Cybersecurity Awareness Training Research Articles

Cybersecurity Practices and International Relations Performance in Rwanda. A Case of Broadband Systems Corporation

Purpose: The general objective of the research was to assess the effect of cybersecurity practices on international relations performance in Rwanda, a case of Broadband Systems Corporation. Specifically, the study determined the effect of cybersecurity policies on the international relations performance in Rwanda, to find out the effect of cybersecurity technology on the international relations performance in Rwanda and to assess the effect of cybersecurity training on the international relations performance in Rwanda. Methodology: Descriptive, correlational, qualitative and quantitative based on primary and secondary data were used in the study. This research aimed to gather data from 229 employees, stakeholders of Broadband Systems Corporation, including company officials, cybersecurity staff and beneficiaries. Using Slovin's approach, the researcher determined the number of participants needed for the sample. Researcher had 146 participants in their sample, out of a total population of 229. The researcher used questionnaires question to gather primary data. The researcher analyzed the data using SPSS (Statistical Package for Social Scientists, version 25) to grasp statistics such as percentage, mean, standard deviation, and frequency. Bivariate correlation analysis was performed to investigate the hypotheses. Findings: The model demonstrates a multiple correlation coefficient (R) of 0.877, signifying a robust positive correlation among cybersecurity policies, cybersecurity technology, and cybersecurity training with the dependent variable, international relations performance in Rwanda. Analysis of Variance results for the regression analysis shows the F-value is 141.583, which indicates a highly significant model fit. The significance level (Sig.) is .000, demonstrating that the predictors cybersecurity technology, cybersecurity policies, and cybersecurity training significantly contribute to explaining variations in international relations performance. Unique Contribution to Theory, Practice and Policy: BSC should implement continuous cybersecurity awareness training to help employees recognize and respond to common cyber threats.

Towards an Innovative Model for Cybersecurity Awareness Training

Towards an Innovative Model for Cybersecurity Awareness Training

Incident Response Simulation Framework

Incident response is a pivotal security role in organizations that aimed to manage incidents quickly and economically. Cybersecurity Incident Response is a valuable development in the mitigation and operational security and data protection methods to safeguard employees and their assets. Cybersecurity awareness training is a powerful approach that leverage companies to cultivate employees into developing their knowledge and awareness of best practices and strategies for safeguarding sensitive data. Incident response is an emerging field due to the exceptional rise in the security breaches. The organizations need to implement such incident responses for the data breaches. The operational teams should be equipped with the hands-on experience of the incidents. The real-world scenarios must be used as a method to enhance the knowledge of the security team. The proposed system responds to such security demands generating an environment to test the security architecture, measure, track and report Cybersecurity KPIs as overall threat exposure to reduce exposure risk. The system is an educative framework for giving a real-world experience to the users and also test their ability and agility to respond to the incidents in the given time and correctly. Keywords—Incident response, Cybersecurity, data breaches, security

Theory-Guided Feature Selection in Cybercrime Data Science

Cybercrime data science is being significantly hampered by the presence of 'noisy' features within vast and complex datasets. We draw from the theoretical insights of the behavioural sciences to propose a feature selection model to enrich and improve the value and interpretability of cybercrime intelligence datasets. We piloted our theory-guided feature selection approach on a subset of intelligence datafeeds provided by a global fraud and cybercrime tracking firm. The results of the proposed social influence feature selection model show significant improvement in the interpretability of the machine learning-based exploratory analysis and advanced visualization techniques in an experimental setting. The feature selection model yielded rich insights about cybercriminal psychological tactics from social engineering scam data and has potential applicability in the areas of cyberthreat response and cybersecurity awareness training. Our study shows the value of an interdisciplinary theory-guided approach to cybercrime data analytics that integrates scientific knowledge from the behavioural sciences and data science expertise. Our paper concludes by suggesting avenues for future research on theory-guided feature selection seeking to incorporate behavioural science knowledge in cybercrime data science. We intend to refine, automate, evaluate, and scale our model in future research to assess its effectiveness in producing insights about cybercriminal activities and informing decision-making in a naturalistic and real-time setting. In future research efforts, we aim to automate the encoding of features and apply a wider range of machine learning tools and evaluation metrics to extract more meaningful insights into cybercriminal psychological tactics. We also intend to refine our model on larger datasets to enhance its efficiency and responsiveness to real-time cybercrime data. We call on data scientists and cybercrime domain experts to work together to apply theory-guided feature selection to improve processes of knowledge discovery that enhance our cybersecurity capabilities.

Infusing Morabaraba game design to develop a cybersecurity awareness game (CyberMoraba)

Numerous studies have confirmed the effectiveness of Cybersecurity Awareness Games (CAGs) in enhancing the security posture of diverse organizations. As these organizations increasingly face the formidable challenge of cyberattacks, implementing serious CAGs to solve this issue has become a paramount concern. This article introduces an innovative approach to cybersecurity education by presenting a serious CAG. The game aims to effectively educate students about critical aspects of cybersecurity awareness engagingly and interactively. The study aimed to redefine cybersecurity awareness training by introducing an indigenous game design that intricately incorporates the traditional South African Morabaraba board game. While the effectiveness of non-indigenous games like "Capture The Flag (CTF)" in cybersecurity training is acknowledged, indigenous designs have been overlooked. This research creatively integrates Morabaraba's gameplay into cybersecurity training, adapting it into a competitive game where players adopt the roles of either defenders or attackers, with corresponding tokens/images symbolizing various cyber defense and attack strategies. Both the defenders and attackers in the game can elevate their awareness scores by strategically positioning defensive or attacking images on the game board. Subsequently, a judging entity assesses the players' moves and assigns scores based on the accuracy of the images placed. The game mirrors real-world scenarios, promoting strategic thinking and leveraging interactive gameplay for practical insights into cybersecurity awareness. Players demonstrate their cybersecurity knowledge through offensive and defensive strategies. A group of 40 students evaluated the game's effectiveness, highlighting its potential to create an engaging and competitive learning environment that imparts cybersecurity principles and practical application. The evaluation of the game mechanics demonstrated a remarkably positive outcome, with students expressing both enjoyment and an enhanced understanding of cybersecurity awareness.

COMPREHENSIVE REVIEW ON CYBERSECURITY: MODERN THREATS AND ADVANCED DEFENSE STRATEGIES

In the rapidly evolving landscape of cyberspace, the prevalence of sophisticated cyber threats has escalated, posing formidable challenges to individuals, organizations, and nations. This comprehensive review explores the contemporary panorama of cybersecurity, focusing on the latest threats and the advanced defense strategies employed to mitigate them. The analysis encompasses a wide spectrum of cyber threats, including malware, ransomware, phishing attacks, and advanced persistent threats (APTs), shedding light on their evolving tactics, techniques, and procedures. The review delves into the intricate world of cybercrime, emphasizing the motives behind attacks and the diverse range of threat actors involved, from individual hackers to state-sponsored entities. By examining recent case studies and real-world incidents, the review provides valuable insights into the dynamic nature of cyber threats, emphasizing the need for proactive and adaptive cybersecurity measures. Furthermore, the review critically evaluates cutting-edge defense mechanisms and strategies deployed to counteract these threats. It explores advancements in artificial intelligence, machine learning, and behavioral analytics, showcasing their pivotal roles in bolstering cybersecurity defenses. Additionally, the review discusses the importance of threat intelligence sharing, collaborative efforts, and international cooperation to fortify the global cyber defense ecosystem. As cybersecurity extends beyond technical measures, the review also addresses the human element, emphasizing the significance of cybersecurity awareness training and the role of employees in fortifying organizational resilience. It scrutinizes regulatory frameworks and compliance standards that play a crucial role in shaping cybersecurity policies and practices. By synthesizing the latest research, industry best practices, and expert insights, this comprehensive review aims to provide a holistic understanding of the current state of cybersecurity, offering practitioners, policymakers, and researchers a valuable resource to navigate the intricate challenges posed by modern cyber threats and to develop effective defense strategies for the digital age.
 Keywords: Cybersecurity, Threats, Defense Strategy, Cyber Threats, Review.

Neurodiversity and Cyber Security Awareness Training

Neurodiversity and Cyber Security Awareness Training

A Critical Review on Cybersecurity Awareness Frameworks and Training Models

Due to its inherent weaknesses, protecting data and maintaining its integrity is crucial in the changing world of cybersecurity. This evaluation employs a quantitative methodology to evaluate several cybersecurity awareness and training approaches to illuminate their efficacy in lowering costs and security incidents for a company while enhancing cyber resilience and security posture. Our thorough research, which is supported by actual evidence, emphasizes the real advantages of clear cybersecurity awareness and training activities. These measures enable businesses to drastically reduce security incidents and realize verifiable cost reductions. Additionally, these initiatives act as accelerators for improving overall cyber resilience, therefore bolstering an organization’s security posture. This in-depth analysis offers a data-driven perspective on these models’ respective capabilities and highlights the critical role that strategic cybersecurity education and awareness play in defending against a constantly changing threat environment.

Effective Technology Integration: Closing the Digital Gap among High School Students

This study investigated the impact of technology integration strategies on digital inclusion among high school students, focusing on reducing disparities in access and digital literacy. Seventy-five out of 1,131 Grade 11 Senior High School students from a private school in Quezon City were surveyed to understand their demographic profiles, barriers to digital access, the effectiveness of digital literacy integration in the curriculum, the support for technology use in classroom activities, and the accessibility and inclusivity of digital resources. The research used a mixed-methods approach to assess digital access disparities and technology integration effectiveness. Quantitative data was used to analyze respondents' demographics and identify technology gaps, while qualitative insights explored contributing factors to digital disparity, ensuring comprehensive evidence and a deeper understanding of the intervention's impact and effectiveness. The findings highlight significant areas of concern, including internet connectivity, financial constraints, and access to digital devices, alongside a need for improved digital literacy, cybersecurity awareness, and teacher training. The results underscore the necessity for comprehensive support mechanisms to promote equitable and inclusive digital learning environments. To address these challenges, the study suggests implementing mechanisms such as financial support for acquiring necessary digital devices, improvements in internet infrastructure, and extensive training programs for teachers to enhance their digital literacy and teaching skills. By doing so, educational institutions can foster a more equitable and inclusive digital learning environment, ensuring that all students, regardless of their socioeconomic status, can access and benefit from technology-enhanced education. This holistic approach aims to bridge the digital divide and promote fairer educational opportunities through strategic technology integration.

Enhancing Cybersecurity Awareness Training through the NIST Framework

Enhancing Cybersecurity Awareness Training through the NIST Framework

The Determinants of Risky Cybersecurity Behaviour: A Case Study Among Employees in Water Sector in Malaysia

Objective: Cybersecurity threats are a growing concern around the world. Research found that the weakest element in the cybersecurity chain is that of the human. The use of security technologies failed to address the problem in instances where employees engage in activities that place themselves and the company at risk. Hence, the role human factors play in cybersecurity is crucial. The present study aims to examine the effects of information security issues awareness, top management support, leadership, information security policy and cybersecurity awareness training on risky cybersecurity behaviour among employees in water sector.
 
 Method: The quantitative method was applied in this study. The data were collected from 425 employees from four water companies located in northern states of Malaysia. The respondents are selected using disproportionate stratified random sampling technique. The survey was conducted using questionnaire. PLS-SEM was used to test the proposed hypotheses.
 
 Results: The results show that security issues awareness and top management support are negatively related to risky cybersecurity behaviour. This suggest that the greater security issues awareness and top management support, lower the tendency to engage in risky cybersecurity behaviour among employees. Contrary to the prediction, cybersecurity awareness training was found to be positively related with risky cybersecurity behaviour.
 
 Conclusions: The findings of the study have several theoretical and practical implications. Security issues awareness and top management support are important factors to avoid threat of cyber-attacks. By ensuring cybersecurity, water security is stored hence the well-being of people is taken care since water is a fundamental need of human lives. The stability and security of the country also can be maintained with secure and sustainable water resiliency. Finally, the economic losses due to cyber-attacks can be reduced.

Leveraging VR/AR/MR/XR Technologies to Improve Cybersecurity Education, Training, and Operations

The United States faces persistent threats conducting malicious cyber campaigns that threaten critical infrastructure, companies and their intellectual property, and the privacy of its citizens. Additionally, there are millions of unfilled cybersecurity positions, and the cybersecurity skills gap continues to widen. Most companies believe that this problem has not improved and nearly 44% believe it has gotten worse over the past 10 years. Threat actors are continuing to evolve their tactics, techniques, and procedures for conducting attacks on public and private targets. Education institutions and companies must adopt emerging technologies to develop security professionals and to increase cybersecurity awareness holistically. Leveraging Virtual/ Augmented/Mixed/Extended Reality technologies for education, training, and awareness can augment traditional learning methodologies and improve the nation’s cybersecurity posture. This paper reviews previous research to identify how distance and remote education are conducted generally, and how Virtual/Augmented/Extended/Mixed reality technologies are used to conduct cybersecurity awareness training, cybersecurity training, and conduct operations. Finally, barriers to adopting these technologies will be discussed. Understanding how these technologies can be developed and implemented provides one potential way of overcoming the cybersecurity workforce gap and increasing the competencies and capabilities of cybersecurity professionals.

Creating a Repeatable Nontechnical Skills Curriculum for the University of Southern Maine (USM) Cybersecurity Ambassador Program (CAP)

The workforce demand for skilled cybersecurity talent has exceeded its supply for years. Historically, the pedagogical approach was to identify and create curricula for the most in-demand technical knowledge, skills, and abilities (KSAs). Unfortunately, the field has tended to neglect nontechnical counterparts. However, recent literature suggests a core set of nontechnical KSAs that employers seek after. This study explored the codification of a nontechnical curriculum for a cybersecurity internship program at the University of Southern Maine (USM). The USM faculty created the Cybersecurity Ambassador Program that can serve students and the community. The service to students is to make them more attractive to employers. The benefit to the community is to provide cybersecurity awareness training to vulnerable populations. This discussion about the USM CAP serves as a case study for other programs considering this type of enrichment using an internship model. CAP started as an informal program, but this research used objective data to create repeatable blueprints. The researchers designed these lesson plans to help students progress from novices to competent in crucial nontechnical skills delineated in the National Initiative for Cybersecurity Education (NICE) Workforce framework. The team used a mixed methods approach to baseline Tier 1/novice students’ skill levels, place them in a cybersecurity enrichment program, track their progress, and determine program efficacy in helping them achieve beginner status. The information shared can serve as a point of departure for a case study that might guide other programs interested in doing similar work.

Self-paced cybersecurity awareness training educating retail employees to identify phishing attacks

ABSTRACT This generic qualitative inquiry study examined the features needing improvement in self-paced cybersecurity awareness training to educate retail employees to identify phishing attacks. The researcher used a thematic analysis to investigate the responses postulated by participants. The researcher evaluated the responses solely based on the transcription of each participant. NVivo 12 performed queries and matched data [1]]. The qualitative analysis revealed the emerging themes. The emerging themes are topics included in self-paced cybersecurity awareness training, methods to improve it, factors affecting motivation to finish it, and its frequency and duration. Findings from this generic qualitative research study will assist security practitioners of the cybersecurity and information technology field in implementing practical self-paced cybersecurity awareness training to affect employees’ safe computing practices to identify phishing attacks.

IMPORTANCE OF CYBERSECURITY AWARENESS TRAINING FOR EMPLOYEES IN BUSINESS

In today's digitally connected business landscape, the increasing reliance on technology exposes organizations to a growing number of cyber threats and security breaches. Cybercriminals exploit vulnerabilities in systems and networks, putting sensitive data, financial assets, and company reputation at risk. To fortify cybersecurity defenses effectively, organizations must recognize the pivotal role of employees. This article emphasizes the significance of cybersecurity awareness training, empowering employees as the first line of defense against cyber attacks and preserving customer trust. A systematic literature review reveals that training employees has a positive impact, reducing security incidents and fostering a culture of cybersecurity consciousness. Tailoring training for remote work enhances the organization's resilience. A holistic security strategy integrating technical measures and policies is crucial. By investing in comprehensive and ongoing cybersecurity awareness training, businesses can proactively protect assets and maintain a secure position in the digital age.

Smart home cybersecurity awareness and behavioral incentives

PurposeSmart-home security involves multilayered security challenges related to smart-home devices, networks, mobile applications, cloud servers and users. However, very few studies focus on smart-home users. This paper aims to fill this gap by investigating the potential interests of adult smart-home users in cybersecurity awareness training and nonfinancial rewards that may encourage them to adopt sound cybersecurity practices.Design/methodology/approachA total of 423 smart-home users between the ages of 25 and 64 completed a survey questionnaire for this study, with 224 participants from Japan and 199 from the UK.FindingsCultural factors considerably influence adult smart-home users’ attitudes toward cybersecurity. Specifically, cultural differences impact their willingness to participate in cybersecurity awareness training, their views on the importance of cybersecurity training for children and senior citizens and their preference for nonfinancial rewards as an incentive for good cybersecurity behavior. These results highlight the need to consider cultural differences and their potential impact when developing and implementing cybersecurity programs that target smart-home users.Practical implicationsThis research has two main implications. First, it provides insights for information security professionals on the importance of designing cost-effective and time-efficient cybersecurity awareness training programs for smart-home users. Second, the findings may assist governments in establishing nonfinancial incentives to encourage greater uptake of cybersecurity practices among smart-home users.Originality/valueThe paper investigates whether adult smart-home users are willing to spend time and money to engage in cybersecurity awareness training and to encourage their children and elderly parents to participate in training, as well. In addition, the paper examines incentives, especially nonfinancial rewards, that may motivate adult smart-home users to adopt cybersecurity behaviors at home. Furthermore, the paper analyses demographic differences among smart-home users in Japan and the UK.

Formulating the Cyber Security Culture in Organizations: Proposing and Arguing Insights

Purpose: This research aims to enhance practical organizational practices and academic research literature by critically investigating the latest findings in cybersecurity culture research through a systematic review of relevant literature and research. Theoretical Framework:This work seeks to summarize key research developments in a research area that remains challenging for companies as they seek to build strong security cultures to protect their information (Tripwire, 2020). And reviewing the legal regulations that must be trained to protect institutions from cyber threats in the Kingdom of Bahrain and Saudi Arabia. Design/Methodology/Approach: The methodology of this study implements a systematic literature review to assess the main components of cybersecurity culture and what good practice can help to build it professionally. Findings: The main results find that current literature must move from a technical approach to information security to a socio-cultural one. Also, this study predicts that cybercrime will increase dramatically and cost the world trillions annually. Research Practical and Social Implications: this study attempts to define human resource management's role in cybersecurity awareness training and therfore the managers can deveplo the necessary rules to secure the organizational information. Originality/Value: The study is within the first studies to be conducted in GCC countries. Moreover, the to build a cyber security culture is unique topic add on to the academic knowledge. Also, can motivate the future studies to focus on efficiently organizing security procedures and enhancing security readiness appraisal consequences by providing more perceptions of imminent threats and security hazards.

Cyber security training in Finnish basic and general upper secondary education

Cyber security in Finland is part of other areas of comprehensive security, as digital solutions multiply in society and technologies advance. Cyber security is one of the primary national security and national defense concerns. Cyber security has quickly evolved from a technical discipline to a strategic concept. Cyber security capacity building can be measured based on the existence and number of research and developments, education and training programs, and certified professionals and public sector agencies.
 Cybersecurity awareness and the related civic skills play an increasingly important role as our societies become more digitalized. Improving citizens' cyber skills through education is an important goal that would strengthen Finland as a country of higher education and expertise and lay the foundation for the society of the future.
 Pursuant to the Finland’s Cyber Security Strategy (2019) “National cyber security competence will be ensured by identifying requirements and strengthening education and research.” Finland’s Cyber Security Development Programme (2021) necessitates that in basic education ensures young people have sufficient skills to operate in a digital operating environment and that they understand cyber security threats and know how to protect themselves from them. So, cybersecurity is an important subject for everyone, not just industry or public organizations. It’s also vital for our children to understand how to stay safe online, and the need to be aware of any dangers that might come their way. Cybersecurity awareness training is important because it teaches pupils how they can protect themselves from cyber-attacks (MTC, 2021).
 The study of cybersecurity education in Finland was made in autumn 2021 and spring 2022 for the National Cyber Security Director. According to the study, measures are needed so that cyber security becomes an important aspect when planning education and teaching. There are different models to choose from to make training more effective. This paper presents the results of the research focusing basic and general upper secondary education.

Malware victimisation and organisational survival: A multi-method exploration of emerging market

The internet has gained widespread acceptance globally since its inception. However, the escalating threats associated with this acceptance are alarming, as cyber fraudsters continually imitate and execute grievous attacks on corporate entities. While much is known about the various dimensions of malware attacks and defense (Sharmeen et al., 2019), little attention has been given to how malware affects the socio-economic survival of organizations in Nigeria, particularly in Cross River State. This article aims to bridge this knowledge gap by presenting empirical evidence on how malware victimization impacts organizational survival in the study area. Through the use of questionnaires and in-depth interviews, a sample of 1,074 research participants, including bank staff, industrial workers, and telecommunication staff, was selected from Cross River State using a multi-stage sampling technique. The findings reveal a significant increase in malware victimization among corporate organizations in Cross River State, resulting in severe consequences for their socio-economic development. To mitigate these risks, the study recommends that organizations strengthen their network security, implement comprehensive cybersecurity awareness training programs for employees, adopt advanced detection and response technologies, and employ mobile security solutions or business internet traffic security measures to ensure their safety.

Evaluating protection motivation based cybersecurity awareness training on Kirkpatrick's Model

ContextCybersecurity behavioral literature has a significant number of studies on training and awareness. However, there is lack of theoretical underpinnings in developing intervention to allow for positive behavioral change and evaluating them. The evaluation of theory based cybersecurity training warrants the use of program evaluation techniques. ObjectiveThe protection motivation theory (PMT) was employed to understand the behavioral change after the implementation of cybersecurity training. The evaluation was done on three levels of Kirkpatrick's evaluation model – reaction, learning and behavior. MethodA pre-post quasi experimental design was adopted in this research. A total of 154 undergraduate students from computing and digital arts backgrounds took part in the research. ResultsThe results of the study showed that the PMT based training was effective in increasing the threat knowledge of the students along with the increase in information of countermeasure strategies. From the two components of the PMT, self-efficacy was found to be the significant predictor of the cybersecurity behavioral intention in both pre-test and post-test PMT models. The cybersecurity training increased the self-efficacy of the students significantly and contributed towards cybersecurity behavioral intention change. The findings of this study imply that in designing the cybersecurity trainings, educators should dominantly take into account the self-efficacy component of the PMT.