Article Preview
Top1. Introduction
Cyberattacks on high-profile targets leverage a combination of user, technical, and organizational vulnerabilities to gain illegal entry into the system. Hence, preventing them at the security perimeter and detecting them once they enter the system is a challenge and a growing threat worldwide. Their prevention and mitigation require adopting a holistic approach to information system (IS) security management that addresses both hard and soft factors (Özbayrak et al., 2007; Trček, 2006) in IS. Cyberattacks that take the form of advanced persistent threats (APTs) are dynamic threats that necessitate dynamic defenses (Huang & Zhu, 2018). Subsequently, a dynamic mechanism (namely, one in which entities interact with one another) describes how target objects affect each other in a specific field, much like the APT vector targets an organization’s network (Xu et al., 2022).
Integrating IS research with system dynamics (SD) involves studying the design, implementation, management, and effects of IS on people, organizations, and markets (Georgantzas & Katsamakas, 2008). SD is an approach to computer-based systems used to understand and model the behavior of transient systems in which the sociotechnical variables are dynamic. Specifically, SD aims to uncover the effects of multiple sociotechnical variables that act at various critical points in a system and to provide the decision-maker with “what if” questions concerning probable transitory system behaviors, boosting understanding of the causes of previously unexpected behavioral patterns. Real-world dynamic systems are characterized by interdependence, mutual interaction, information feedback, and circular causality (Martinez-Moyano et al., 2008) that can be simulated to visualize APT attack scenarios. Accordingly, simulations are used to model the dynamics of threats to analyze the behavior of complex systems over time (Hunker & Probst, 2011). A comprehensive APT threat mitigation strategy must consider user vulnerabilities, technical vulnerabilities, and organizational factors to provide a holistic view of the dynamics of APT attack scenarios.
APT attacks involve exploiting multiple systems and the use of advanced penetration tools or methods. Additionally, they are persistent in penetration, move stealthily within the environment, can stay unnoticed, escalate the privileges (i.e., unauthorized access) at each level (Alshamrani et al., 2019), exploit multiple vulnerabilities (Zhu & Rass, 2018), deploy remotely controlled infected machines, exfiltrate data (Zimba et al., 2020), and normally target the internetworked computer user at the workplace (Nicho & McDermott, 2019). With 95% of cybersecurity breaches being caused by human error (Forum, 2022), an SD approach can unravel the interaction of sociotechnical variables leading to the breach, as APT vulnerabilities are a major issue for managers in information security due to the combination of technical and nontechnical factors (Nicho & Khan, 2018).
IS security is a major concern for businesses that depend on information technology, as it is not easy to identify the dynamic increase in sociotechnical variables leading to cybersecurity breaches. Hence, it is necessary to learn how to spot cyberthreats using innovative methods such as SD, which helps identify, understand, and analyze the interaction of multiple dynamic variables and create ‘what if’ scenarios in the information security domain. APT attacks have a high likelihood of success due to the deployment of innovative sociotechnical variables, leading to a potentially higher impact on the organizational networks. The authors thus investigated previous research on SD and APTs to assist managers in framing security policies that minimize the risk of security failures. The authors then used SD to select and analyze three cases of reported breach incidents and extract the relevant sociotechnical variables that play a major role in determining the security level of organizational networks.