Research Article
BibTex RIS Cite

Year 2023, Volume: 10 Issue: 2, 51 - 57, 30.06.2023

Cenk Aksoy

https://doi.org/10.17261/Pressacademia.2023.1735

Abstract

References

  • Ackerman, G., Volkman, D. (2019). Cybersecurity culture and training: A practitioner’s perspective. Journal of Business Continuity & Emergency Planning, 12(1), 10-17.
  • Ani, U.D. He, H., Tiwari, A. (2019). Human factor security: Evaluating the cybersecurity capacity of the industrial workforce. J. Sys. Info. Technol., 21, 2–35.
  • Antonakakis, N., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J. A., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Lever, C., Ma, J., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., Zhou, Y., & Paxson, V. (2017). Understanding the Mirai botnet. In Proceedings of the 26th USENIX Security Symposium (pp. 1093-1110).
  • Baker, A. (2020). Cybersecurity: The Most Important Tech Skill of the Future. Forbes. https://www.forbes.com/sites/abdullahimuhammed/2020/01/08/cybersecurity-the-most-important-tech-skill-of-the-future/?sh=54d5db5b5
  • Blyth, M., Kovacich, G. (2013). The Routledge Handbook of Computer Security. Routledge.
  • Brown, J. (2017). Equifax hack hit 143 million people, and it’s just the first disaster to come. The Guardian. https://www.theguardian.com/commentisfree/2017/sep/08/equifax-hack-hit-143-million-people-disaster-waiting-to-happen
  • Carpenter, P., Roer, K. (2022). The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer, Wiley, NJ, USA.
  • CISA. (2021). Cybersecurity and Infrastructure Security Agency Strategic Plan 2021-2025. CISA. https://www.cisa.gov/sites/default/files/publications/2021-03/CISA-Strategic-Plan-2021-2025-Public-Final-508.pdf
  • Corradini, I. (2020). Building a Cybersecurity Culture in Organizations: How to Bridge the Gap between People and Digital Technology, Springer Nature, Berlin/Heidelberg, Germany.
  • Goldman, D. (2017). Target data breach: 7 lessons learned. CIO. https://www.cio.com/article/3242597/target-data-breach-7-lessons-learned.html
  • González, L. M. (2018). The role of employee awareness and training in cybersecurity. Journal of International Management Studies, 18(1), 55-60.
  • Gupta, A. (2019). DDoS Attack Types and Tools: All You Need to Know. Cloudflare. https://www.cloudflare.com/learning/ddos/ddos-attack-tools/
  • Hashizume, K., Rosado, D. G., Fernandez-Medina, E. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5. https://doi.org/10.1186/1869-0238-4-5
  • Haynes, J. W., Klass, B. R. (2019). Managing cybersecurity risk: A governance approach. Journal of Business Continuity & Emergency Planning, 13(1), 30-42.
  • Hill, K. (2017). Yahoo says all 3 billion user accounts were hacked in 2013 data theft. Reuters. https://www.reuters.com/article/us-yahoo-cyber/yahoo-says-all-3-billion-user-accounts-were-hacked-in-2013-data-theft-idUSKBN1C9188
  • ISACA. (2019). Cybersecurity: Understanding Cybersecurity Risk Management. ISACA.
  • Johnson, K. (2019). What Is Cybersecurity? Definition, Best Practices & More. Digital Guardian. https://digitalguardian.com/blog/what-cybersecurity-definition-best-practices-more
  • Jones, S. (2015). A Brief History of Cybersecurity. Huffington Post. https://www.huffpost.com/entry/a-brief-history-of-cyber_b_11229522
  • Khan, S., Khan, M. A. (2017). An overview of cyber security policy for organizations. International Journal of Scientific & Engineering Research, 8(11), 1815-1823.
  • Kim, T. (2021). The Importance of Cybersecurity Updates and Patches. Security Intelligence. https://securityintelligence.com/posts/importance-of-cybersecurity-updates-and-patches/
  • Klimoski, R. (2016). Critical success factors for cyber security leaders: Not just technical competence. People Strategy, 39, 14–18.
  • KPMG Turkey. (2019). Türkiye Siber Güvenlik Raporu. KPMG Turkey. KPMG Turkey. https://assets.kpmg/content/dam/kpmg/tr/pdf/2019/03/Siber%20Guvenlik%20Raporu%202019.pdf
  • Kumar, A. (2018). What is Malware? A Comprehensive Guide to Cyber Threats. Norton. https://us.norton.com/internetsecurity-malware-what-is-malware.html
  • Kuusisto, R., Kuusisto, T. (2013). Strategic Communication for Cyber-security Leadership. Journal of Information Warfare, 12(3), 41–48. https://www.jstor.org/stable/26486840
  • Lambrinoudakis, C., Kambourakis, G., Gritzalis, D. (2020). Enhancing cyber security awareness in organizations. International Journal of Information Management, 50, 280-291.
  • Lehto, M., Limnell, J. (2016). Cyber Security Capability and Case Finland. In Proceedings of the 15th European Conference on Cyber Warfare and Security (ECCWS) (pp. 182–190).
  • Lehto, M., Limnell, J. (2020). Strategic Leadership in Cyber Security, Case Finland. Information Security Journal: A Global Perspective, 30, 1-10. 10.1080/19393555.2020.1813851.
  • Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C., Giannakopoulos, G. (2014). The Human Factor Of Information Security: Unintentional Damage Perspective. Procedia Soc. Behav. Sci., 147, 424–428.
  • National Institute of Standards and Technology (NIST) (2018). Framework for Improving Critical Infrastructure Cybersecurity Version 1.1. NIST. https://www.nist.gov/publications/framework-improving-critical-infrastructure-cybersecurity-version-11
  • Nobles, C. (2018). Botching Human Factors in Cybersecurity in Business Organizations. Holistica–Journal of Business and Public Administration, 9(3), 71-88.
  • Oktavianto, R. A., Prabowo, R. (2018). Cybersecurity awareness training using gamification approach: A literature review. Procedia Computer Science, 135, 313-320.
  • Patel, N. (2020). The Top 10 Cybersecurity Risks of 2020. Security Boulevard. https://securityboulevard.com/2020/02/the-top-10-cybersecurity-risks-of-2020/
  • Pollini, A., Callari, T.C., Tedeschi, A., Ruscio, D., Save, L., Chiarugi, F., Guerri, D. (2021). Leveraging Human Factors in Cybersecurity: An Integrated Methodological Approach. Cogn. Technol. Work, 24, 371–390.
  • Ramakrishnan, R. (2019). Why Cybersecurity is Essential for Small and Medium-Sized Businesses. Entrepreneur. https://www.entrepreneur.com/article/336329
  • SANS Institute. (2021). What is Cybersecurity? SANS Institute. https://www.sans.org/cybersecurity/
  • Smith, C. (2021). Phishing. Britannica. Retrieved from https://www.britannica.com/topic/phishing
  • Solms, R. V., Solms, B. (2016). Information security governance simplified: From the boardroom to the keyboard. Apress.
  • Solove, D. J. (2013). Privacy and the media. Harvard University Press.
  • Triplett, W.J. (2022). Addressing Human Factors in Cybersecurity Leadership. Journal of Cybersecurity and Privacy, 2, 573–586. https://doi.org/10.3390/jcp2030029
  • Usta, H., Kurtuldu, H. (2020). Evaluation of information security awareness of healthcare workers. Journal of Information Security and Applications, 55, 102580.
  • Williams, P. A. (2019). Cybersecurity: A comprehensive overview for directors and executives. Wiley.

CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT

Year 2023, Volume: 10 Issue: 2, 51 - 57, 30.06.2023

Cenk Aksoy

https://doi.org/10.17261/Pressacademia.2023.1735

Abstract

Purpose- With the rapid advancement of information and communication technologies, businesses are facing growing security risks. The prevalence, intensity, and complexity of cyber attacks worsen these vulnerabilities, leading to a rising focus on cybersecurity. Enterprises exposed to such cyberattacks might not only face considerable financial losses but also experience data breaches, operational interruptions, harm to their reputation, regulatory penalties, legal expenses, reduced competitive standing, and increased insurance premiums. In this concept study discusses the importance of human factors in cybersecurity management. While organizations spend billions on information technology systems and software to detect and prevent cyber threats, individuals play a critical role in managing these risks.
Methodology- Through a review of literature and statistical data, study examines the factors contributing to cybersecurity breaches, the allocation of resources to address them, and proposes potential solutions.
Findings- In the workplace, most research on cybersecurity focuses on employees as the most important source of vulnerability. In the literature review, it is understood that an employee’s carelessness and lack of awareness pose the greatest risk to cybersecurity. However, businesses often fail to show sufficient attention to human behavior in their efforts to keep organizational data secure and to plan security strategies. It is important to note that effective cybersecurity management requires not only technical controls but also the management of human factors. Meanwhile, security expenditures in enterprises are often disproportionately allocated to technology investments, with 97% being spent on technology investments, despite the fact that over 85% of breaches are attributable to human factors.
Conclusion- In the literature review, it is understood that cybersecurity management is not only related to technical controls, but also the management of human factors is of critical importance. The management of individuals is also an essential cybersecurity responsibility. It is important to adopt a holistic approach to cybersecurity management includes both technical and human perspectives. Cybersecurity awareness has significant benefits for businesses to effectively manage cybersecurity which can be achieved by developing appropriate training programs and foster a cybersecurity culture.

Keywords

Cybersecurity cybersecurity management cybersecurity awareness technology investments human factor

References

  • Ackerman, G., Volkman, D. (2019). Cybersecurity culture and training: A practitioner’s perspective. Journal of Business Continuity & Emergency Planning, 12(1), 10-17.
  • Ani, U.D. He, H., Tiwari, A. (2019). Human factor security: Evaluating the cybersecurity capacity of the industrial workforce. J. Sys. Info. Technol., 21, 2–35.
  • Antonakakis, N., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J. A., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Lever, C., Ma, J., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., Zhou, Y., & Paxson, V. (2017). Understanding the Mirai botnet. In Proceedings of the 26th USENIX Security Symposium (pp. 1093-1110).
  • Baker, A. (2020). Cybersecurity: The Most Important Tech Skill of the Future. Forbes. https://www.forbes.com/sites/abdullahimuhammed/2020/01/08/cybersecurity-the-most-important-tech-skill-of-the-future/?sh=54d5db5b5
  • Blyth, M., Kovacich, G. (2013). The Routledge Handbook of Computer Security. Routledge.
  • Brown, J. (2017). Equifax hack hit 143 million people, and it’s just the first disaster to come. The Guardian. https://www.theguardian.com/commentisfree/2017/sep/08/equifax-hack-hit-143-million-people-disaster-waiting-to-happen
  • Carpenter, P., Roer, K. (2022). The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer, Wiley, NJ, USA.
  • CISA. (2021). Cybersecurity and Infrastructure Security Agency Strategic Plan 2021-2025. CISA. https://www.cisa.gov/sites/default/files/publications/2021-03/CISA-Strategic-Plan-2021-2025-Public-Final-508.pdf
  • Corradini, I. (2020). Building a Cybersecurity Culture in Organizations: How to Bridge the Gap between People and Digital Technology, Springer Nature, Berlin/Heidelberg, Germany.
  • Goldman, D. (2017). Target data breach: 7 lessons learned. CIO. https://www.cio.com/article/3242597/target-data-breach-7-lessons-learned.html
  • González, L. M. (2018). The role of employee awareness and training in cybersecurity. Journal of International Management Studies, 18(1), 55-60.
  • Gupta, A. (2019). DDoS Attack Types and Tools: All You Need to Know. Cloudflare. https://www.cloudflare.com/learning/ddos/ddos-attack-tools/
  • Hashizume, K., Rosado, D. G., Fernandez-Medina, E. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5. https://doi.org/10.1186/1869-0238-4-5
  • Haynes, J. W., Klass, B. R. (2019). Managing cybersecurity risk: A governance approach. Journal of Business Continuity & Emergency Planning, 13(1), 30-42.
  • Hill, K. (2017). Yahoo says all 3 billion user accounts were hacked in 2013 data theft. Reuters. https://www.reuters.com/article/us-yahoo-cyber/yahoo-says-all-3-billion-user-accounts-were-hacked-in-2013-data-theft-idUSKBN1C9188
  • ISACA. (2019). Cybersecurity: Understanding Cybersecurity Risk Management. ISACA.
  • Johnson, K. (2019). What Is Cybersecurity? Definition, Best Practices & More. Digital Guardian. https://digitalguardian.com/blog/what-cybersecurity-definition-best-practices-more
  • Jones, S. (2015). A Brief History of Cybersecurity. Huffington Post. https://www.huffpost.com/entry/a-brief-history-of-cyber_b_11229522
  • Khan, S., Khan, M. A. (2017). An overview of cyber security policy for organizations. International Journal of Scientific & Engineering Research, 8(11), 1815-1823.
  • Kim, T. (2021). The Importance of Cybersecurity Updates and Patches. Security Intelligence. https://securityintelligence.com/posts/importance-of-cybersecurity-updates-and-patches/
  • Klimoski, R. (2016). Critical success factors for cyber security leaders: Not just technical competence. People Strategy, 39, 14–18.
  • KPMG Turkey. (2019). Türkiye Siber Güvenlik Raporu. KPMG Turkey. KPMG Turkey. https://assets.kpmg/content/dam/kpmg/tr/pdf/2019/03/Siber%20Guvenlik%20Raporu%202019.pdf
  • Kumar, A. (2018). What is Malware? A Comprehensive Guide to Cyber Threats. Norton. https://us.norton.com/internetsecurity-malware-what-is-malware.html
  • Kuusisto, R., Kuusisto, T. (2013). Strategic Communication for Cyber-security Leadership. Journal of Information Warfare, 12(3), 41–48. https://www.jstor.org/stable/26486840
  • Lambrinoudakis, C., Kambourakis, G., Gritzalis, D. (2020). Enhancing cyber security awareness in organizations. International Journal of Information Management, 50, 280-291.
  • Lehto, M., Limnell, J. (2016). Cyber Security Capability and Case Finland. In Proceedings of the 15th European Conference on Cyber Warfare and Security (ECCWS) (pp. 182–190).
  • Lehto, M., Limnell, J. (2020). Strategic Leadership in Cyber Security, Case Finland. Information Security Journal: A Global Perspective, 30, 1-10. 10.1080/19393555.2020.1813851.
  • Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C., Giannakopoulos, G. (2014). The Human Factor Of Information Security: Unintentional Damage Perspective. Procedia Soc. Behav. Sci., 147, 424–428.
  • National Institute of Standards and Technology (NIST) (2018). Framework for Improving Critical Infrastructure Cybersecurity Version 1.1. NIST. https://www.nist.gov/publications/framework-improving-critical-infrastructure-cybersecurity-version-11
  • Nobles, C. (2018). Botching Human Factors in Cybersecurity in Business Organizations. Holistica–Journal of Business and Public Administration, 9(3), 71-88.
  • Oktavianto, R. A., Prabowo, R. (2018). Cybersecurity awareness training using gamification approach: A literature review. Procedia Computer Science, 135, 313-320.
  • Patel, N. (2020). The Top 10 Cybersecurity Risks of 2020. Security Boulevard. https://securityboulevard.com/2020/02/the-top-10-cybersecurity-risks-of-2020/
  • Pollini, A., Callari, T.C., Tedeschi, A., Ruscio, D., Save, L., Chiarugi, F., Guerri, D. (2021). Leveraging Human Factors in Cybersecurity: An Integrated Methodological Approach. Cogn. Technol. Work, 24, 371–390.
  • Ramakrishnan, R. (2019). Why Cybersecurity is Essential for Small and Medium-Sized Businesses. Entrepreneur. https://www.entrepreneur.com/article/336329
  • SANS Institute. (2021). What is Cybersecurity? SANS Institute. https://www.sans.org/cybersecurity/
  • Smith, C. (2021). Phishing. Britannica. Retrieved from https://www.britannica.com/topic/phishing
  • Solms, R. V., Solms, B. (2016). Information security governance simplified: From the boardroom to the keyboard. Apress.
  • Solove, D. J. (2013). Privacy and the media. Harvard University Press.
  • Triplett, W.J. (2022). Addressing Human Factors in Cybersecurity Leadership. Journal of Cybersecurity and Privacy, 2, 573–586. https://doi.org/10.3390/jcp2030029
  • Usta, H., Kurtuldu, H. (2020). Evaluation of information security awareness of healthcare workers. Journal of Information Security and Applications, 55, 102580.
  • Williams, P. A. (2019). Cybersecurity: A comprehensive overview for directors and executives. Wiley.
There are 41 citations in total.

Details

Primary Language English
Subjects Business Administration
Journal Section Articles
Authors

Cenk Aksoy 0000-0002-7481-0837

Publication Date June 30, 2023
Published in Issue Year 2023 Volume: 10 Issue: 2

Cite

APA Aksoy, C. (2023). CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT. Research Journal of Business and Management, 10(2), 51-57. https://doi.org/10.17261/Pressacademia.2023.1735
AMA Aksoy C. CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT. RJBM. June 2023;10(2):51-57. doi:10.17261/Pressacademia.2023.1735
Chicago Aksoy, Cenk. “CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT”. Research Journal of Business and Management 10, no. 2 (June 2023): 51-57. https://doi.org/10.17261/Pressacademia.2023.1735.
EndNote Aksoy C (June 1, 2023) CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT. Research Journal of Business and Management 10 2 51–57.
IEEE C. Aksoy, “CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT”, RJBM, vol. 10, no. 2, pp. 51–57, 2023, doi: 10.17261/Pressacademia.2023.1735.
ISNAD Aksoy, Cenk. “CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT”. Research Journal of Business and Management 10/2 (June 2023), 51-57. https://doi.org/10.17261/Pressacademia.2023.1735.
JAMA Aksoy C. CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT. RJBM. 2023;10:51–57.
MLA Aksoy, Cenk. “CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT”. Research Journal of Business and Management, vol. 10, no. 2, 2023, pp. 51-57, doi:10.17261/Pressacademia.2023.1735.
Vancouver Aksoy C. CRITICAL SUCCESS FACTORS FOR CYBERSECURITY JUST TECHNICAL? EXPLORING THE ROLE OF HUMAN FACTORS IN CYBERSECURITY MANAGEMENT. RJBM. 2023;10(2):51-7.

Research Journal of Business and Management (RJBM) is a scientific, academic, double blind peer-reviewed, quarterly and open-access online journal. The journal publishes four issues a year. The issuing months are March, June, September and December. The publication languages of the Journal are English and Turkish. RJBM aims to provide a research source for all practitioners, policy makers, professionals and researchers working in all related areas of business, management and organizations. The editor in chief of RJBM invites all manuscripts that cover theoretical and/or applied researches on topics related to the interest areas of the Journal. RJBM publishes academic research studies only. RJBM charges no submission or publication fee.

Ethics Policy - RJBM applies the standards of Committee on Publication Ethics (COPE). RJBM is committed to the academic community ensuring ethics and quality of manuscripts in publications. Plagiarism is strictly forbidden and the manuscripts found to be plagiarized will not be accepted or if published will be removed from the publication. Authors must certify that their manuscripts are their original work. Plagiarism, duplicate, data fabrication and redundant publications are forbidden. The manuscripts are subject to plagiarism check by iThenticate or similar. All manuscript submissions must provide a similarity report (up to 15% excluding quotes, bibliography, abstract, method).

Open Access - All research articles published in PressAcademia Journals are fully open access; immediately freely available to read, download and share. Articles are published under the terms of a Creative Commons license which permits use, distribution and reproduction in any medium, provided the original work is properly cited. Open access is a property of individual works, not necessarily journals or publishers. Community standards, rather than copyright law, will continue to provide the mechanism for enforcement of proper attribution and responsible use of the published work, as they do now.