Abstract
Cyberdisasters require an organization’s disaster team to be prepared. Disaster events are difficult to predict, but the impact of this risk on an organization is large. However, organizations sometimes struggle in being prepared for disaster situations. Here, awareness of disaster situations when analysing priority disasters (e.g., earthquakes and pandemics) and how to mitigate them can help an organization’s preparedness. Mitigation scenarios need to be determined and simulated so that a disaster team is ready to face disaster. Using Endsley’s situational awareness model and a tabletop exercise, this study aimed to help a disaster team determine cyberdisaster risk priority and assess a team’s preparedness for dealing with a cyberdisaster. The situation awareness model was divided into two stages: awareness of cyberdisaster situations and tabletop evaluations. Awareness of a disaster situation was carried out by determining the highest priority for disaster risk using the fuzzy failure modes and effects analysis (FMEA) method. The results of the first study show that the high-risk category contains ransomware attacks during pandemics and earthquakes. The second study performed a tabletop simulation questionnaire survey of earthquakes and ransomware attacks during a pandemic for several disaster teams with 152 respondents. The results of the survey evaluation of the earthquakes and ransomware attacks simulation survey show that the effect factors of cyberdisaster simulation decisions are 95% system capability (p < 0.05), 90% knowledge (p < 0.05), and 90% awareness of a disaster situation (p < 0.05); these factors show the effect of a disaster team’s decision during a tabletop simulation. The novelty of this research lies in building a model for how an organizational process determines the priority of a cyberdisaster tabletop simulation and the factors that contribute to increasing a disaster team’s awareness in dealing with cyberattacks.
Highlights
Because of numerous countries’ policies for preventing COVID-19 transmission, many organizations have been carrying out teleworking activities during the pandemic
The current paper has presented a process model for increasing the awareness of disaster teams for making decisions in response to cyberattack disasters, ransomware attacks during pandemics and earthquakes
The results indicate that ransomware attacks during earthquakes and or pandemics are a priority risk in terms of cyberdisaster threats with a high risk value
Summary
Because of numerous countries’ policies for preventing COVID-19 transmission, many organizations have been carrying out teleworking activities during the pandemic. Teleworking is the use of information and communication technology, such as smartphones, tablets, laptops or desktop computers, for work outside an organization [1]; teleworking can be performed remotely at home or in a public place with facilities. Teleworking can affect internet usage, amplifying the threat of cyberattacks. Indonesia is a country with the fourth rank of internet users in the world [2]. According to the Indonesian National Cyber and Crypto Agency, Indonesia ranks second in the number of cyberattacks when compared with other countries. In 2020, the number of cyberattacks in Indonesia increased 2.7 times compared with 2019, and the most common cyberattacks are phishing, ransomware and malware [3]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
