A Three-Vector Approach to Blind Spots in Cybersecurity

A Three-Vector Approach to Blind Spots in Cybersecurity

Mika Westerlund (Carleton University, Canada), Dan Craigen (Carleton University, Canada), Tony Bailetti (Carleton University, Canada) and Uruemu Agwae (Carleton University, Canada)
Copyright: © 2018 |Pages: 10
DOI: 10.4018/978-1-5225-2255-3.ch147
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Cyberattacks are often successful due to “blind spots” - biases and preconceived information that affect human decision making. Blind spots that obstruct a person's view of malicious activity may result in massive economic losses. This chapter examines eight cases of successful cyberattacks from economic, technological and psychological perspectives to blind spots, termed as “the core vectors”. While previous research has focused on these vectors in isolation, this chapter combines the vectors for an integrated view. As a result, the chapter provides a novel list of blind spots that enable cybercrime.
Chapter Preview
Top

Background

Han and Dongre (2014) list political, economic, and socio-cultural motives as primary motives for cyberattacks, and emphasize that attackers can be organizational insiders or outsiders. Political motives include cyber terrorism against foreign nations or multinationals (Hua & Bapna, 2013) and ethically fighting for justice and human rights (Gandhi et al., 2011). Other motives may be plain entertainment. Regardless, there is a propensity for harm when cyberattacks occur. Understanding what enables these attacks enables mitigation, and will contribute to the theory on blind spots in cybersecurity (Chen, Huang, Xu, & Lai, 2015; Nathan & Petrosino, 2003).

Key Terms in this Chapter

Core Vectors: Economic, technological and psychological perspectives to blind spots; used in combination to obtain a better understanding of what enables cyberattacks.

Attack Scenario: A cybersecurity incident where an attacker was able to gain illegitimate access to a victim’s sensitive information and/or information systems.

Cyberattack: A deliberate exploitation of computer systems, technology-dependent enterprises and networks.

Cybersecurity: The organization and collection of resources, processes, and structures used to protect cyberspace from occurrences that misalign de jure from de facto property rights.

Blind Spots: Various biases and preconceived information that affect organizational and human decision making; enabled by unknowns or false focus on what is relevant.

Complete Chapter List

Search this Book:
Reset