Cybersecurity Training Research Articles

Evaluation of Cyber Security Activities and Training Studies in Türkiye

Araştırmada, Türkiye’de siber güvenlik alanındaki son yirmi yılda yapılan çalışmaların derlenmesi, siber güvenlik strateji ve politikalarının incelenmesi ve elde edilen sonuçlar ile artı ve eksi tarafların belirlenmesi amaçlanmıştır. Araştırmanın amacı çerçevesinde, 2001 yılından günümüze siber güvenlik alanında yayımlanmış kitaplar, Ulusal tez merkezi, Sobiad, Turcademy ve Dergipark’ta yayımlanan tez, dergi ve makaleler ile Türkiye’nin Siber Güvenlik Strateji ve Politikaları incelenmiştir. Çalışmada akademik alanda hangi üniversitelerde siber güvenlik bölümlerinin kurulduğu ve hangi programlarda eğitim öğretim faaliyetinde bulunulduğuna da değinilmiştir. Ayrıca siber saldırılardan en çok etkilenen kurumlar, Türkiye’de siber güvenlik alanında öncü kurum ve kuruluşlara değinilmiş ve bunların politikaları üzerinde durulmuştur. Yine Türkiye’de eksikliği hissedilen önemli konulardan birisi olan siber güvenliğin mevzuatı boyutu ele alınmış, siber güvenlikle alakalı Cumhurbaşkanlığı Mevzuat Bilgi Sistemi üzerinden Kanunlar ve Yönetmelikler incelenmiştir. Son olarak elde edilen önemli sonuçlar, kişisel olarak siber güvenlik alanında yapılması gerekenler ve Türkiye'de siber güvenlik alanındaki tehditler değerlendirilmiştir. Çalışma siber güvenlik alanındaki eksikliklerin tespit edilmesi açısından önemli bir çalışma olmuştur.

Cyber Warfare and Cyber Terrorism Threats Targeting Critical Infrastructure: A HCPS-based Threat Modelling Intelligence Framework

Acts of cyber warfare and cyber terrorism (CWCT) that target a nation's critical infrastructure (CI) are quickly becoming a larger threat to national security than conventional kinetic warfare strategies. Adversaries or potential adversaries can target a nation's electrical grids, telecommunications, financial services, transportation, healthcare systems, and other forms of CI. These acts pose a major threat to a nation's CI and consequently exposes citizens to public health, safety, security, and economic development risks. Identifying cyber vulnerabilities and threats can help nations to improve their CI defence strategies. There is a crucial need for research that can aid in understanding the major types of CI threats and by what method they might occur. This paper conducts a systematic literature review to develop an initial threat intelligence framework of CWCT attacks on CI. Drawing from a Human–Cyber–Physical Systems (HCPS) lens, the threat intelligence framework classifies CWCT attacks according to the methods, weapons, vulnerabilities, targets and impact of the CWCT attack. The cyber warfare community can extend the proposed HCPS-based threat intelligence framework to develop more advanced cyber security mitigation strategies, training scenarios and simulations. Large-scale monitoring of CI threats requires in-depth threat intelligence analysis and a collaborative defence strategy. This calls for a higher degree of coordination and orchestration between the military, intelligence agencies, government departments, multinational allies, regulators, and commercial entities. Future research can customize the proposed HCPS-based threat intelligence framework to cater for the unique threats facing specific CI domains.

Participants Prefer Technical Hands-on Cyber Exercises Instead of Organisational and Societal Ones

The current shortage of cybersecurity professionals is about 2 million people worldwide, and in Europe the industry is seeking for about 350 000 skilled professionals. There is also an enormous need for dedicated cybersecurity training courses for existing professionals who wish to acquire completely new skills or maintain their current ones. Due to the lack of new skilled workforce, the current cybersecurity personnel are overworked in their work. In order not to waste the valuable time of cybersecurity professionals with unnecessary training, cyber exercises should be well prepared. This article is based on research conducted in a European collaborative project and more specifically, a cyber exercise organised in early 2022. The purpose of our research was to conduct a preliminary assessment of the participants to learn about their skills and expectations before the cyber exercise. This assessment was used for fine-tuning the exercise. To achieve this, we identified common trends in the participants’ interests during the cyber exercise. The preliminary assessment was carried out as a web survey. The responses were cross tabulated to find meaningful indicators related to skills and interests of the participant group. We identified the most and least preferred knowledge areas for both the industry and public sector participants. Our findings show that the most interesting knowledge areas of all respondents were primarily technical in nature (Data Security, Connection Security, System Security), but Organisational Security was also reported. The least interesting knowledge areas were mostly non-technical in nature (Human Security, Organisational Security, Societal Security) but also Component Security was reported. We also enquired about the preferred team size. The majority of the respondents preferred a team size of three to four persons. The preferred single session duration was 46–60 minutes. The results help cybersecurity professionals to match their knowledge needs with the existing cybersecurity proposition and to determine the right and most beneficial training for them. The results also assist the providers of cyber training and other exercises to describe the targeted development of specific cybersecurity and other knowhow in a coherent, standard-like, way.

Demand Analysis of the Cybersecurity Knowledge Areas and Skills for the Nurses: Preliminary Findings

The purpose of this paper is to present a preliminary analysis of the cybersecurity market demand in the nursing and health sector. Currently, the market demand study is ongoing under the Digital Europe Programme CyberSecPro project, which strengthens the role of higher education institutions as a provider of practical and working life skills. The project promotes reliable digital transformation in critical sectors, such as healthcare. The rapid development of e-health emphasizes the central position of cybersecurity in healthcare organizations that are increasingly the targets of cyber-attacks. This descriptive literature review explores what a nurse needs to know about cybersecurity. Our results show that awareness of cyber risks is weak in the healthcare sector. Understanding cyber risks and recognizing the effects of one's own activities increases the cybersecurity of the entire organization, therefore cybersecurity training for nurses should be increased. Our study suggested that nurses’ most important cyber skills are their own cyber-safe way of operations, identifying cyber threats related to equipment, identifying the effects of cyber disruptions, and acting in a cyber disruption situation. Future nurse training programs should be updated to include these skills. Additionally, the teaching of nurses must be developed so that it meets these competence needs.

Digital Twin of Food Supply Chain for Cyber Exercises

The food supply chain is a critical part of modern societies. As with other facets of life, it is thoroughly digitalized, and uses network connections. Consequently, the cyber security of the supply chain becomes a major concern as new threats emerge. Cyber ranges can be used to prepare for such cyber security threats by creating realistic scenarios mimicking real-world systems and setups. Organizations can participate in cyber security training and exercises that present them with these scenarios. Cyber ranges can also be used efficiently for research and development activities, because cyber ranges are realistic environments and can be used for the generation of realistic data. The aim of this study is to describe a digital twin of the food supply chain built for cyber range-based cyber security exercises. The digital twin mirrors the real-world situation with sufficient detail, as required by the cyber exercise. This research uses the design science methodology, which describes the construction and evaluation of the proposed system. The study explains the general capabilities of the food supply chain digital twin and its use in the cyber range environment. Different parts of the supply chain are implemented as Node.js services that run on the Realistic Global Cyber Environment (RGCE) platform. The flow of ingredients and products is simulated using an apparatus model and message queues. The digital twin was demonstrated in a real live cyber exercise. The results indicate that the apparatus approach was a scalable and realistic enough way to implement the digital twin. The main limitations of the implemented system are the implementation on one specific platform, and the need for more feedback from multiple exercises. Creation of a digital twin enables the use of cyber ranges to train organizations related to the food supply chain.

User perception of Context-Based Micro-Training – a method for cybersecurity training

ABSTRACT User behavior is one of the biggest challenges to cybersecurity in modern organizations. Users are continuously targeted by attackers and required to have sufficient knowledge to spot and avoid such attacks. Different training methods are suggested and used in the industry to support users to behave securely. The challenge remains, and improved methods for end-user cybersecurity training are needed. This paper introduces and evaluates user perception of a method called Context-Based Micro-Training (CBMT). This approach suggests that training should be delivered in short sequences when the information is of direct relevance. The intention is to provide training directly related to the user’s current situation while also providing an awareness-increasing effect. This notion is tested in a survey-based evaluation involving 1,452 respondents from Sweden, Italy, and the UK, comparing the perception of CBMT against the experience of traditional approaches. The results emphasize that current methods are not effective enough and show that CBMT is perceived positively by respondents in all sample groups. The study further evaluated how demographic aspects impact the perception of CBMT and found that a diverse group of users can appreciate it.

Predicting Phishing Victimization: Comparing Prior Victimization, Cognitive, and Emotional Styles, and Vulnerable or Protective E-mail Strategies

ABSTRACT Phishing victimization is prevalent and results in theft of personal identifiable information (PII) or installing malware to steal PII. Drawing upon social psychological and criminological theories, we conducted a prospective study to assess three groups of predictors to being phished or not: a) prior victimization; b) protective or vulnerable habitual strategies, and c) emotional and cognitive decision-making styles. Students (N = 236) completed a survey assessing these predictors and then about 4 weeks later received a phishing e-mail using the university’s phishing testing system. The e-mail requested that they click on a link and enter their student ID to avoid having their account blocked. About half (50.8%) clicked on the link, and 81.6% of those phished entered their PII. Individuals who had low avoidant style and high generalized anxiety were four times more likely to be phished, after controlling for the significant effects of vulnerable habitual strategies and using dating apps. Machine learning analyses also found cognitive styles and generalized anxiety are the better predictors of getting phished compared to vulnerable and protective strategies and prior victimization. These findings suggest that cybersecurity training needs to be expanded to address the emotional and cognitive processing of deceptive appeals in e-mails.

A personalized learning theory-based cyber-security training exercise

Current enterprises’ needs for skilled cyber-security (CS) professionals have prompted the development of diverse CS training programs and offerings. It has been noted that even though enterprise staff is now more aware of security threats, the number of successful attacks against companies has all but decreased over the years. Several criticisms were raised against current CS training offerings, which often made them inadequate, or unable to change participants’ behavior and security attitude. One of the main factors CS training programs are often not very effective is the lack of engagement or motivation of participants. This is often the result of training not being tailored to the needs or preferences of participants. In our previous work, we tackled this issue by developing a personalized learning theory-based model for developing CS training frameworks. In this work, we utilize the model to develop two CS training exercises: two game-based scenarios using the CS training video game Cyber CIEGE and one table-top team exercise. The exercises are later tested by involving a group of 12 students from the Norwegian Institute of Science and Technology (NTNU) Information Security master’s degree program. According to the results of the experiment and the feedback from the students, students felt more engaged during the exercises due to having been participants in their development process. This has in turn motivated them to continue using the training tools independently in their spare time. Further research is recommended to establish whether the training development model is adequate for different target groups, as well as better performing than other models when developing full-fledged training programs.

Smart home cybersecurity awareness and behavioral incentives

PurposeSmart-home security involves multilayered security challenges related to smart-home devices, networks, mobile applications, cloud servers and users. However, very few studies focus on smart-home users. This paper aims to fill this gap by investigating the potential interests of adult smart-home users in cybersecurity awareness training and nonfinancial rewards that may encourage them to adopt sound cybersecurity practices.Design/methodology/approachA total of 423 smart-home users between the ages of 25 and 64 completed a survey questionnaire for this study, with 224 participants from Japan and 199 from the UK.FindingsCultural factors considerably influence adult smart-home users’ attitudes toward cybersecurity. Specifically, cultural differences impact their willingness to participate in cybersecurity awareness training, their views on the importance of cybersecurity training for children and senior citizens and their preference for nonfinancial rewards as an incentive for good cybersecurity behavior. These results highlight the need to consider cultural differences and their potential impact when developing and implementing cybersecurity programs that target smart-home users.Practical implicationsThis research has two main implications. First, it provides insights for information security professionals on the importance of designing cost-effective and time-efficient cybersecurity awareness training programs for smart-home users. Second, the findings may assist governments in establishing nonfinancial incentives to encourage greater uptake of cybersecurity practices among smart-home users.Originality/valueThe paper investigates whether adult smart-home users are willing to spend time and money to engage in cybersecurity awareness training and to encourage their children and elderly parents to participate in training, as well. In addition, the paper examines incentives, especially nonfinancial rewards, that may motivate adult smart-home users to adopt cybersecurity behaviors at home. Furthermore, the paper analyses demographic differences among smart-home users in Japan and the UK.

Improving your company's cyber security training

Even the best security technology can't eliminate the threats to your organisation. Human error will always present a risk. It's important, then, that every organisation takes a careful look at its cyber security training to determine whether it's up to the job.

Falling for phishing attempts: An investigation of individual differences that are associated with behavior in a naturalistic phishing simulation

Social engineering cyber-attacks such as phishing emails pose a serious threat to the safety of many organizations. Given that the effectiveness of these attacks heavily relies on poor human decision making, an improved understanding of the individual characteristics that increase cybersecurity vulnerability could inform more targeted training. The current study aimed to identify whether several factors, including phishing email detection ability, confidence in one's phishing identification decisions, general attitudes towards one's level of responsibility and efficacy, and employee satisfaction and loyalty to the organization, may predict behavior in a naturalistic phishing simulation in an employment setting. We followed up employees of a large organization who had been recently targeted by a phishing simulation and asked them to complete a survey that included a phishing detection task. The employees’ behavior in the phishing simulation was ranked according to its safety: reporting the suspicious email, neither reporting nor clicking on the embedded link, and clicking on the link. We found that fewer years of employment at the organization and lower employee satisfaction and loyalty predicted increasingly unsafe behavior in the simulation. This suggests that newer and unsatisfied employees are most vulnerable to phishing attempts and might benefit most from targeted cybersecurity training.

Cybersecurity Training in Organization as Human Capital Investment: A Qualitative Grounded Theory Analysis

This study aims to examine the impacts of organization’s cybersecurity training program on employees with qualitative data, collected from 33 college students who were attending Norfolk State University while also working either on a part-time or full-time basis participated. Open-ended questions were asked to elicit participants’ perspectives on cybersecurity training and cybersecurity protocols in organizations. Using qualitative data analysis software Nvivo 12, the authors organized and analyzed the collected data with open coding, and selective coding to recognize the major influencing impacts from cybersecurity training on employees’ routine work and behavior. Inductive and grounded theory analysis further elaborates connections between employee’s cybersecurity training and efficiency of organizations. Our findings suggest that on-the-job cybersecurity training provided by the employer is an effective investment for modern organizations to build on the organizational human capital and consequently to improve the efficiency of the organization. Findings from this study corroborates with the tenet of human capital theory that on-the-job educational program or training is economical and effective to manage the human capital challenge for modern organizations.

Cybersecurity Workforce Landscape, Education, and Industry Growth Prospects in Southeast Asia

Given the chronic lack of qualified professionals in the cybersecurity industry, the present paper seeks to evaluate the current interest in cybersecurity across Southeast Asia nations and then compare it with the available educational offerings of related degrees in each country to identify eventual gaps in the market. The goal is to assess whether there is a need for additional degree programs in cybersecurity and to evaluate the potential for future growth in the industry by providing a solid educational foundation for aspiring professionals. To estimate current interest from prospective students and profesionals in cybersecurity across each country, leaderboards from the popular TryHackMe gamified cybersecurity training platform are referenced. We further discuss issues by considering the related formal education programmes offered by the top universities in each country, identified by their presence in the QS world university rankings. The data are then used to propose two new metrics: the ‘Cybersecurity Education Prospects Index’ (CEPI) and the ‘Cybersecurity Industry Prospects Index’ (CIPI), which show how most of the eleven countries in Southeast Asia do have an unmet demand for cybersecurity education and only a few of them have already developed an educational infrastructure that is ready to support the growing needs of the local and international industry.

An Evolutionary Game Theoretic Analysis of Cybersecurity Investment Strategies for Smart-Home Users against Cyberattacks

In the digital era, smart-home users face growing threats from cyberattacks that threaten their privacy and security. Hence, it is essential for smart-home users to prioritize cybersecurity education and training to secure their homes. Despite this, the high cost of such training often presents a barrier to widespread adoption and accessibility. This study aims to analyze the costs and benefits associated with various cybersecurity investment strategies for smart-home users in the context of cyberattacks. The study utilizes evolutionary game theory to model a game comprised of three populations: smart-home users, stakeholders, and attackers. We derive and analyze the replicator dynamics of this game to determine the evolutionarily stable strategy (ESS). Furthermore, we investigate the impacts of the costs and benefits of cybersecurity investment and cyberattack costs on the ESS. The findings indicate that incurring costs for cybersecurity training is beneficial for smart-home users to protect their homes and families. However, the training costs must be low and affordable for smart-home users in order to ensure their participation and engagement. Additionally, providing rewards for commitment to cybersecurity is crucial in sustaining interest and investment over the long term. To promote cybersecurity awareness and training for smart-home users, governments can incorporate it as a priority in national cybersecurity plans, provide subsidies for training costs, and incentivize good cybersecurity practices.

Contributing Factors in Measuring Interest Levels in VR Cybersecurity Training

Contributing Factors in Measuring Interest Levels in VR Cybersecurity Training

Cyber range design framework for cyber security education and training

The need for effective training of cyber security personnel working in critical infrastructures and in the corporate has brought attention to the evolution of Cyber Ranges (CRs) as learning and training tools. Although CRs have been organized for many years, there is a lack of standards and common methodologies that facilitate their development and optimize their effectiveness. Aiming at strengthening cyber security education and research that utilize well designed CRs, we first analyze the CRs domain to identify key characteristics, strengths and fundamental weaknesses, and based on these outcomes we propose the Cyber Range Design Framework (CRDF), which includes the CR Architecture and the CR Life-Cycle. The CR Architecture presents the main components of CRDF compliant CRs, whereas the CR Life-Cycle presents the development phases of such approaches and the activities these phases embrace. CRDF builds on the Conceptual Framework for eLearning and Training (COFELET) and on the Exercise Life-Cycle. COFELET is particularly elaborated for the development of cyber security educational approaches, by adopting its design considerations that were based on widely adopted educational theories and approaches (e.g., scenario-based, reuse of elements). CRDF envisages the elaboration of CRs which optimize their impact, mitigate their weaknesses, and minimize their preparation and running costs. Under this prism, a preliminary appreciation of the CRDF approaches effectiveness is presented along with the expected outcomes of such approaches.

Improving Workplace and Societal Cybersecurity via Post-Secondary General Education

Everyone has a role to play in cybersecurity and cyber risk management, but people without security backgrounds seldom understand—let alone accept or endorse—such roles. Public and private organizations face common challenges in facilitating more secure behaviors among employees. As part of their missions, most colleges and universities in the United States have general education programs that aim to instill certain competencies and characteristics in all graduates (for individual and greater good). This paper proposes that a cybersecurity general education course could help improve common workplace challenges in cybersecurity training and awareness, and that such a course could align with each institution’s general education goals to benefit not only graduates but also communities and society writ large.

Cyber security training in Finnish basic and general upper secondary education

Cyber security in Finland is part of other areas of comprehensive security, as digital solutions multiply in society and technologies advance. Cyber security is one of the primary national security and national defense concerns. Cyber security has quickly evolved from a technical discipline to a strategic concept. Cyber security capacity building can be measured based on the existence and number of research and developments, education and training programs, and certified professionals and public sector agencies.
 Cybersecurity awareness and the related civic skills play an increasingly important role as our societies become more digitalized. Improving citizens' cyber skills through education is an important goal that would strengthen Finland as a country of higher education and expertise and lay the foundation for the society of the future.
 Pursuant to the Finland’s Cyber Security Strategy (2019) “National cyber security competence will be ensured by identifying requirements and strengthening education and research.” Finland’s Cyber Security Development Programme (2021) necessitates that in basic education ensures young people have sufficient skills to operate in a digital operating environment and that they understand cyber security threats and know how to protect themselves from them. So, cybersecurity is an important subject for everyone, not just industry or public organizations. It’s also vital for our children to understand how to stay safe online, and the need to be aware of any dangers that might come their way. Cybersecurity awareness training is important because it teaches pupils how they can protect themselves from cyber-attacks (MTC, 2021).
 The study of cybersecurity education in Finland was made in autumn 2021 and spring 2022 for the National Cyber Security Director. According to the study, measures are needed so that cyber security becomes an important aspect when planning education and teaching. There are different models to choose from to make training more effective. This paper presents the results of the research focusing basic and general upper secondary education.

“Generic and unusable”1: Understanding employee perceptions of cybersecurity training and measuring advice fatigue

Security Education Training and Awareness (SETA) programs often fail to reduce organisational cyber risk, and this is linked to the way that employees perceive and appraise such programs. Rather than improving employee awareness, a poorly implemented SETA program may cause fatigue and result in risky cyber behaviours. This paper describes two studies aimed respectively at examining how SETA programs can lead to fatigue and development of a measure of SETA Advice-Related Cybersecurity Fatigue. In Study 1, a repertory grid technique was used to examine employee responses to a series of SETA videos. A total of 24 in-depth semi-structured interviews were conducted with individuals from a variety of industries. Key themes related to the content, style, and design, of cybersecurity training videos, but also employees’ perceived characteristics of the intended audience and broader preconceptions of cybersecurity principles. In Study 2, we developed the Cybersecurity Advice Fatigue Scale (CAFS) Scale, a self-report measure of the fatigue which results from poor cybersecurity advice. A principal component analysis of CAFS scores for 457 working adults revealed a five-factor structure that broadly aligns with the themes identified by the qualitative analyses of Study 1. The results of both studies highlight that employees make inferences about the corporate motivation behind the SETA program, and this influences their receptivity to the content. From an applied perspective, cybersecurity practitioners can use the CAFS to identify features of their cybersecurity training programs which should be improved to enhance the program's efficacy.

Improving cybersecurity skill development through visual programming

PurposeCybersecurity training plays a decisive role in overcoming the global shortage of cybersecurity experts and the risks this shortage poses to organizations' assets. Seeking to make the training of those experts as efficacious and efficient as possible, this study investigates the potential of visual programming languages (VPLs) for training in cyber ranges. For this matter, the VPL Blockly was integrated into an existing cyber range training to facilitate learning a code-based cybersecurity task, namely, creating code-based correlation rules for a security information and event management (SIEM) system.Design/methodology/approachTo evaluate the VPL’s effect on the cyber range training, the authors conducted a user study as a randomized controlled trial with 30 participants. In this study, the authors compared skill development of participants creating SIEM rules using Blockly (experimental group) with participants using a textual programming approach (control group) to create the rules.FindingsThis study indicates that using a VPL in a cybersecurity training can improve the participants' perceived learning experience compared to the control group while providing equally good learning outcomes.Originality/valueThe originality of this work lies in studying the effect of using a VPL to learn a code-based cybersecurity task. Investigating this effect in comparison with the conventional textual syntax through a randomized controlled trial has not been investigated yet.