CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT

Purpose- With the rapid advancement of information and communication technologies, businesses are facing growing security risks. The prevalence, intensity, and complexity of cyber attacks worsen these vulnerabilities, leading to a rising focus on cybersecurity. Enterprises exposed to such cyberattacks might not only face considerable financial losses but also experience data breaches, operational interruptions, harm to their reputation, regulatory penalties, legal expenses, reduced competitive standing, and increased insurance premiums. In this concept study discusses the importance of human factors in cybersecurity management. While organizations spend billions on information technology systems and software to detect and prevent cyber threats, individuals play a critical role in managing these risks. Methodology- Through a review of literature and statistical data, study examines the factors contributing to cybersecurity breaches, the allocation of resources to address them, and proposes potential solutions. Findings- In the workplace, most research on cybersecurity focuses on employees as the most important source of vulnerability. In the literature review, it is understood that an employee’s carelessness and lack of awareness pose the greatest risk to cybersecurity. However, businesses often fail to show sufficient attention to human behavior in their efforts to keep organizational data secure and to plan security strategies. It is important to note that effective cybersecurity management requires not only technical controls but also the management of human factors. Meanwhile, security expenditures in enterprises are often disproportionately allocated to technology investments, with 97% being spent on technology investments, despite the fact that over 85% of breaches are attributable to human factors. Conclusion- In the literature review, it is understood that cybersecurity management is not only related to technical controls, but also the management of human factors is of critical importance. The management of individuals is also an essential cybersecurity responsibility. It is important to adopt a holistic approach to cybersecurity management includes both technical and human perspectives. Cybersecurity awareness has significant benefits for businesses to effectively manage cybersecurity which can be achieved by developing appropriate training programs and foster a cybersecurity culture.

Keywords:

Cybersecurity, cybersecurity management, cybersecurity awareness, technology investments human factor,

PDF

___

Ackerman, G., Volkman, D. (2019). Cybersecurity culture and training: A practitioner’s perspective. Journal of Business Continuity & Emergency Planning, 12(1), 10-17.
Ani, U.D. He, H., Tiwari, A. (2019). Human factor security: Evaluating the cybersecurity capacity of the industrial workforce. J. Sys. Info. Technol., 21, 2–35.
Antonakakis, N., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J. A., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Lever, C., Ma, J., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., Zhou, Y., & Paxson, V. (2017). Understanding the Mirai botnet. In Proceedings of the 26th USENIX Security Symposium (pp. 1093-1110).
Baker, A. (2020). Cybersecurity: The Most Important Tech Skill of the Future. Forbes. https://www.forbes.com/sites/abdullahimuhammed/2020/01/08/cybersecurity-the-most-important-tech-skill-of-the-future/?sh=54d5db5b5
Blyth, M., Kovacich, G. (2013). The Routledge Handbook of Computer Security. Routledge.
Brown, J. (2017). Equifax hack hit 143 million people, and it’s just the first disaster to come. The Guardian. https://www.theguardian.com/commentisfree/2017/sep/08/equifax-hack-hit-143-million-people-disaster-waiting-to-happen
Carpenter, P., Roer, K. (2022). The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer, Wiley, NJ, USA.
CISA. (2021). Cybersecurity and Infrastructure Security Agency Strategic Plan 2021-2025. CISA. https://www.cisa.gov/sites/default/files/publications/2021-03/CISA-Strategic-Plan-2021-2025-Public-Final-508.pdf
Corradini, I. (2020). Building a Cybersecurity Culture in Organizations: How to Bridge the Gap between People and Digital Technology, Springer Nature, Berlin/Heidelberg, Germany.
Goldman, D. (2017). Target data breach: 7 lessons learned. CIO. https://www.cio.com/article/3242597/target-data-breach-7-lessons-learned.html
González, L. M. (2018). The role of employee awareness and training in cybersecurity. Journal of International Management Studies, 18(1), 55-60.
Gupta, A. (2019). DDoS Attack Types and Tools: All You Need to Know. Cloudflare. https://www.cloudflare.com/learning/ddos/ddos-attack-tools/
Hashizume, K., Rosado, D. G., Fernandez-Medina, E. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5. https://doi.org/10.1186/1869-0238-4-5
Haynes, J. W., Klass, B. R. (2019). Managing cybersecurity risk: A governance approach. Journal of Business Continuity & Emergency Planning, 13(1), 30-42.
Hill, K. (2017). Yahoo says all 3 billion user accounts were hacked in 2013 data theft. Reuters. https://www.reuters.com/article/us-yahoo-cyber/yahoo-says-all-3-billion-user-accounts-were-hacked-in-2013-data-theft-idUSKBN1C9188
ISACA. (2019). Cybersecurity: Understanding Cybersecurity Risk Management. ISACA.
Johnson, K. (2019). What Is Cybersecurity? Definition, Best Practices & More. Digital Guardian. https://digitalguardian.com/blog/what-cybersecurity-definition-best-practices-more
Jones, S. (2015). A Brief History of Cybersecurity. Huffington Post. https://www.huffpost.com/entry/a-brief-history-of-cyber_b_11229522
Khan, S., Khan, M. A. (2017). An overview of cyber security policy for organizations. International Journal of Scientific & Engineering Research, 8(11), 1815-1823.
Kim, T. (2021). The Importance of Cybersecurity Updates and Patches. Security Intelligence. https://securityintelligence.com/posts/importance-of-cybersecurity-updates-and-patches/
Klimoski, R. (2016). Critical success factors for cyber security leaders: Not just technical competence. People Strategy, 39, 14–18.
KPMG Turkey. (2019). Türkiye Siber Güvenlik Raporu. KPMG Turkey. KPMG Turkey. https://assets.kpmg/content/dam/kpmg/tr/pdf/2019/03/Siber%20Guvenlik%20Raporu%202019.pdf
Kumar, A. (2018). What is Malware? A Comprehensive Guide to Cyber Threats. Norton. https://us.norton.com/internetsecurity-malware-what-is-malware.html
Kuusisto, R., Kuusisto, T. (2013). Strategic Communication for Cyber-security Leadership. Journal of Information Warfare, 12(3), 41–48. https://www.jstor.org/stable/26486840
Lambrinoudakis, C., Kambourakis, G., Gritzalis, D. (2020). Enhancing cyber security awareness in organizations. International Journal of Information Management, 50, 280-291.
Lehto, M., Limnell, J. (2016). Cyber Security Capability and Case Finland. In Proceedings of the 15th European Conference on Cyber Warfare and Security (ECCWS) (pp. 182–190).
Lehto, M., Limnell, J. (2020). Strategic Leadership in Cyber Security, Case Finland. Information Security Journal: A Global Perspective, 30, 1-10. 10.1080/19393555.2020.1813851.
Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C., Giannakopoulos, G. (2014). The Human Factor Of Information Security: Unintentional Damage Perspective. Procedia Soc. Behav. Sci., 147, 424–428.
National Institute of Standards and Technology (NIST) (2018). Framework for Improving Critical Infrastructure Cybersecurity Version 1.1. NIST. https://www.nist.gov/publications/framework-improving-critical-infrastructure-cybersecurity-version-11
Nobles, C. (2018). Botching Human Factors in Cybersecurity in Business Organizations. Holistica–Journal of Business and Public Administration, 9(3), 71-88.
Oktavianto, R. A., Prabowo, R. (2018). Cybersecurity awareness training using gamification approach: A literature review. Procedia Computer Science, 135, 313-320.
Patel, N. (2020). The Top 10 Cybersecurity Risks of 2020. Security Boulevard. https://securityboulevard.com/2020/02/the-top-10-cybersecurity-risks-of-2020/
Pollini, A., Callari, T.C., Tedeschi, A., Ruscio, D., Save, L., Chiarugi, F., Guerri, D. (2021). Leveraging Human Factors in Cybersecurity: An Integrated Methodological Approach. Cogn. Technol. Work, 24, 371–390.
Ramakrishnan, R. (2019). Why Cybersecurity is Essential for Small and Medium-Sized Businesses. Entrepreneur. https://www.entrepreneur.com/article/336329
SANS Institute. (2021). What is Cybersecurity? SANS Institute. https://www.sans.org/cybersecurity/
Smith, C. (2021). Phishing. Britannica. Retrieved from https://www.britannica.com/topic/phishing
Solms, R. V., Solms, B. (2016). Information security governance simplified: From the boardroom to the keyboard. Apress.
Solove, D. J. (2013). Privacy and the media. Harvard University Press.
Triplett, W.J. (2022). Addressing Human Factors in Cybersecurity Leadership. Journal of Cybersecurity and Privacy, 2, 573–586. https://doi.org/10.3390/jcp2030029
Usta, H., Kurtuldu, H. (2020). Evaluation of information security awareness of healthcare workers. Journal of Information Security and Applications, 55, 102580.
Williams, P. A. (2019). Cybersecurity: A comprehensive overview for directors and executives. Wiley.

Research Journal of Business and Management-Cover

Yayın Aralığı: Yılda 4 Sayı
Başlangıç: 2014
Yayıncı: PressAcademia

Arşiv

Sayıdaki Diğer Makaleler

CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT

Cenk AKSOY

BUSINESS INTELLIGENCE ON FIRM’S PERFORMANCE: THE MEDIATION EFFECTS OF OPEN INNOVATION AND FINANCIAL PERFORMANCE

Mohsen EJRAMI, Nader SALEHI

EFFECT OF SUSTAINABILITY PERCEPTION ON CONSUMER PURCHASING BEHAVIOUR

Tugba Uzunkaya SATIR

ACTIVATION TRIGGERS: RECONCEPTUALIZATION AND REVIEW

Nader SALEHI, Mir Hadi Moazen JAMSHIDI