As network technologies reach deeper into our personal, professional, and even political lives, the threats posed by cyber security breaches grow in number and degree. A new study from researchers at the Security Lancaster Institute, Lancaster University, now provides a unique, qualitative analysis for the detection of organisational vulnerabilities.
To determine “how signals of these vulnerabilities can be obtained in a systematic way,” the authors conducted interviews with academics, consultants and security managers. The results gathered indicate that most vulnerability signals are “attentional” in nature, reflecting “biases, gaps and limitations” in the attention that organisations give to the threat of a cyber attack. More robust technology, the authors suggest, can only help so much when organisational biases emphasise physical security over cyber security or minimize cyber security threats by denying their probability so managers can avoid professional embarrassment.
This study offers organisations with critical control systems at risk from cyber security threats an important corrective to overdependence on technology-only solutions by emphasising how much organisational biases make cyber attacks possible.
The study is entitled “Organizational Vulnerability and Cybersecurity Risk to Industrial Control Systems: Developing a Systematic Attentional Framework,” and is by Alberto Zanutto, Sylvain Frey, Karolina Follis, Awais Rashid and Jerry Busby, all from the Security Lancaster Institute, Lancaster University.