Detecting Cybersecurity Threats: The Role of the Recency and Risk Compensating Effects

Safi, Roozmehr; Browne, Glenn J.

doi:10.1007/s10796-022-10274-5

Cited by 4 publications

(1 citation statement)

References 59 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This fluency leads to an overemphasis of recent events or experiences when making predictions about the future, similar to the availability heuristic (Tversky & Kahneman, 1974). Safi and Browne (2022) found in that cyber operators doing security checks were more likely to re-check if the previous one had caught an incident, despite there being no relationship between incidents. Another pointed out the dangers of action bias—the tendency to act, versus not—for cyber incident response in general (Dykstra et al, 2022).…”

Section: Introductionmentioning

confidence: 94%

Exploratory Analysis of Decision-Making Biases of Professional Red Teamers in a Cyber-Attack Dataset

Gutzwiller,

Rheem,

Ferguson-Walter

et al. 2023

Journal of Cognitive Engineering and Decision Making

View full text Add to dashboard Cite

Attacker psychology is currently under-examined in cybersecurity research. A prior, large-scale study sought to understand attackers’ behavior by testing both technological and psychological deception. Professional “red team” members participated over two days in various conditions. This data was examined for further evidence that cognitive biases, a potential disruption for attackers, may be present, and may be affecting the outcome. An applied, novel methodology for measuring confirmation bias and framing effects is presented using this realistic dataset. Both confirmation bias and the framing effect occurred in this interpretation. The framing effect appears to have reduced attacker interactions with systems in the network, which may benefit cyber defenders. These results provide additional, exploratory evidence that biases in the decision-making of cyber attackers could be used as part of a defensive cyber strategy. Limitations to the approach and directions for future study of attackers are discussed.

show abstract

Section: Introductionmentioning

confidence: 94%

Exploratory Analysis of Decision-Making Biases of Professional Red Teamers in a Cyber-Attack Dataset

Gutzwiller,

Rheem,

Ferguson-Walter

et al. 2023

Journal of Cognitive Engineering and Decision Making

View full text Add to dashboard Cite

show abstract

Early Attack Detection and Resolution in Sensor Nodes to Improve IoT Security

Nyathi,

Prasad

2023

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

Dynamics of Shared Security in the Cloud

Clement,

Arce

2024

Information Systems Research

View full text Add to dashboard Cite

This paper shows that shared security in the cloud manifests a new public goods paradigm owing to the dynamics of cloud economics and endogeneity between usage, vulnerability, and security. Users must balance the need for security with the risk of becoming locked into a particular cloud services provider (CSP) over time. CSP managers must recognize that security competition is neither a race to the bottom nor an arm’s race. Our results provide guidelines for designing a vulnerability prediction algorithm that emphasizes CSP managers’ understanding of users’ risk and time preferences. In addition, CSP managers should be aware of the nature of security technologies and associated costs, aiming to simplify security architecture and reduce future orchestration expenses. Over the long term, cloud users should consider judiciously repatriating cloud assets as taking refuge in the cloud presents a dynamic fallacy of composition.

show abstract

Detecting Cybersecurity Threats: The Role of the Recency and Risk Compensating Effects

Cited by 4 publications

References 59 publications

Exploratory Analysis of Decision-Making Biases of Professional Red Teamers in a Cyber-Attack Dataset

Exploratory Analysis of Decision-Making Biases of Professional Red Teamers in a Cyber-Attack Dataset

Early Attack Detection and Resolution in Sensor Nodes to Improve IoT Security

Dynamics of Shared Security in the Cloud

Contact Info

Product

Resources

About