Cyber resilience in supply chain system security using machine learning for threat predictions

Yeboah-Ofori, Abel; Swart, Cameron; Opoku-Boateng, Francisca Afua; Islam, Shareeful

doi:10.1108/crr-10-2021-0034

Cited by 7 publications

(9 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most organizations are integrated into a supply chain systems environment as part of their evolving nature, thus requiring cyber resilience and cybercrime mitigation techniques to ensure business continuity. For instance, Yeboah-Ofori et al (2022) proposed a cyber resilience approach focusing on common critical assets using ML techniques and threat prediction to reduce the attack surface. The paper does not consider evolving organizations as an entity but rather from an integrated and supply chain system perspective.…”

Section: Impart Cybercrime On Organizationsmentioning

confidence: 99%

“…Consequently, these new trends in electronic products and services that the banking industries are using have also brought about a lot of vulnerabilities, threats and attacks to extraordinary levels. Thus, mitigating cybercrimes could provide a cyber resilience environment for organizations to understand the threat landscape and gain situational awareness in the supply chain environment to ensure business continuity (Yeboah-Ofori et al, 2022). For instance, Camillo et al (2012) posit that evolving organizational requirements and varying organizational business process requirements and the continued adoption of web applications, mobile, cloud and social media technologies to facilitate business processes have in recent times, increased opportunities for attackers in terms of online purchases, payments using card payments (Camillo et al, 2012).…”

Section: Introductionmentioning

confidence: 99%

“…The cyberspace and Internet provides organizations the capabilities to evolve and integrate their network system with other organizations and third-party vendors to transact online business locally and globally as it removes barriers and maximizes time to market in a cyber supply chain environment (Pawar and Palivela, 2022; Yeboah-Ofori et al ., 2022). Further, the Covid-19 pandemic has heightened the need for increased dependency on the Internet by organizations to facilitate their business processes and provide greater reach (Thomas and Sule, 2022).…”

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Mitigating cybercrimes in an evolving organizational landscape

Yeboah-Ofori

Opoku-Boateng

2023

CRR

Self Cite

View full text Add to dashboard Cite

PurposeVarious organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their Internet with small and medium scale enterprises (SMEs) and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks and identifies mitigating circumstances to improve security controls in an evolving organizational landscape.Design/methodology/approachThe approach follows two main cybercrime framework design principles that focus on existing attack detection phases and proposes a cybercrime mitigation framework (CCMF) that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models and validation of framework standards to improve security. The novelty contribution of this paper is threefold: first, the authors explore the existing threat landscapes, various cybercrimes, models and the methods that adversaries are deploying on organizations. Second, the authors propose a threat model required for mitigating the risk factors. Finally, the authors recommend control mechanisms in line with security standards to improve security.FindingsThe results show that cybercrimes can be mitigated using a CCMF to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape.Research limitations/implicationsThe paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration and obfuscations.Practical implicationsAttack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence (CTI) gathering, inadequate attack modeling and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes.Social implicationsThere are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage.Originality/valueThe paper’s originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.

show abstract

Section: Impart Cybercrime On Organizationsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Mitigating cybercrimes in an evolving organizational landscape

Yeboah-Ofori

Opoku-Boateng

2023

CRR

Self Cite

View full text Add to dashboard Cite

show abstract

“…A federated learning-based efficient detection model named DFF-SC4N is addressed in [32] to identify intrusions from supply chain 4.0 networks. In the prediction detection for supply chain systems, Logistic Regression, Decision Tree, Naïve Bayes, and Random Forest classification algorithms are considered to learn a dataset for performance accuracies and threat predictions based on the CSC resilience design principles in [33]. However, RL is the only ML technique that can learn without any dataset.…”

Section: Introductionmentioning

confidence: 99%

Secure Change Control for Supply Chain Systems via Dynamic Event Triggered Using Reinforcement Learning under DoS Attacks

Fan,

Zhang,

Xiong

et al. 2024

Electronics

View full text Add to dashboard Cite

In this paper, a distributed secure change control scheme for supply chain systems is presented under denial-of-service (DoS) attacks. To eliminate the effect of DoS attacks on supply chain systems, a secure change compensation is designed. A distributed policy iteration method is established to approximate the coupled Hamilton–Jacobi–Isaacs (HJI) equations. Based on the established reinforce–critic–actor (RCA) structure using reinforcement learning (RL), the reinforced signals, performance indicators, and disturbance input are proposed to update the traditional time-triggered mechanism, and the control input is proposed to update the dynamic event-triggered mechanism (DETM). Stability is guaranteed based on the Lyapunov method under secure change control. The simulation results for supply chain systems show the effectiveness of the secure change control scheme and verify the results.

show abstract