In this chapter, we review the pervasiveness of cyber threats and the roles of both attackers and cyber users (i.e. the targets of the attackers); the lack of awareness of cyber-threats by users; the complexity of the new cyber environment, including cyber risks; engineering approaches and tools to mitigate cyber threats; and current research to identify proactive steps that users and groups can take to reduce cyberthreats. In addition, we review the research needed on the psychology of users that poses risks to users from cyber-attacks. For the latter, we review the available theory at the individual and group levels that may help individual users, groups and organizations take actions against cyber threats. We end with future research needs and conclusions. In our discussion, we first agreed that cyber threats are making cyber environments more complex and uncomfortable for average users; second, we concluded that various factors are important (e.g., timely actions are often necessary in cyber space to counter the threats of the attacks that commonly occur at internet speeds, but also the 'slow and low'attacks that are difficult to detect, threats that occur only after pre-specified conditions have been satisfied that trigger an unsuspecting attack). Third, we concluded that advanced persistent threats (APTs) pose a risk to users but also to national security (viz., the persistent threats posed by other Nations). Fourth, we contend that using "red" teams to search cyber defenses for vulnerabilities encourages users and organizations to better defend themselves. Fifth, the current state of theory leaves many questions unanswered that researchers must pursue to mitigate or neutralize present and future threats. Lastly, we agree with the literature that cyber space has had a dramatic impact on American life and that the cyber domain is a breeding ground for disorder. However, we also believe that actions by users and researchers can be taken to stay safe and ahead of existing and future threats.
The Cyber ProblemIntroduction In our approach to cyber threats, we will review the increasing complexity of, and risks in, the new cyber environment. We will discuss cyber defenses and tools used in defenses, such as the use of engineering to mitigate cyber threats. More fully, we will review and discuss the pervasiveness of cyber-attacks from multiple perspectives: first at the individual level from the perspective of the human attacker and the user, the attacker's target; and second from the perspective of teams and organizations. We end with future research needs and conclusions.