng, D. D. (2021). Combining Crowd and Machine Intelligence to Detect False News on Social Media. MIS Quarterly. DOI: [2] Chon, M. G., & Kim, S. (2022). Dealing with the COVID-19 crisis: Theoretical application of social media analytics in government crisis management. Public Relations Review48(3), 102201.

[3] Krstovski, K., Ryu, A. S., & Kogut, B. (2022). Evons: A Dataset for Fake and Real News Virality Analysis and Prediction. arXiv preprint arXiv:2209.08129.

[4] Gupta, A., Kumar, N., Prabhat, P., Gupta, R., Tanwar, S., Sharma, G., … & Sharma, R. (2022). Combating Fake News: Stakeholder Interventions and Potential Solutions. Ieee Access10, 78268-78289.

[5] Richet, J. L. (2013). Overt censorship: a fatal mistake? Communications of the ACM, 56(8), 37-38.

[6] Wynne, H. E., & Swe, K. T. (2022). Fake News Detection in Social Media using Two-Layers Ensemble Model. In 2022 37th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC) (pp. 411-414). IEEE.

[7] Mladenova, T., & Valova, I. (2022). Research on the Ability to Detect Fake News in Users of Social Networks. In 2022 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA) (pp. 01-04). IEEE.

[8] Hu, L., Wei, S., Zhao, Z., & Wu, B. (2022). Deep learning for fake news detection: A comprehensive survey. AI Open.

[9] Akhtar, M. M., Sharma, B., Karunanayake, I., Masood, R., Ikram, M., & Kanhere, S. S. (2022). Machine Learning-based Automatic Annotation and Detection of COVID-19 Fake News. arXiv preprint arXiv:2209.03162.

[10] Li, W., Wu, W. J., Wang, H. M., Cheng, X. Q., Chen, H. J., Zhou, Z. H., & Ding, R. (2017). Crowd intelligence in AI 2.0 era. Frontiers of Information Technology & Electronic Engineering18(1), 15-43.

[11] Chen, M. Y., Lytras, M. D., & Sangaiah, A. K. (2019). Anticipatory computing: Crowd intelligence from social network and big data. Computers in Human Behavior101, 350-351.

[12] Richet, J. L. (2022). How cybercriminal communities grow and change: An investigation of ad-fraud communities. Technological Forecasting and Social Change, 174, 121282.

[13] Rastogi, S., & Bansal, D. (2021, December). Time is Important in Fake News Detection: a short review. In 2021 International Conference on Computational Science and Computational Intelligence (CSCI) (pp. 1441-1443). IEEE.

[14] Sharma, K., Qian, F., Jiang, H., Ruchansky, N., Zhang, M., & Liu, Y. (2019). Combating fake news: A survey on identification and mitigation techniques. ACM Transactions on Intelligent Systems and Technology (TIST)10(3), 1-42.

Impact of Proactive Cyber Threat Intelligence on Exploits from the Dark Web

Impact of Proactive Cyber Threat Intelligence on Exploits from the Dark Web

Lawrence J. Awuah

 

Abstract: The desire to defend against the ever-growing cyber threat landscape necessitates the need to link exploits from the Dark Web to known vulnerabilities with the sole aim of proactively utilizing Cyber Threat Intelligence (CTI) solutions, with Deep Learning (DL) model and Exploit Vulnerability Attention Deep Structured Semantic Model (EVA-DSSM), to maximize data protection, privacy, and security.

 

A review of “Linking Exploits from the Dark Web to Known Vulnerabilities for Proactive Cyber Threat Intelligence: An Attention-based Deep Structured Semantic Model”. By Samtani, S., Chai, Y., & Chen, H. (2022). MIS Quarterly, 46(2), 911-946.

 

Summary: “Black hat hackers use malicious exploits to circumvent security controls and take advantage of system vulnerabilities worldwide, costing the global economy over $450 billion annually. While many organizations are increasingly turning to cyber threat intelligence (CTI) to help prioritize their vulnerabilities, extant CTI processes are often criticized as being reactive to known exploits. One promising data source that can help develop proactive CTI is the vast and ever-evolving Dark Web. In this study, we adopted the computational design science paradigm to design a novel Deep Learning (DL)-based Exploit Vulnerability Attention Deep Structured Semantic Model (EVA-DSSM) that includes bidirectional processing and attention mechanisms to automatically link exploits from the Dark Web to vulnerabilities. We also devised a novel Device Vulnerability Severity Metric (DVSM) that incorporates exploit postdate and vulnerability severity to help cybersecurity professionals with their device prioritization and risk management efforts. We rigorously evaluated the EVA-DSSM against state-of-the-art non-DL and DL-based methods for short text matching on 52,590 exploit-vulnerability linkages across four testbeds: web application, remote, local, and Denial of Service. Results of these evaluations indicate that the proposed EVA-DSSM achieves Precision at 1 scores 20% – 41% higher than non-DL approaches and 4% – 10% higher than DL-based approaches. We demonstrated the EVA-DSSM’s and DVSM’s practical utility with two CTI case studies: openly accessible systems in the top eight US hospitals and over 20,000 Supervisory Control and Data Acquisition (SCADA) systems worldwide. A complementary user evaluation of the case study results indicated that 45 cybersecurity professionals found the EVA-DSSM and DVSM results more useful for exploit-vulnerability linking and risk prioritization activities than those produced by prevailing approaches. Given the rising cost of cyber-attacks, the EVA-DSSM and DVSM have important implications for analysts in security operations centers, incident response teams, and cybersecurity vendors.” 

Keywords: cyber threat intelligence, deep learning, deep structured semantic models, vulnerability assessment, hacker forums, dark web, security operations, cybersecurity analytics 

The desire for researchers and subject matter experts to help organizations understand the complexity of attack vectors and support their cyber defense with automated incident response capabilities, driven by machine intelligence, has become so critical in today’s world. We have reached a point where cybersecurity trainees, researchers, and professionals need to continuously gain insights into innovative cybersecurity solutions in the field. The fact that malicious actors consistently use hacking techniques to circumvent security controls and exploit system vulnerabilities in the wake of the current threat landscape motivated Samtani et al. [1] to develop proactive Cyber Threat Intelligence (CTI) model from the perspective of the Dark Web. More to the point, pattern recognition, anomaly detection, and predictive analytics remain to offer threat intelligence and cybersecurity analytics capabilities that are key ingredients in automated incident response and threats mitigation efforts in the ever-evolving threat landscape.

Additionally, machine intelligence has become so ubiquitous and an indispensable tool, in defensive and offensive operations, that it remains to be a useful resource to cybersecurity leaders and device vendors. As part of their study, the authors adopted a novel Deep Learning (DL)-based model, an Exploit Vulnerability Attention Deep Structured Semantic Model (EVA-DSSM), which comprises bidirectional processing and attention mechanisms with the capability to automatically link exploits from the Dark Web to known vulnerabilities [1]. Additionally, a Device Vulnerability Severity Metric (DVSM) model was developed to be employed by cybersecurity professionals when engaging in device prioritization and risk management activities. A high-Level CTI Framework that captures EVA-DSSM and DVSM models is depicted in figure 1.

In another study, Zhu et al. [4] adopted a computational design science solution to develop a DL-based, hierarchical, multi-phase Activity of Daily Living (ADL) framework to address similar concerns. Yet, others deployed Tor-use Motivation Model (TMM) and found a network impacted by illicit commerce and money laundering and concluded that criminality on this dark web is based more upon greed and desire, rather than any particular political motivations [3]. These models and frameworks play key roles in emerging cybersecurity mitigation strategies.

Moreover, the vulnerability assessment as part of the automated CTI process, coupled with analytics, facilitate intelligence required by CTI professionals to conduct initial triage of security incidents for anticipated mitigation strategies. Motivated by the dynamic threat landscape, the authors develop a CTI framework and compared the operational differences between the conventional DSSM and their proposed EVA-DSSM [1]. When the proposed EVA-DSSM model was evaluated against both non-DL and DL-based methods for exploit-vulnerability linkages across selected testbeds (figure 1), the DL-based technique was determined to have achieved a much higher precision than the non-DL counterpart.

Furthermore, when a user evaluation of the CTI case study was conducted, the results indicated that a number of cybersecurity professionals found the EVA-DSSM and DVSM to be more efficient in exploitation-vulnerability linking and risk prioritization activities than those produced by conventional solutions. On the other hand, the user evaluation indicated that these professionals serving in the Security Operations Center (SOC), Incident Response (IR), Vulnerability Management (VM), and Operational Cybersecurity (OS) domains of practice found the EVA-DSSM and DVSM results more useful than those generated without these two models (figure 1). Given the rising cost of cyber-attacks, the EVA-DSSM and DVSM have perceived practical significance and important implications for analysts, for example, in the areas of security operations centers, incident response teams, and cybersecurity vendors.

In summary, there is a strong desire to support the fact that the practical and theoretical significance of the proposed EVA-DSSM and DVSM models evidently benefits analysts in SOC and IR teams, as well as security operations vendors. From the preceding analysis, there is also evidence to suggest that DL-based machine intelligence, as noted by the authors, plays a key role in SOC-related engagements. To that end, in mitigating evolving threats, organizations should empower the security operations teams and vendors with automated AI-based mitigation solutions. To efficiently mitigate these threats, organizations should endeavor to empower the security operations team and leadership with appropriate strategies needed to offer security orchestration and response processes to fully automate and manage the complexity of the SOC ecosystems [1-2]. In other words, the ability to seamlessly automate and manage the complexity of security operations to address the dynamic threat landscape remains an important challenge for security researchers, cybersecurity professionals, and cybersecurity vendors. Finally, from the preceding analysis, the EVA-DSSM and DVSM models certainly have crucial implications for those analysts in the SOC-based environment and cybersecurity vendors. Researchers and professionals alike have a major role to play in search of broader cybersecurity solutions for the interest of society. 

See the full review here: Research Summary-Exploits from the Dark Web

References:

[1] Samtani, S., Chai, Y., & Chen, H. (2022). Linking Exploits from the Dark Web to Known Vulnerabilities for Proactive Cyber Threat Intelligence: An Attention-based Deep Structured Semantic Model. MIS Quarterly, 46(2), 911-946. DOI: 10.25300/MISQ/2022/15392

[2] Kinyua, J. & Awuah, L. (2021). AI/ML in Security Orchestration, Automation and Response: Future Research Directions. Intelligent Automation & Soft Computing, 28(2), 527–545. DOI:10.32604/iasc.2021.016240

[3] Dalins, J., Wilson, C., & Carman, M. (2018). Criminal motivation on the dark web: A categorisation model for law enforcement. Digital Investigation, 24 (1), pp. 62-71. 

Viewpoint – Non-consensual Pornography: How petty desire becomes a tragedy to an individual.

This article is the first of a new series of Viewpoints from Harvard Business School, Sorbonne Business School and ESSEC Business School students and faculty.  Viewpoints section is dedicated to opinions and views that pertain to issues of broad interest to the cybersecurity community, typically, but not exclusively, of a nontechnical nature. Controversial issues will not be avoided but be dealt with fairly. Authors are welcome to submit carefully reasoned “Viewpoints” in which positions are substantiated by facts or principled arguments. Moreover, this section periodically hosts editorial debates in a Point/Counterpoint format in which both sides of an issue are represented.

Non-consensual Pornography: How petty desire becomes a tragedy to an individual.

Viewpoint by Heeju ROH (Harvard Business School)

There was a woman.
She did an ordinary love.

It was not a love life that bares all things, believes all things, hopes all things, and endures all things. But there was an affection: she and her lover couldn’t say each other’s name without smiling. There was a trust. The two people did not feel guilty about their own unspoken things. There were a lot other things and the love brought all of them. They thought, as it is commonly said, that they fell in love. However, it was wrong. By nature, love is not something you can consciously fall into. Love strikes people as if it is an accident. So it was rather obvious that it was also the love who called the end.

As left-overs, they did not know how to deal with the situation because they were both victims. Since the love already left them, their frustration lost its direction to head and destined to wrong targets – each other. Through the time of hurting each other more and more, they somehow survived as two separate individuals. And that was supposed to be it. But one day, she was told that there are pictures and videos of her privacy online. Records of their love, including evidences of the intimacy. Indeed, she could see two bodies. One of those had the same face with hers. However there was a difference between the face in the monitor with the face that she reflects on a mirror every morning. The face in the monitor did not have dignity or self-respect. It did not have a name or identity. It was merely a visual material to facilitate the ejaculation. Yet, it was undoubtedly her face and body.

I admit. Above case cannot possibly be the only background story of nonconsensual pornographies (NCP) in this big world. Maybe there are other victims who has been through a bad breakup, an abusive relationship, or other terrible situation before the leakage. Even if an uploader has built an aggression toward a victim, he or she does not earn an authority to share the private moment with unspecified mass viewers. We all should agree that the distribution of such material cannot be justified under any circumstance, period. However, we are often misled by the name ‘Revenge Porn.’ We are misled in a way that the victims are deserved to be revenged. More importantly, this perception results a general tendency to highlight an interpersonal and emotional conflict between the perpetrator and the victim, while diluting the fact that the NCP is a collective cybercrime. No wonder why bystanders who are unlikely to commit such crime shows certain level of approval upon NCP[i].

So, do I want to claim that NCPs are not really the result of ‘revenge’? Maybe, but that’s not the point. Currently, frequently suggested strategies to stop the NCP is more focused to victims’ protecting themselves. The reasons said are 1) that the victim must’ve agreed on the intercourse itself and 2) that, due to the highly viral environment of online platforms, the identification of the victim and instant reaction is better taken by the first party, the victim, than by the third party, the law enforcement for example. This could be also why even well-respected Medias rather recommend victims to “make sure that your face is not on the picture” or “use more secured application.”[ii] This tendency is an unfiltered evidence of our ignorance. The ignorance about the magnitude of the damage to the victims and the ignorance about the nature of the situation – the crime. The society forces the victims should be the one taking the burden of erasing fees and legal procedures, while dealing with PTSD, trust issues, and hostile social perception of “you deserve it”[iii]. Compare to the severe physical and psychological pain of the victims, the purpose of the NCP is ridiculously shallow – the amusement.

In the online world, we easily let ourselves indulge. Online world is the perfect place to let all of us to swim in the sea of our own gluttony, envy, greed and lust. Of course, it is rather acceptable if the voyeurism is directed to something not ethically challenging, such as mother’s recipe for the banana cake. Sharing information is the accomplishment of the 3rd industrial revolution. However, behind the curtain of anonymity, we also can consume other people’s private life easily and casually. And as the word ‘we’ suggests, there hardly is a sole perpetrator in the online world. They commit to this cyberbullying by creating, consuming, distributing, and making profit from NCPs. When facing the collective wave of violent behavior, individual victims always fail to protect themselves. Examples of victories are absolute minority considering the entire number of victims. The victory has to become our social norm, the general outcome, and expected result.

I believe that laws, policies, and systems are to stand at the front line of this battle. People’s feeling safe from possible harassments is the first job for normal nations to achieve. If people can hurt others and be hurt by the technology facilitated sexual violence without any rational expectation to be salvaged, that status is rather similar to the fight of all against all. To end this fight, we need more victim-focused responses. From the investigation processes, which are often traumatic for victims, to subsidy for erasing the materials and punishing the distributors[iv]. There have been studies and implementation of policies conducted. However, in reality, victims are rather to rely on civil associations than on law enforcement, because the civil associations tend to have more experience in such cases[v]. While the NCPs have become more accessible and affordable, the prosecutorial process has not become victim-friendly. Victims have to endure the ongoing tragedy until the legal process is over, which does not guarantee a fresh clean-up. As a result, the victims are easily left in the blind spot of the system.

Screaming requires a lot more effort than you think. It is not a knee-jerk reflection. Firstly the lungs have to be inflated as big as possible. Then your abdomen has to be flat and tighten in order to expectorate the air. At the moment of exhalation, the vocal cord tremors to deliver the sound wave. It’s a duty of nasal cavity to increase the sound frequency. Finally, as a quasi-verbal communication, this single-syllable sound has to deliver a message: Somebody help me. Unfortunately, the brain cannot often orchestrate the process. It endeavors to send signals to your lungs, abs, and vocal cords, but they simply fails in doing their works.

She felt that she had to scream at the moment she found her pictures. If the screaming was a cardio exercise, her brain must have sweated to be dehydrated. But the brain cannot sweat. So something else did instead: Her eyes released vast amount of salty water. Taking that as a signal, the other body parts finally responded. But it was different from what she imagined. The sound was rather low and growling. It was similar to something that every creatures make in the time of tragedy. It was an ordinary end of an ordinary love. However, because tragedies does not have an eye, they sometimes just barge into an ordinary life. So her ordinary life suddenly became tragic.

On the website, she also found other women. The women who also had faces and bodies without the name and dignity. She wondered what made all these women exposed. What have they done? And she realized that she already knew the answer – an ordinary love. They all did an ordinary love – no more, no less. Just an ordinary love.

* This article does not mean the victimization of all women nor generalization of all men.

References

[i] Lawson, K., “People Are Terrifyingly OK with Revenge Porn, New Study Finds,” Broadly, March 3, 2017. [ii] Young, S., “How to protect yourself against revenge porn,” Independent, August 24, 2017. [iii] Bates, Samantha Lynn. (2015) “Stripped”: an analysis of revenge porn victims’ lives after victimization.”

 

[iv] Dickson, Alyse (2016) “‘REVENGE PORN’: A VICTIM FOCUSED RESPONSE,” UNISA Student Law Review, Vol. 2.

 

[v] 정한라 (2013) “국내외 사이버폭력 사례 및 각국의 대응방안,” 한국인터넷진흥원

Viewpoint – Trolling: annoyance or real threat?

This article is the first of a new series of Viewpoints from Harvard Business School, Sorbonne Business School and ESSEC Business School students and faculty.  Viewpoints section is dedicated to opinions and views that pertain to issues of broad interest to the cybersecurity community, typically, but not exclusively, of a nontechnical nature. Controversial issues will not be avoided but be dealt with fairly. Authors are welcome to submit carefully reasoned “Viewpoints” in which positions are substantiated by facts or principled arguments. Moreover, this section periodically hosts editorial debates in a Point/Counterpoint format in which both sides of an issue are represented.

Trolling: annoyance or real threat?

Viewpoint by Daniel Grieb, Flora Guise, Léontine Paquatte (ESSEC Business School)

 

Macy’s 2008 Thanksgiving Parade, New York City: American music artist Rick Astley surprises spectators with a live performance of his 1987 song “Never gonna give you up”. Leading up to his performance, the year 2008 saw the rise of a mass internet phenomenon called “Rickrolling”, where millions of users were enticed to click on hyperlinks leading to the music video of the Astley’s song. From this innocent internet prank, trolling has evolved to much more: during the US presidential election of 2017, the concern of the impact of trolling on the public’s opinion has become evident. This paper aims to explore the internet phenomenon “Troll” and will cover their motivations to their impact and current, relevant examples of trolling.

As the phenomenon of “trolling” is a rather recent emergence, there is still no clear, universally agreed upon definition in the academic field. However, a common definition reflects the most observed “trolling behavior”: it describes the act of agonizing others online “by deliberately posting inflammatory, irrelevant, or offensive comments or other disruptive content” “with no apparent (…) purpose”. [1] [2] The troll’s motivation can be categorized in three categories: (1) Personal enjoyment (pleasure seeking through “trolling”), (2) Revenge (as a reaction to being trolled) and (3) Thrill-seeking (deriving joy from the reaction of others to their trolling behavior). [3] It becomes evident that the current definition and motivation associated with trolling focuses on the individual level: it assumes that trolling is exclusively done by individuals and with no external goal. However, numerous, recent examples, show that trolling has evolved.

Trolling basically manifests itself in a malevolent, interpersonal and antisocial individual behavior. Concretely its about “deliberately [provoking], upsetting others by starting arguments or posting inflammatory messages on online comment sections.”[4] The manifestation of individual trolling through online comment sections can be observed through the increasing phenomenon of cyberbullying, identity theft and cyberstalking, therefore putting flesh on the Dark Tetrad personality traits: narcissism, sadism, Machiavellianism and psychopathy.

Quantitative analysis have shown that the online context tends to exacerbate psychopathic behaviors: anonymity, normlessness, asynchronicity on the internet are putting more psychological distance between the troll and his/her target, therefore encouraging him/her to have a sharper and more violent reaction than in an offline context.[5]

The impact of this individual cybertrolling can be seen on many aspects of the life of some victims ever since the phenomenon appeared: the Youth Risk Behavior Surveillance System (YRBSS) identified behavior such as drug use, unhealthy diets and numerous other examples linked with cyberbullying.[6] Even though social networks and interpersonal websites have implemented rules and means of empeaching of trolls, the line between elements considered bullying and justified opinions is not clear, allowing internet trolls to adapt their behavior without being reprimanded.

Looking at the nefarious effect internet trolls can cause on an individual level, the threat of trolls on a societal level seems to arise.

The digital transition has brought the Greek ideal of the public agora to a brand new level: the internet turned into a global, geography-free space where almost anyone can express one’s opinion.[7] Roger Silverstone designated it in 2006 as the “Mediapolis”[8], where people can gather and participate to the virtual debate without being present, reminding the theory of “Global Village” of Marshall McLuhan.[9] It looks like the internet allowed us to become an egalitarian network society with a perfect level of freedom of speech. As it turns out however, that space of freedom became the playground of trolls and haters, breaking down this utopia and questioning models such as deliberative democracy: Trolls, fake news and hate speech occupy so much space on forums, that this may lead to eventually silencing some citizens as they do not want to become the target of trolls or to making citizens lose touch with what is true or not.[10] Disinformation, hate-speech and cyber-harassment have become real threats for democracies as they impede a reasonable, objective public debate which is the basis of this political system. It is therefore necessary to take measures to resolve this problem, however without falling into censorship: a very sensitive, but essential endeavor.

To illustrate this problem, let us take a look at the propaganda movement led by “Reconquista Germanica” that became active during the last Germany’s general election.[11] This group of online extremist used trolling to manipulate the election by spreading hate, fake news and Kremlin propaganda. The techniques used for their “Blitzkrieg against the Old Parties” proved to be very efficient. First, they trolled their opponents by spreading illegally obtained, compromising private content or even manipulated photos and collage, in the hopes that these would become “viral hits”. They also tried to manipulate public opinion by conducting a “war on information” with disinformation, hateful memes and bots sending automated messages. This way, Reconquista was able to get great visibility and influence the opinion particularly among a large proportion of undecided voters. Moreover, these techniques are becoming more and more professionalized and globalized since some groups of activists claim that they influenced Russian, American, British, German and French elections. They now apply very detailed action plans and have become organized world-wide. Yet, while it is still difficult to measure their real influence, trolls have become a cyber-threat that should in no way be neglected.

It became evident that internet trolling can become more than just a simple annoyance: the organized and strategic implementation of “trolling tools” on social media such as hate speech and doxing, can not only have a significant effect on the trolled “victims” but also on societies. Influencing public opinions has become the new goal of organized trolling networks and their first implementation prior to elections can be seen. While the lone internet troll may seem harmless, the influence and impact of an organized community of trolls should not be underestimated. Just like in many aspects in life, Paracelsus’ rule remains true – even on the internet: Sola dosis facit venenum “The dose makes the poison”. And the instrumentalization of this dose by different interest groups has become a new form of cyberthreat.

References:

[1] [2] Buckels, E. E., et al. Trolls just want to have fun. Personality and Individual Differences (2014); P.1

[3] Cook, C., et al.: Under the bridge: An in-depth examination of online trolling in the gaming context.; P.10f.

[4] Gammon J., Over a quarter of Americans have made malicious online comments, (2014)

[5] Nevin, Andrew D., “Cyber-Psychopathy: Examining the Relationship between Dark E-Personality and Online Misconduct” (2015). Electronic Thesis and Dissertation Repository. 2926, P.170

[6] [7] Weichert S., From Swarm Intelligence to Swarm Malice: An appeal (2016)

[8] Silverstone R., Media and morality : on the rise of Mediapolis (2006)

[9] Mc Luhan M., Understanding media: The extensions of man (1964)

[10]Aro J., The cyberspace war: propaganda and trolling as warfare tools (2016)

[11]Von Hammerstein K., Höfner R. and Rosenbach M., Right-Wing Activists Take Aim at German Election, SPIEGEL Online (09/13/2017)

BIBLIOGRAPHIC REFERENCES :

Literary references:

Aro J., The cyberspace war: propaganda and trolling as warfare tools (2016)

Buckels, E. E., et al. Trolls just want to have fun. Personality and Individual Differences (2014)

Cook, C., et al.: Under the bridge: An in-depth examination of online trolling in the gaming context (2014)

Gammon J., Over a quarter of Americans have made malicious online comments, (2014)

Mc Luhan M., Understanding media: The extensions of man (1964)

Nevin, Andrew D., “Cyber-Psychopathy: Examining the Relationship between Dark E-Personality and Online Misconduct” (2015). Electronic Thesis and Dissertation Repository. 2926, P.170

Silverstone R., Media and morality : on the rise of Mediapolis (2006)

Von Hammerstein K., Höfner R. and Rosenbach M., Right-Wing Activists Take Aim at German Election, SPIEGEL Online (09/13/2017)

Weichert S., From Swarm Intelligence to Swarm Malice: An appeal (2016)

Online references:

Cdg.gov, Youth Risk Behavior Surveillance System page (2017), available at: cdc.gov

Merriam-webster, Definition of troll (2018), available at: merriam-webster.com

Risks in Governmental Cybersecurity Program : Case Study of the Einstein Project

The Risk of Secrecy in Governmental Cybersecurity Program : Case Study of the Einstein Project

Charlotte Clément-Cottuz

This paper argues that the over-secretive nature of cybersecurity national programs that protect national agencies actually hinders such programs while it demonstrates that a more transparent implementation could enhance its efficiency. This argument can appear paradoxical as logically the more transparent a cybersecurity program is, the easier it can be for hackers to find loopholes in these programs and thus to perpetuate their malicious intents. However, based on the case study of the US Einstein program, this paper demonstrates that the shortcomings of such programs are majorly caused by unnecessary exaggerated secrecy.

Einstein, or formally called the US National Cybersecurity Program System, was developed by the United States Computer Emergency Readiness Team (US-CERT) which is the operational arm of the National Cyber Security Division of the US Department of Homeland Security (DHS). This department “has the mission to provide a common baseline of security across the federal civilian executive branch and to help agencies manage their cyber security risk” (CDT, 2009). Internationally, national governments have implemented similar programs to defend their national organisations against cyber offensives. For example, in France, the ANSSI (Agence Nationale de la Sécurité des Systèmes d’Informations) ensures the cybersecurity of national public and private sector operators. Nevertheless, confronted with the lack of information concerning the digital control and supervisory control and data acquisition systems (DC/SCADA) put in place by the ANSII (Dila, 2013) or other national governments across the globe, this post focuses on the US and its Einstein program.

More precisely, Einstein was developed to fulfil two key roles in federal government cybersecurity. First, as an intrusion detection capability, it detects and blocks cyberattacks from compromising federal agencies by monitoring these federal agencies internet connections for specific predefined signatures of know malicious activity and anomalies and alerts US-CERT when specific network activity or host-based intrusions match the predetermined signatures are detected. Second, Einstein was enhanced to also become an intrusion prevention capability that automatically blocks malicious traffic from entering or leaving the federal civilian executive branch agency networks. To this extent, Einstein has the capability of analysing the content of emails and other Internet websites (Gorman, 2009). This raises massive privacy questions. Indeed, there are no clear or transparent guidelines made public about Einstein’s exact mission, who reads these emails, what are the tools implemented against cyber threats and which precise cyber threats are encompassed in such a vast definition (CDT, 2009). Therefore, the US-CERT and the DHS profit from a lot a legal leeway when they are questioned or held accountable and overall they benefit from this lack of transparency (Gao, 2010) at the expense of the Einstein users.

On top of the privacy risks caused by the lack of transparency, the latter also impairs on Einstein’s efficiency. Indeed, another role of Einstein is cross-collaboration between the agencies: once an agency acknowledges an intrusion/signature/zero day, it alerts the US-CERT which then informs the other agencies of the newly determined intrusion. Therefore like a network effect, the more agencies using Einstein and hence finding signatures and exchanging them, the higher is Einstein’s global success rate. However, Einstein is only implemented in 5 agencies out of 23 because each agency implements different technologies to protect its sensitive data that are not compatible with the Einstein program. Therefore, the lack of transparency between federal cybersecurity programs impairs on the effort of the federal Einstein program and diminishes its efficiencies. Indeed, during a test to flag a portion of vulnerabilities associated with common softwares applications across multiple federal agencies, only 6% of all the security bugs tested were found. That’s 29 out of 489 vulnerabilities (Paganini, 2016). If more transparent, Einstein’s would be easier to implement and hence more efficient.

Finally, the efficiency shortcomings of the Einstein program could be straightened up by informing the federal employees whose computers are running the Einstein program. Indeed, over-preoccupied by the secrecy of the program, the DHS did not inform the federal employees whose computer were running the program. However, if the US-CERT simply informed the employees that the program is running, communicated on the EINSTEIN program, employees would be more aware and careful of malwares and phishing tentatives. Furthermore, if the US-CERT encouraged cybersecurity awareness programs, it would definitively increase the efficiency of Einstein. And to a certain extent, “agencies should ultimately employ a multi-layered approach to security that includes well-trained personnel, effective and consistently applied processes, and appropriate technologies” (Cooney, 2015).

Even though it is being amended, Einstein raises serious concerns of transparency. Its lack thereof causes privacy contingencies but also inefficiencies and failures, which can endanger the US national sovereignty to a certain point. However, a more transparent implementation with more thorough information concerning the program communicated by the US-CERT would increase the number of federal agencies relying on the Einstein program and hence its
capability. Furthermore, at the grass roots level or in other words at the user level, awareness and communication on the EINSTEIN program would increase the number of signatures detected and hence once again EINSTEIN’s efficiency. In a few words, transparency is the best policy.

References

CDT, 2009. ‘Einstein Intrusion Detection System: Questions that Should be Addressed’, Center for Democracy & Technology, July 2009.

Dila, 2013, Direction de l’information  légale et administrative. Livre Blanc Défense et Sécurité Nationale, 2013.

Gorman, S. 2009. ‘Trouble Plague Cyberspy Defense’, Wall Street journal, July 3rd 2009.

CDT, 2009. ‘CDT report : Privacy, Legal Concerns Surround Secret Government Cybersecurity System’, CDT, July 28, 2009.

Gao, 2010. ’Cybersecurity: Progress made but challenges remain in defining and coordinating the comprehensive national initiative’, Report to Congressional Requesters, March 2010.

Paganini, P. 2016. ‘Audit shows Department of Homeland Security 6 billion U.S. Dollar firewall not so effective against hackers’, Security Affairs, February 1, 2016.

Cooney, M. 2015. ‘GAO: Early look at fed’s “Einstein 3” security weapon finds challenge’, Network world, July 9th 2015.

Read the full blog post here: Risk in Governmental Cybersecurity Program JSTI 2017

Blockchain Regulatory Framework, Legal Challenges and the Financial Industry

Blockchain Regulatory Framework, Legal Challenges and the Financial Industry

Camille Madec

Introduction

In order to stay competitive, financial industry must seize the opportunities of the on-going technological disruption, and particularly with the recent so-called blockchain innovation when some argue that this new technology has the potential to replace banks as financial intermediaries for transfer and exchanges of money. In this transitional context, financial sector could face new cybersecurity risks, with sophisticated attacks, which eventually call for a renewed regulation framework. Here the financial sector means banks, insurers, asset managers, and advisory firms.

Blockchain can be defined as “a peer-to-peer operated public digital ledger that records all transactions executed for a particular asset (…) The Blockchain maintains this record across a network of computers, and anyone on the network can access the ledger. Blockchain is ‘decentralised’ meaning people on the network maintain the ledger, requiring no central or third party intermediary involvement. […] Users known as ‘miners’ use specialized software to look for these time stamped ‘blocks’, verify their accuracy using a special algorithm, and add the block to the chain. The chain maintains chronological order for all blocks added because of these time-stamps.” (Alderman, 2015)

Hence, Blockchain, well known through the so-called bit coin, could open much more perspective and should guaranty security and the validation of all the exchange of data. In addition to open room for new business opportunities, this new technology could disrupt the legal conception of privacy, intellectual property right, and presents some issues regarding financial institution accountability given the new associated risks. As a consequence while financial institutions have been under strengths by the new regulatory requirements in the aftermath of the 2008 financial crisis, they might see their accountability rises again to address cybersecurity risks and associated prejudices related to blockchain innovation.

This paper explains how business compliance to new cyber regulatory framework is a strategic issue for financial institutions. It presents the financial institutions specific data profile and linked eventual collateral damages. It highlights blockchain innovation opportunities and associated new cybercrime challenges. It describes the current European regulatory framework and legal accountability scenarios. It then finally supports the hypothesis of cyber compliance as a corporate competitive advantage and maps out some elements
of potential recommendations to strengthen cybersecurity resilience.

Read the full strategic report here: regulatory compliance and cybersecurity

References

Alderman, P. (2015). Blockchain –emerging legal issues. Lexology, Global.

How is Cybercrime Evolving? (editorial)

How is Cybercrime Evolving? (editorial)

Jean-Loup Richet, Sorbonne Business School (IAE de Paris)

Abstract

Firms spend enormous resources on digital advertising and promoting their brand online. In the meantime, ad-fraud undertaken by cybercriminals cost $42 billion in 2019 and could reach $100 billion by 2023. However, while digital advertisers continue to wrestle with how to effectively counteract ad-fraud, the topic of advertising fraud itself has received little academic attention. Here, we investigate this gap between practice and research through an exploration of ad-fraud communities. Our research implemented a multimethod approach for data collection in a longitudinal (18 months, October 2017 to April 2019) online investigation of this phenomenon. Integrating qualitative and quantitative analysis, we examined (1) internal interactions within ad-fraud communities and (2) ad-fraud communities’ performance and growth. Our online investigation extends our conceptual understanding of ad-fraud and explains how ad-fraud communities innovate. Our findings indicate that capabilities enacted by some communities foster requisite variety and enable the coordination of complex, iterative, and incremental dynamics (cocreation of artificial intelligence-based bots, customer involvement, and reinforcing capabilities). This research has both theoretical and practical implications for innovation in cybercriminal communities. Furthermore, we provide practical guidance for policy-makers and advertisers regarding how to improve their response to business threats. Indeed, a better understanding of how ad-fraud communities innovate enables organizations to develop countermeasures and intelligence capabilities.

Highlights

• This is one of the first studies documenting the way ad-fraud communities innovate and create value for their criminal customers.
• A multimethod approach was applied for data collection, integrating qualitative and quantitative assessment of six cybercriminal communities.
• Specialized ad-fraud communities provided a wealth of knowledge and incremental innovations in ad-frauds.
• General and customer-oriented ad-fraud communities showcased the most internal interactions, as well as exhibiting better performance and growth.
• General and customer-oriented ad-fraud communities have developed specific capabilities, focusing on innovation through artificial intelligence, which fuels customer engagement and fosters (criminal) attractiveness.

Reference

Richet, J.-L. 2022. “How Cybercriminal Communities Grow and Change: An Investigation of Ad-Fraud Communities,” Technological Forecasting and Social Change (174), p. 121282.  https://doi.org/10.1016/j.techfore.2021….)

How is Cybercrime Evolving

Privacy on the Internet: a sweet dream?

 Privacy on the Internet: a sweet dream?

Quentin Jaubert, Adrien Zamora

Introduction

Big Brother is watching you” wrote Georges Orwell. In this groundbreaking book, Orwell describes a society in which the officials know everything that would happen inside the country by performing an omnipresent surveillance over the inhabitants. Today’s police forces and secret services own a numerous number of surveillance tools such as biometry, chips, facial recognition, localization that allow them to become very intrusive security forces. But the “policing” has now also become the property of major private companies (social media platforms, search engines, telecommunication carriers etc). A funny way of rethinking Orwell’s quote in our modern world would be: “Big Browser is watching you”.

There was a time where people had their privacy. One could go shopping when exiting the office, buy several stuffs in cash, go back home, close the doors and curtains, and run their private life. That was it. But privacy has evolved over time. If “privacy” can be defined as a “right to be let alone” (Warren and Brandeis, 1890), or even “the right to prevent the disclosure of personal information to others” (Westin, 1968), the concept has recently taken a multidimensional nature regarding “information, accessibility and expression” (Decew, 1997), and with the rise of the Internet, technology has created new privacy issues (Austin, 2003) which lead us to wonder: is online privacy a sweet dream?

In order to understand the issues linked to our online privacy and generate insights from it, we adopted the following method:

How has the privacy concept evolved with the appearance of the Internet?

In such a connected world, should we/can we protect our privacy? If yes, how?

Where will we be standing in the next 5, 10, 20 years? Will “online privacy” ever mean anything in the next decades?

Read the full strategic report here: privacy on the internet: a sweet dream?

References

Austin, L. (2003). Privacy and the Question of Technology. Law and Philosophy, 22(2), 119-166.

DeCew, J. W. (1997). In pursuit of privacy: Law, ethics, and the rise of technology. Cornell University Press.
Orwell, G. (2009). Nineteen eighty-four. Everyman’s Library.
Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard law review, 193-220.
Westin, A. F. (1968). Privacy and freedom. Washington and Lee Law Review, 25(1), 166.

Cybersecurity, a new challenge for the aviation and automotive industries

Cybersecurity, a new challenge for the aviation and automotive industries

Hélène Duchamp, Ibrahim Bayram, Ranim Korhani

Abstract:
This paper will focus on cybersecurity in the civil aviation industry, but will also present some of the threats that exist in a much more daily transportation mode: personal cars.
We will present the stakeholders involved in the aviation industry, point out the sources of the vulnerability of the industry to cyber attacks, and then analyze the efforts put in place to deter cyber attacks against commercial aircraft. The same order of reasoning will be applied to the automotive industry

Introduction

The aviation industry is important to the global economy. In 2013, the air transportation network carried over 48 million tons of freight and over 2.6 billion passengers. Its global economic value was estimated at 2.2 trillion dollars (AIAA, 2013). Any (cyber)-attack in this industry would result in important social and economic consequences.

With the development of new technologies such as internet, the global aviation industry is subject to a new and growing type of threat coming from cyberspace. As in the other industries, cyber threats purposes are for example the robbery of information, political actions, make profit, or simply weaken one stakeholder of the industry.

Because of its complexity and its weight in the economy, breaking the aviation industry’s security constitutes a great challenge for hackers and terrorists. Moreover, this industry relies more and more on information and communication technology (ICT). As an industry that is well known for providing one of the safest type of transportation, it is mandatory for all its stakeholders to understand the risks and to prevent any malicious events for the good of the industry, the economy, the population and the environment.

Read the full strategic report here: cybersecurity, a new challenge for the aviation and automotive industries

References

AIAA. (2013). The connectivity challenge: protecting critical assets in a networked world – a framework for aviation cybersecurity.

Cybersecurity, Cybercrime and cyberwarfare research