Analysis of Trending Topics and Text-based Channels of Information Delivery in Cybersecurity

Computer users are generally faced with difficulties in making correct security decisions. While an increasingly fewer number of people are trying or willing to take formal security training, online sources including news, security blogs, and websites are continuously making security knowledge more accessible. Analysis of cybersecurity texts from this grey literature can provide insights into the trending topics and identify current security issues as well as how cyber attacks evolve over time. These in turn can support researchers and practitioners in predicting and preparing for these attacks. Comparing different sources may facilitate the learning process for normal users by creating the patterns of the security knowledge gained from different sources. Prior studies neither systematically analysed the wide range of digital sources nor provided any standardisation in analysing the trending topics from recent security texts. Moreover, existing topic modelling methods are not capable of identifying the cybersecurity concepts completely and the generated topics considerably overlap. To address this issue, we propose a semi-automated classification method to generate comprehensive security categories to analyse trending topics. We further compare the identified 16 security categories across different sources based on their popularity and impact. We have revealed several surprising findings as follows: (1) The impact reflected from cybersecurity texts strongly correlates with the monetary loss caused by cybercrimes, (2) security blogs have produced the context of cybersecurity most intensively, and (3) websites deliver security information without caring about timeliness much.

Missed training, collateral damage from COVID 19?

Background: during the COVID-19 pandemic a total lockdown was enforced all over Italy starting on March 9th. This resulted in the shrinking of economic activities. In addition, all formal occupational security-training courses were halted, among them the 81/08 law lectures and Basic Life Support-Defibrillation (BLS-D) laymen training courses. The aim of the study was to evaluate the impact of the pandemic on BLS-D laymen training courses in the Lombardy region. Methods: BLS-D training courses records for the Lombardy region were analysed. The analysis was conducted from 2016 to 2020 as part of the Hippo project. Results: between 2017 and 2019 BLS-D trained laymen kept increasing, moving from 53,500 trained individuals up to 74,700. In 2020 a stark reduction was observed with only 22,160 individuals trained. Formal courses were not halted completely during 2020. Still, in the months available for training, the number of individuals enrolled showed a sharp 50% reduction. Conclusions: laymen training courses for emergency management are a fundamental component of primary prevention practice. The 81/08 and 158/12 Italian laws have decreed this practice mandatory on the workplace. Following the enforcement of the lockdown and the subsequent interruption of emergency management courses, efforts will be necessary to re-establish and guarantee the high quality training of the pre-pandemic period.

A Comparative Study in Israel and Slovenia Regarding the Awareness, Knowledge, and Behavior Regarding Cyber Security

With the COVID-19 pandemic, many organizations and institutions moved to e-learning and to e-working from home. With the increase in internet usage, the rate of cyber-attacks have also increased, and this was followed by the request for more cyber security behaviors from employees and students. In the current study, the authors explore the connection between cyber security awareness, cyber knowledge, and cyber security behavior. The authors measured the behaviors among students in two similar countries: Israel and Slovenia. Results show that students felt they had adequate awareness on cyber threat but apply only a few protective measures to protect their devices, usually relatively common and simple ones. The study findings also show that awareness to cyber threats mediate the connection between knowledge and protection behaviors, but only in the case that the knowledge is specific with regard to IT protection courses. Results, implications, and recommendations for effective cyber security training programs for organizations and academic institutions are presented and discussed.

SETA and Security Behavior

This article contends that information security education, training and awareness programs can improve employee security behavior. Empirical studies have analyzed the direct effects of employee security training on security behavior without taking into account the mediating role of employee relations, monitoring, and accountability. Based on employee relations and accountability theories, this study proposes and tests a causal model that estimates the direct effect of employee security training on security behavior as well as its indirect effects as mediated by employee relations, monitoring, and accountability. The empirical analysis relies on a survey data from a cross section of employees from five major industry sectors and a structural equation modeling approach via SmartPLS 3.0. The results show that employee security training has indirect and significant effects on security behavior through its influence on employee relations, monitoring, and accountability. However, the result does not indicate direct and significant effect of security training on employee security behavior.

Techniques and Tools for Trainers and Practitioners

If the material is to be delivered effectively, organizations need to understand the human side of cyber security training. In this chapter, the authors draw upon over a decade of experience in creating and adapting training and resources with the help of industry professionals and feedback from clients, which has led to a successful and highly acclaimed approach to cybersecurity education. The resulting discussion considers how to adopt the right approach to cybersecurity training for organizations, with training modules that cater to end users, and which are designed to ensure maximum retention of information by presenting short, humorous, animated scenarios that are relatable for the target audience.

IT Security Training and Awareness in the Multigenerational Workplace

For many organizations, increased cybersecurity training and employee aware-ness building have already played an increasingly significant role in their cyber-security strategies as a means of ensuring their policies are being followed, yet such organizations tend to offer generic, “one size fits all” training and awareness packages that do not sufficiently recognize important differences among employees. Among these are differences in attitude and outlook associated with generational cohorts. Through an examination of how these cohorts view various fac-tors that influence cybersecurity awareness, as well as the cohorts’ receptivity to different training methodologies, organizations can exploit generational characteristics to maximize the effectiveness of cybersecurity training for Baby Boomers, Generation X, Millennials, and imminently, Generation Z. A clear understanding of the intrinsic relationship between end-users and cybersecurity technology can help cybersecurity professionals act effectively to protect organizations’ critical IT infrastructure. Such effectiveness is more important than ever now, as sudden, massive increase in teleworking brought on by the COVID-19 pandemic, as well as the security challenges associated with this shift, will undoubtedly outlast it.

Re-Visiting Cyber Security Training in the COVID-19 Era

Cyber security training, as many other aspects in our lives, has been adapted to address concerns related to travel restrictions and group gatherings resulting from the COVID-19 pandemic. In this context, ENISA, the European Union Agency for Cybersecurity, had to re-visit and significantly modify its already established course on Information Security Management and ICT security, which is provided under the auspices of the European Security and Defence College (ESDC). The program provides public employees the opportunity to gain the necessary knowledge and skills to assume an Information Security Management role. The restructured course was introduced to address the COVID-19 restrictions and has proven to be equally effective to the classroom-delivered course, if not more effective at some parts. This paper presents the main structure of the fully online training, its innovative elements, and the assessment results which prove that COVID-19 pandemic has triggered the introduction of innovative and successful on-line training scenarios.

ALTERNATIVE SECURITY SOURCES IN NIGERIA: THE AMBIGUITY OF VIGILANTE GROUPS

The rise in crime and insecurity across West Africa and the Sahel has led to the expansion of several regional Non-State Armed Groups (NSAGs). In Nigeria, particularly, the sense of low performance by the security forces has further caused an increase of Community-Based Armed Groups (CBAGs), who have become a fixture in the national security landscape. These CBAGs present a complex challenge to communities, governments, development implementers, and security providers. One of these CBAGs is the Vigilante Groups which are operational at the local and state level. Despite being prohibited by the Constitution of the Federal Republic of Nigeria, armed vigilante groups carry out law enforcement activities in an ever-growing number of states and communities with the tacit, and sometimes explicit, endorsement from the state governments and local authorities. Vigilante Groups have become a double-edged sword: though they provide an apparent needed localized security, they also undermine central authority, violate human rights and commit sporadic violence. Elucidating this ambiguous characteristic of vigilante groups as alternative security sources in Nigeria is the main focus of this paper. We argue that vigilante groups cannot represent a robust and sustained security source due to inadequate security training and the absence of an acclaimed authority, which are inherent characteristics to these groups. This paper utilizes both primary and secondary sources of data collection to arrive at the conclusion that the failure of the federal authorities to both contain and control vigilante groups will further deteriorate and/or disintegrate the internal security apparatus and social fabrics/cohesion of the Nigerian society.