Abstract
This paper focuses on understanding the characteristics of multiple types of cyber-attacks through a comprehensive evaluation of case studies of real-world cyber-attacks. For each type of attack, we identify and link the attack type to the characteristics of that attack and the factors leading up to the attack, as observed from the review of case studies for that type of attack. We explored both the quantitative and qualitative characteristics for the types of attacks, including the type of industry, the financial intensity of the attack, non-financial intensity impacts, the number of impacted customers, and the impact on users’ trust and loyalty. In addition, we investigated the key factors leading up to an attack, including the human behavioral aspects; the organizational–cultural factors at play; the security policies adapted; the technology adoption and investment by the business; the training and awareness of all stakeholders, including users, customers and employees; and the investments in cybersecurity. In our study, we also analyzed how these factors are related to each other by evaluating the co-occurrence and linkage of factors to form graphs of connected frequent rules seen across the case studies. This study aims to help organizations take a proactive approach to the study of relevant cyber threats and aims to educate organizations to become more knowledgeable through lessons learned from other organizations experiencing cyber-attacks. Our findings indicate that the human behavioral aspects leading up to attacks are the weakest link in the successful prevention of cyber threats. We focus on human factors and discuss mitigation strategies.
Highlights
Accepted: 25 October 2021Cyber threats are increasing for all entities, including individuals, small businesses and large corporations, leading to a varying degree of loss
Based on the factors we interpreted through the case study evaluation depicted in Table 2, we wanted a map to discover any frequent patterns across case studies
We ran Association Rule Mining (ARM) on the case study data we gathered in Table 2 that match with the associations of cyber threats intuitively, as well
Summary
Accepted: 25 October 2021Cyber threats are increasing for all entities, including individuals, small businesses and large corporations, leading to a varying degree of loss. Even amateur-led cyber-attacks can lead to massive disruptions. There are well-studied areas of physical threats, such as fire and flood hazards; we still lack a deeper understanding of cyber-attacks. Prior events are studied and analyzed, and the lessons learnt are utilized for the future handling of such events. We take this approach to study a vast array of cyber-attacks, in order to understand and inform the decision making and mitigation strategies for different types of cyber-attacks. We classify real-world cyber-attack case studies based on different types of attacks, analyze the major factors contributing to these attacks, and discuss possible mitigation strategies. Our aim is to provide knowledge which can be used to potentially prevent organizations from being victims of cyber threats by studying existing cyber-attacks
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
