freegr

Έρευνα εξετάζει συμπεριφορές καταναλωτών και κυβερνοασφάλεια-New survey for consumers


Η ESET, εταιρεία κυβερνοασφάλειας, ανακοίνωσε την εκπόνηση παγκόσμιας έρευνας για την Χρηματοοικονομική Τεχνολογία (Financial Technology – FinTech) με τη συμμετοχή πάνω από 10.000 καταναλωτών και ανωτέρων στελεχών επιχειρήσεων από το Ηνωμένο Βασίλειο, τις ΗΠΑ, την Αυστραλία, την Ιαπωνία, το Μεξικό και τη Βραζιλία. Οι συμμετέχοντες απάντησαν σε σειρά ερωτήσεων σχετικά με τη Χρηματοοικονομική Τεχνολογία, την κυβερνοασφάλεια και τη συμβολή αυτών στη διασφάλιση των χρηματοοικονομικών στην COVID-19 εποχή, υπό το φως των μέτρων καραντίνας που επιβλήθηκαν λόγω της πανδημίας του κορονοϊού. 
 Η έρευνα εξετάζει σειρά θεμάτων σε σχέση με τη Χρηματοοικονομική Τεχνολογία τόσο για τους καταναλωτές όσο και για τις επιχειρήσεις. Μεταξύ αυτών εξετάζει τις ανησυχίες σχετικά με την ασφάλεια των χρηματοοικονομικών, των συναλλαγών και των χρηματοοικονομικών δεδομένων, τον τρόπο χρήσης και τη στάση απέναντι στις εφαρμογές FinTech, καθώς και τις επιχειρηματικές προοπτικές των λύσεων FinTech στην μετα-COVID εποχή. 
 Το τμήμα της έρευνας για τους καταναλωτές έδειξε ότι το 40% των καταναλωτών παγκοσμίως χρησιμοποιούν μεταξύ μιας και τριών εφαρμογών FinTech, αλλά μόνο οι μισοί από αυτούς έχουν εγκατεστημένο λογισμικό ασφαλείας σε όλες τις προσωπικές τους συσκευές. Επιπλέον, το 62% αυτών χρησιμοποιεί εφαρμογή password manager για τη σύνδεση στους λογαριασμούς του. Συγκριτικά, μόνο το 22% των καταναλωτών παγκοσμίως θα μπορούσε να χαρακτηριστεί ως “FinTech adopters” που χρησιμοποιούν τέσσερεις ή περισσότερες εφαρμογές χρηματοοικονομικής τεχνολογίας. Από αυτούς, ένα 63% προστατεύει όλες τις συσκευές του με λογισμικό ασφαλείας. 
 Η Χρηματοοικονομική Τεχνολογία θα διαδραματίσει κρίσιμο ρόλο στην οικονομική ανάκαμψη των πολιτών και της κοινωνίας μετά τον COVID-19 και είναι σημαντικότερο από ποτέ οι λύσεις FinTech να προστατεύονται επαρκώς. Η ασφάλεια και η προστασία των καταναλωτών και των επιχειρήσεων είναι κομβικής σημασίας για την ESET και η παγκόσμια έρευνα έχει πραγματοποιηθεί προκειμένου να εντοπιστούν οι αναδυόμενες και οι τρέχουσες τεχνολογίες που παίζουν κεντρικό ρόλο στη ζωή των ανθρώπων, και οι στάσεις που έχουν έναντι αυτών. Η έρευνα εξετάζει και άλλες τεχνολογίες, όπως κρυπτονομίσματα και bitcoin, blockchain, τραπεζικές υπηρεσίες που προσφέρονται μόνο online και άλλα. 
 O Ignacio Sbampato, Chief Business Officer της ESET δήλωσε: ”Είμαστε υπερήφανοι που βρισκόμαστε στην πρώτη γραμμή της τεχνολογικής καινοτομίας και ασφάλειας, και αυτή η έρευνα το καταδεικνύει. Η παγκόσμια έρευνα Χρηματοοικονομικής Τεχνολογίας θα μας επιτρέψει να διερευνήσουμε τις συμπεριφορές απέναντι στην αναδυόμενη και την καθιερωμένη τεχνολογία και να ενημερώσουμε τους καταναλωτές όσο και τις επιχειρήσεις για τις λύσεις μας ώστε να διασφαλίσουμε ότι προστατεύονται πάντα με τα υψηλότερα πρότυπα. Θέλουμε να βοηθήσουμε τους ανθρώπους, τόσο σε προσωπικό όσο και επαγγελματικό επίπεδο, να κατανοήσουν και να καταπολεμήσουν τους κινδύνους που συνεπάγεται η χρήση οποιασδήποτε τεχνολογίας και για να το κάνουμε αυτό, πρέπει να πιάσουμε τον παλμό των νέων τεχνολογικών τάσεων”. Το μεγαλύτερο μέρος αυτής της έρευνας θα παρουσιαστεί κατά τους πρώτους μήνες του 2021. Για περισσότερα στοιχεία, επισκεφθείτε τις διευθύνσεις eset.com/blog και welivesecurity.com/category/fintech.

Organizational science and cybersecurity: abundant opportunities for research at the interface

Abstract

Cybersecurity is an ever-present problem for organizations, but organizational science has barely begun to enter the arena of cybersecurity research. As a result, the “human factor” in cybersecurity research is much less studied than its technological counterpart. The current manuscript serves as an introduction and invitation to cybersecurity research by organizational scientists. We define cybersecurity, provide definitions of key cybersecurity constructs relevant to employee behavior, illuminate the unique opportunities available to organizational scientists in the cybersecurity arena (e.g., publication venues that reach new audiences, novel sources of external funding), and provide overall conceptual frameworks of the antecedents of employees’ cybersecurity behavior. In so doing, we emphasize both end-users of cybersecurity in organizations and employees focused specifically on cybersecurity work. We provide an expansive agenda for future organizational science research on cybersecurity—and we describe the benefits such research can provide not only to cybersecurity but also to basic research in organizational science itself. We end by providing a list of potential objections to the proposed research along with our responses to these objections. It is our hope that the current manuscript will catalyze research at the interface of organizational science and cybersecurity.

If you are reading this manuscript, you have almost certainly been the victim of a cyber data breach. No sooner have you figured out how to acquire your free credit monitoring after the Equifax data breach than you learn that Capital One Bank’s data have been accessed by an intruder. Financial agencies and credit card companies are frequent targets of intruders because of the nature of the personal data collected by the organizations. However, data breaches are by no means limited to the financial services sector: for instance, a review of breaches that occurred in 2019 conducted by Norton Internet Security (Porter, 2019) included those affecting the entertainment sector (e.g., Evite), the food delivery sector (e.g., DoorDash), the healthcare industry (e.g., American Medical Collection Agency, Zoll Medical), educational institutions (e.g., Georgia Tech), and government agencies (e.g., the Federal Emergency Management Agency). Data breaches, in other words, are prevalent across a wide spectrum of organizations.

Data breaches are also not limited by the size of the organization. A recent Data Breach Investigations Report notes that 43% of targeted attacks were directed at small businesses (Verizon, 2019) and a recent Security Threat Report notes that “employees of small organizations were more likely to be hit by email threats – including spam, phishing, and email malware – than those in large organizations” (Symantec, 2019, p. 25). Data breaches are not limited by geography either. Although the Office of Personnel Management data breach that exposed the personally identifiable information of over 20 million individuals may have dominated media headlines in the United States in 2015, no geographical location is immune to a cybersecurity breach. Recent global events include the 2019 attack on Cebuana Lhuillier, which affected 900,000 customers of the Philippines-based organization (Merez, 2019), and the 2018 attack on SingHealth, which left 1.5 million Singaporean patients (approximately 25% of the country’s population) with their personal health information compromised (Vincent, 2018).

Indeed, most organizations possess sensitive customer information (e.g., medical records, educational records, payment card data, personally identifiable information, and purchasing patterns) as well as corporate intellectual property (Posey, Raja, Crossler, & Burns, 2017). Although cybersecurity is an issue affecting virtually all organizations and their employees, the overwhelming majority of published cybersecurity research currently originates not from peer-reviewed organizational science journal articles but rather from mass media articles, corporate technical reports, and peer-reviewed journal articles from the disciplines of computer science, information systems, and information technology (e.g., Porter, 2019; Verizon, 2019). Cybersecurity attacks and breach prevention do have obvious connections with more technology-oriented disciplines, but technical expertise is not the only commodity that can aid in understanding and ameliorating cyberattacks. As a recent CNN article notes, “hackers” do not rely solely on computers to infiltrate organizational computer networks (O’Sullivan, 2019). Rather, attackers often use “social engineering” tactics to gain access to organizational networks and information they would otherwise be unable to obtain. Social engineering refers to the use of deception, manipulation, and persuasion by an attacker to attain unauthorized information from another person (Krombholz, Hobel, Huber, & Weippl, 2015; see also Table 1). Thus, cyber breaches often occur as a direct result of employees’ susceptibility to these types of attacks (e.g., being deceived into giving information) and employees’ errors and mistakes (Im & Baskerville, 2005), in addition to employees’ malicious and non-malicious noncompliance with policy (Willison & Warkentin, 2013).

Table 1 Cybersecurity Terms Relevant to Organizational Scientists

Given the “human factor” involved in so many cybersecurity events and given that so many cybersecurity events occur in organizational contexts where the human factor involves employees, we assert that organizational scientists should be at the forefront of studying employee behavior that leads to negative cybersecurity outcomes. There is a rapidly growing cybersecurity crisis in organizations (Dreibelbis, Martin, Coovert, & Dorsey, 2018), and this manuscript highlights how organizational scientists can best help with this challenge.Footnote1

Because the aim of this manuscript is to introduce a broad spectrum of organizational researchers to cybersecurity-relevant research, we have assumed very little prior knowledge of cybersecurity on the part of the reader. We moreover felt it important to cover a variety of topics rather than provide an in-depth treatment of a few topics. Accordingly, an important avenue for future research involves a series of narrower review papers targeted at individual topics within the broad domain surveyed here. Finally, although a variety of organizational science perspectives can (and should) fruitfully be brought to bear on cybersecurity, the authors of this manuscript possess expertise primarily in psychology and micro-organizational behavior—and it is therefore these perspectives that feature to a disproportionate extent in the manuscript. Accordingly, another important avenue for future research involves a companion overview paper from a macro-organizational science perspective.

We begin the focal part of this manuscript by defining organizational cybersecurity as well as key terms in organizational cybersecurity. Next, we illuminate the unique opportunities facing organizational scientists in their cybersecurity endeavors. Subsequent to this, we provide overall conceptual frameworks of the antecedents of employees’ cybersecurity behavior. In so doing, we focus not only on employees whose job formally involves deterring, detecting, and mitigating cyber threats to the organization, but also on the much larger number of “regular” employees, who, though not formally responsible for cybersecurity, may inadvertently or deliberately expose the organization to cyber threats. Because our goal is to motivate and facilitate organizational science research in the cybersecurity domain, we provide an expansive agenda for future organizational science research on cybersecurity—and we describe the benefits of such research not only to cybersecurity but also to organizational science itself. We end by providing a list of potential objections to such a research agenda, along with our responses to such objections.

About Freegr network

Από το Blogger.