Cybersecurity Training Research Articles

Assessing Employee Susceptibility to Cybersecurity Risks

This research challenges assumptions about cybersecurity risk factors, revealing that age, gender, and educational background are not significant determinants of employee susceptibility. It highlights the importance of inclusive cybersecurity training programs that cater to individuals of all age groups, dispelling the misconception that older employees are inherently less tech-savvy and more susceptible to cybersecurity threats. The findings show that cybersecurity teams within organizations significantly impact the adoption of security policies and data handling practices among employees, even though their influence on password and account security practices is limited. Organizations can adopt a holistic approach to cybersecurity training and awareness programs by leveraging these insights. This approach transcends traditional demographics and focuses on enhancing password and account security, ultimately strengthening cybersecurity postures, fostering a culture of cybersecurity consciousness, and fortifying defenses against the evolving landscape of digital threats.

Cybersecurity Practices and International Relations Performance in Rwanda. A Case of Broadband Systems Corporation

Purpose: The general objective of the research was to assess the effect of cybersecurity practices on international relations performance in Rwanda, a case of Broadband Systems Corporation. Specifically, the study determined the effect of cybersecurity policies on the international relations performance in Rwanda, to find out the effect of cybersecurity technology on the international relations performance in Rwanda and to assess the effect of cybersecurity training on the international relations performance in Rwanda. Methodology: Descriptive, correlational, qualitative and quantitative based on primary and secondary data were used in the study. This research aimed to gather data from 229 employees, stakeholders of Broadband Systems Corporation, including company officials, cybersecurity staff and beneficiaries. Using Slovin's approach, the researcher determined the number of participants needed for the sample. Researcher had 146 participants in their sample, out of a total population of 229. The researcher used questionnaires question to gather primary data. The researcher analyzed the data using SPSS (Statistical Package for Social Scientists, version 25) to grasp statistics such as percentage, mean, standard deviation, and frequency. Bivariate correlation analysis was performed to investigate the hypotheses. Findings: The model demonstrates a multiple correlation coefficient (R) of 0.877, signifying a robust positive correlation among cybersecurity policies, cybersecurity technology, and cybersecurity training with the dependent variable, international relations performance in Rwanda. Analysis of Variance results for the regression analysis shows the F-value is 141.583, which indicates a highly significant model fit. The significance level (Sig.) is .000, demonstrating that the predictors cybersecurity technology, cybersecurity policies, and cybersecurity training significantly contribute to explaining variations in international relations performance. Unique Contribution to Theory, Practice and Policy: BSC should implement continuous cybersecurity awareness training to help employees recognize and respond to common cyber threats.

Cybersecurity threats and preparedness: Implications for dental schools.

Cybersecurity threats are a growing concern in healthcare, where digital systems now underpin patient care, financial management, and educational operations. A cybersecurity breach in a Dental school environment can have widespread consequences to the mission of the school-patient care, research, education and service. For dental school administrators, these risks highlight the necessity of robust cybersecurity measures. For student learners, the impact may include interruptions to their education. For patients, it could mean compromised personal data and reduced access to clinical care. While many sectors have responded to increasing cyber threats by enhancing their defenses, healthcare and dental schools, often lag in implementing necessary protections. This emphasizes the need for proactive measures, such as regular system audits, advanced encryption methods, and ongoing cybersecurity training for administrators and students alike, to mitigate future risks and safeguard institutional integrity.

We need to aim at the top: Factors associated with cybersecurity awareness of cyber and information security decision-makers.

Cyberattacks pose a significant business risk to organizations. Although there is ample literature focusing on why people pose a major risk to organizational cybersecurity and how to deal with it, there is surprisingly little we know about cyber and information security decision-makers who are essentially the people in charge of setting up and maintaining organizational cybersecurity. In this paper, we study cybersecurity awareness of cyber and information security decision-makers, and investigate factors associated with it. We conducted an online survey among Slovenian cyber and information security decision-makers (N = 283) to (1) determine whether their cybersecurity awareness is associated with adoption of antimalware solutions in their organizations, and (2) explore which organizational factors and personal characteristics are associated with their cybersecurity awareness. Our findings indicate that awareness of well-known threats and solutions seems to be quite low for individuals in decision-making roles. They also provide insights into which threats (e.g., distributed denial-of-service (DDoS) attacks, botnets, industrial espionage, and phishing) and solutions (e.g., security operation center (SOC), advanced antimalware solutions with endpoint detection and response (EDR)/extended detection and response (XDR) capabilities, organizational critical infrastructure access control, centralized device management, multi-factor authentication, centralized management of software updates, and remote data deletion on lost or stolen devices) are cyber and information security decision-makers the least aware of. We uncovered that awareness of certain threats and solutions is positively associated with either adoption of advanced antimalware solutions with EDR/XDR capabilities or adoption of SOC. Additionally, we identified significant organizational factors (organizational role type) and personal characteristics (gender, age, experience with information security and experience with information technology (IT)) related to cybersecurity awareness of cyber and information security decision-makers. Organization size and formal education were not significant. These results offer insights that can be leveraged in targeted cybersecurity training tailored to the needs of groups of cyber and information security decision-makers based on these key factors.

Cybersecurity in Learning Systems: Data protection and privacy in educational information systems and digital learning environments

This research addresses the growing cybersecurity challenges within educational information systems and digital learning platforms, focusing on the protection of sensitive data and user privacy. The objective is to identify prevalent cybersecurity threats in these environments and propose effective solutions to mitigate them. A mixed-method approach is employed, combining a comprehensive literature review with a survey distributed to IT professionals and educators working in digital learning environments. The findings highlight the increasing sophistication of cyberattacks, including data breaches, phishing, and malware, which compromise the integrity and security of educational data. Moreover, the study reveals a gap in the implementation of robust cybersecurity policies, especially in underfunded educational institutions. The proposed solutions emphasize the integration of advanced encryption methods, multifactor authentication, and regular cybersecurity training for all stakeholders. In conclusion, this research underscores the importance of developing a resilient cybersecurity framework tailored to educational systems, ensuring the protection of both institutional data and the privacy of users, thereby enhancing trust and security in digital learning environments.

Challenges in Maritime Cybersecurity Training and Compliance

The implementation of cybersecurity standards and directives in the maritime sector plays a crucial role in protecting critical maritime infrastructures from cyber threats. The level of protection depends heavily on humans. However, the effectiveness of cybersecurity training and compliance programmes, an essential component of these standards, is often hindered by challenges related to the sector’s environment, including the established technologies, practices, and norms. This paper aims to identify these challenges through a literature review and set the basis for more effective human risk minimization, responses, and training. We identify 17 challenges and validate them with an online survey (N = 205) capturing real-world perspectives from maritime-related stakeholders. Our findings contribute to enhancing the effectiveness of maritime cybersecurity training and compliance programmes, ultimately strengthening the maritime cybersecurity posture.

The Ludo-Learning Matrix: A Framework for Understanding Learning in Games

Games have been widely recognized as methods of making learning more engaging. This has proven to be very attractive to those attempting to get complex fields such as cybersecurity training to a wider audience. Unfortunately, there is a failure to understand that each type of game serves a different educational purpose, leading to the situation where the games are being selected incorrectly and are failing to fulfill their promise. To address this issue, key concepts in learning and games were identified from the literature and then operationalized into an analytical framework. The concepts of player agency, message broadcasting, the transfer of learning and the type of challenges present in the game were selected. This generated a framework that is player-focused rather than content-focused and could be applied to any potential learning game. To validate the framework, three cybersecurity games were selected and analyzed using a ludo-textual approach. Cyberciege, a single player game aimed at university students, Spoofy, a kids’ web browser game and Tallinn Soldier, a seminar wargame, were selected to give as wide a sample as possible. The paper goes on to report on the results of the analysis and discuss how this may be used to examine and design learning games for cybersecurity in the future. Each of the selected games focus on different mechanisms for learning and engagement, highlighting the design tradeoffs that were made in the creation of the game. The proposed analytical framework can be applied not just to cybersecurity training games but theoretically to understanding any game that has learning as its objective.

CYBERSECURITY AWARENESS

Technology is advancing at a very high speed, becoming more sophisticated and complex. Similarly, due to the vastness of the digital world, cyber threats have also increased in complexity and frequency. The rapid advancement of technology has brought unprecedented conveniences but also significant risks. Therefore, security awareness is essential for every individual and organization. Cyber threats such as phishing attacks, malware attacks, social engineering, Denial of service attacks, and insider threats have become sophisticated, proving to be a challenge to individuals and organizations. This paper evaluates security awareness in the organization with a keen interest in why the program is essential, the components of the program, challenges that might be faced while implementing the program, and what role the organization and employees have to play to ensure the environment is secure. The paper provides a comprehensive analysis highlighting the importance of security awareness in an organization's current sophisticated digital world. Keywords - Security Awareness, Cyber Threats, Phishing, Malware, Social Engineering, Information Security, Cybersecurity Training, Risk Mitigation, and Continuous Education.

Addressing cybersecurity challenges in robotics: A comprehensive overview

As robotics technology becomes increasingly integrated into various sectors, ensuring the cybersecurity of robotic systems is paramount. This article provides an in-depth exploration of the cybersecurity challenges confronting robotics and offers strategies to address these concerns. With the growing connectivity and networking capabilities of robots, vulnerabilities such as unauthorized access, data breaches, and network attacks are significant threats [1]. Protecting sensitive data collected and processed by robots is crucial to preserving privacy and trust. Remote access features, while enhancing operational flexibility, also pose security risks if not adequately secured. Weak authentication mechanisms and insecure interfaces could allow malicious actors to compromise robot functionality. Furthermore, robots are susceptible to malware and cyber-attacks, including viruses, worms, and ransomware. To mitigate these risks, a comprehensive approach is necessary, incorporating secure design principles, robust authentication mechanisms, encryption techniques, and cybersecurity training. Collaboration among industry stakeholders, researchers, policymakers, and cybersecurity experts is essential to develop resilient robotic systems capable of withstanding evolving cyber threats. This article underscores the importance of addressing cybersecurity challenges in robotics to ensure the safety and security of robotic deployments across diverse domains. As robotics technology evolves and becomes integral across various sectors, prioritizing cybersecurity [2] is crucial to protect these systems from unauthorized access, data breaches, and network attacks. The interconnected nature and remote access features of robots pose significant vulnerabilities. Comprehensive measures, including secure design, encryption, and cybersecurity training, are essential. Collaboration among industry stakeholders, researchers, policymakers, and cybersecurity experts is vital for developing resilient robotic systems. This article highlights the urgent need to address cybersecurity challenges to ensure the safety and integrity of robotic deployments.

Análisis de la efectividad de phishing automático

The article examines the growing threat of automated phishing, a social engineering technique that has evolved with automation, complicating the protection of computer systems both in Ecuador and globally. The objective is to analyze the effectiveness of this technique and its impact on information security. The methodology used includes a systematic review of the literature on automated phishing, highlighting how automation has increased the sophistication and scope of these attacks. The results show that automated attacks, facilitated by artificial intelligence and machine learning, have surpassed traditional attacks in frequency globally. In Ecuador, although less common, automated attacks have had a notable impact, especially in sectors with limited security measures. The findings highlight the need to adopt robust security controls, such as multi-factor authentication and ongoing cybersecurity training, in addition to following international standards such as ISO/IEC 27001 to mitigate the risks of automated phishing. Awareness talks are also recommended to strengthen security against these threats.

Security awareness, decision style, knowledge, and phishing email detection: Moderated mediation analyses

This study examines whether the negative relationship between email information security awareness and phishing email susceptibility is mediated by less intuitive decision-making when assessing emails, and whether this relationship is moderated by phishing email knowledge. Participants (N = 291) completed an online email sorting task, a measure of email use information security awareness, a measure of preference for intuitive decision-making with emails, and a measure of phishing email knowledge. Moderated mediation analyses indicated that information security awareness predicted positive behavioural intentions directly and indirectly through lower preference for intuitive decision-making, and these relationships were stronger when phishing email knowledge was lower. Further, both the direct and indirect relationships between information security awareness and sensitivity through intuitive decision styles were moderated by phishing email knowledge, with information security awareness positively predicting ability to discriminate phishing from genuine emails when phishing knowledge was average or high but not low. These findings suggest that in the absence of phishing knowledge, information security awareness and less intuitive decision styles reduce susceptibility to phishing attacks through increased caution. Further, the findings provide strong support for the proposition that some level of phishing knowledge is required before email security behaviours and decision-making processes aid in the detection of phishing emails. From an applied perspective, the outcomes suggest that focusing on a combination of awareness, knowledge, and decision-making processes could increase the effectiveness of anti-phishing and cybersecurity training programs.

How demographic and appearance cues of a potential social engineer influence trust perception and risk-taking among targets?

Purpose The aim of this study is to investigate how the demographics and appearance cues of potential social engineers influence the likelihood that targets will trust them and accept security risk. Design/methodology/approach Data were collected through an online survey of 635 participants, including 322 participants from Arab countries and 313 participants from the UK. The survey presented scenarios with 16 personas who offered participants the use of their mobile internet hotspot. These personas were characterized by combinations of age (young vs aged), gender (male vs female), ethnicity (Arab vs UK) and look formality (casual vs formal). The study measured both participants’ offer acceptance and trust in the persona. Findings Results indicated a higher likelihood of offer acceptance from female and aged personas, as well as a greater trust in these groups. Arab participants showed a preference for personas with Arabian ethnic features. In both samples, trust and acceptance were influenced by the persona’s appearance, which was found to be gender-dependent; with female personas in casual attire and male personas in formal attire being trusted more in comparison to female with formal attire and male with informal, respectively. Practical implications Findings highlight the importance of incorporating awareness of appearance-based biases in cybersecurity training, suggesting the need for culturally sensitive training programs to enhance defense against social engineering. Originality/value This study distinguishes itself by elucidating the influence of social engineers’ demographic and appearance cues on the likelihood of individuals to take security risks, thus addressing a significant gap in the literature which has traditionally emphasized the profiles of targets.

The Art of Inclusive Gamification in Cybersecurity Training

The Art of Inclusive Gamification in Cybersecurity Training

Evaluating and validating the Serious Slow Game Jam methodology as a mechanism for co-designing serious games to improve understanding of cybersecurity for different demographics

We present an evaluation of a Serious Slow Game Jam (SSGJ) methodology as a mechanism for co-designing serious games in the application domain of cybersecurity, to evaluate how the SSGJ methodology contributed to improving the understanding of cybersecurity for different demographics. The aim of this study was to evaluate how the SSGJ contributed to improving the understanding of cybersecurity for young persons between the ages of 11 and 16 years old who had no formal training or education in cybersecurity, and to validate and compare these results to previous work where the same SSGJ methodology was used with a different target demographic (i.e.,M.Sc. students with no formal training or education in secure coding). To this end, we engaged 23 participants between the ages of 11 and 16 years old for 5 consecutive days over a one-week period, in a multidisciplinary SSGJ involving domain-specific, pedagogical, and game design knowledge, and encouraged engagement in-between scheduled events of the SSGJ. Findings show improved confidence of participants in their knowledge of cybersecurity, for both demographics, after undertaking the Serious Slow Game Jam (from 41.2% to 76.5% for young persons, and from 12.5% to 62.5% for M.Sc. students). Free-text answers specifically indicate an improved understanding of cybersecurity in general, and one specific security vulnerability, attack or defence for a quarter of young persons, and the trichotomy of security vulnerabilities, attacks, and defences for three quarters of the M.Sc. students. Also, confidence in knowledge of game design improved for both demographics (from 47.1% to 82.4% for young persons and from 12.5% to 75% for M.Sc. students). The SSGJ methodology also successfully engaged both demographics of participants in-between scheduled days. Finally, two serious games in the application domain of cybersecurity are presented that were co-designed during the SSGJ with participants and produced as an output of the SSGJs.

Establishing a Model for the User Acceptance of Cybersecurity Training

Establishing a Model for the User Acceptance of Cybersecurity Training

Protecting patient privacy in the age of smart healthcare: practical cybersecurity measures for individuals and healthcare providers

The rise of smart healthcare technologies, including wearable devices, telemedicine, and the Internet of Medical Things (IoMT), has significantly transformed patient care. However, these advancements have also introduced critical cybersecurity vulnerabilities. This paper explores the escalating threats to patient privacy in the digital age, highlighting substantial increase in cyberattacks on healthcare systems, with data breaches averaging $10.1 million per incident. Analysis reveals several prominent cyber threats to smart healthcare technologies, such as ransomware, phishing, Distributed Denial of Service (DDoS) attacks, Man-in-the-Middle (MitM) attacks, malware, SQL injection, and insider threats, all of which compromise the confidentiality and integrity of patient data. Notably, ransomware attacks have surged by 123% in recent years, severely disrupting patient care and privacy. To mitigate these risks, this commentary proposes actionable cybersecurity measures for both healthcare providers and individuals. Healthcare organizations should conduct thorough risk assessments, implement stringent access controls, encrypt sensitive data, provide comprehensive cybersecurity training for staff, and establish robust incident response plans. Concurrently, individuals are encouraged to remain vigilant about cybersecurity threats, secure their personal devices, use only reputable healthcare applications, be cautious with data sharing, and regularly monitor their health information. By adopting these strategies, both healthcare providers and patients can better safeguard sensitive health information and strengthen the security framework of smart healthcare systems.

Survey-based analysis of cybersecurity awareness of Turkish seafarers

In recent years, vessels have become increasingly digitized, reflecting broader societal trends. As a result, maritime operations have become an attractive target for cyber threat actors. Despite the limited cybersecurity training seafarers receive, they are expected to operate within technologically advanced environments. The importance of cybersecurity awareness is evident, but the extent of seafarers’ knowledge in this area remains uncertain. This article investigates three primary aspects: (1) the current state of cybersecurity onboard cargo vessels, (2) seafarers’ cybersecurity awareness, and (3) potential improvements in seafarers’ cybersecurity awareness. To accomplish this, a literature review is conducted to collect and analyze current research, supplemented by a questionnaire survey targeting Turkish seafarers. Our findings support increased investment in awareness and training programs, including organizational-wide cybersecurity awareness efforts, more frequent training, mandatory training for all seafarers through the Standards of Training Certification and Watchkeeping (STCW), and the appointment of a cybersecurity Officer (CySO) to ensure satisfactory cybersecurity levels onboard. Since this article focuses on high-level topics by assessing the general state of maritime cybersecurity and seafarers’ cybersecurity awareness, it does not delve into detailed considerations of awareness and training programs. Nevertheless, it lays the foundation for future research in this area.

Cyberedukacja społeczeństwa – korzyści i zagrożenia

The author points to an important area of education, as the article refers to cybereducation as an opportunity to acquire, process and share information over the Internet and using computer systems. Cybereducation in society is provided at several levels: family environment, school (academic) environment, professional (workplaces) environment, local government, community organisations, media. The family environment is mainly about teaching children to be sceptical about sharing data online and teaching them how to use a tablet or computer properly. Cybereducation notably includes cyber lessons given by school and university teachers on how to use the Internet safely. Cybereducation also includes services consisting of offering employees a cybersecurity training package. Non-governmental organisations, an essential part of democracy and civil society, play a significant role in cybereducation in society. The media presence used by individuals and entities who are a source of threat to international peace and security is also significant in this regard. The article contains the characteristics of concepts related to cybereducation, describes the threats and benefits to this issue, and contains conclusions for improving the quality of cybereducation.

Exploring gender dynamics in cybersecurity education: A self-determination theory and social cognitive theory perspective

The cybersecurity industry is facing two major challenges as cyber threats get more serious: a shortage of skilled workers to defend against these attacks and a noticeable underrepresentation of women in the field, underscoring the critical need for diversity and skill development. This research explores variations in cybersecurity learning based on gender using the frameworks of self-determination and social cognitive theories. Conducted over two years, the research utilized a Capture The Flag (CTF) platform to facilitate learning and assess outcomes. This study explores the gender disparities in key areas such as intrinsic and extrinsic motivation, self-efficacy, conceptual grasp, and performance across five distinct cybersecurity subdomains: web exploitation, cryptography, cyber forensics, binary exploitation, and reverse engineering. The comprehensive evaluation included participant interaction with learning materials, their adeptness in practical exercises, and their achievements in a comprehensive contest covering five essential cross-domain cybersecurity concepts. Pre- and post-study surveys were instrumental in tracking shifts in motivation and self-efficacy levels. Findings pointed to notable gender-based differences in motivational aspects and self-belief following the learning phase, with conceptual understanding and the ability to replicate challenges also varying significantly between genders, highlighting disparities in educational outcomes. Domain-based analysis reveals notable gender differences: male participants excelled in solving reverse engineering and cryptography problems, whereas female participants performed better in cyber forensics and web exploitation challenges. These findings underscore the importance of tailored educational strategies in cybersecurity training to bridge the gender gap and foster a more diverse and capable workforce, addressing both the skill shortage and the need for broader representation in the field.

Exploring Trainees’ Behaviour in Hands-on Cybersecurity Exercises Through Data Mining

Despite the rising number of cybersecurity professionals, the demand for more experts in this field is still substantial. Cybersecurity professionals must also possess up-to-date knowledge and skills to counter cybersecurity threats’ dynamicity and rapidly evolving nature. Hands-on cybersecurity training is mandatory to practice various tools and improve one’s technical cybersecurity skills. Generally, an interactive learning environment is set, where trainees perform sophisticated tasks by accessing complete operating systems, applications, and networks. One of the main challenges that cybersecurity organizations are facing today is the generation of massive data through practice exercises. So, it becomes a problem to convert this data into knowledge to improve the overall quality of the learning system. The large amount of interaction data and its complexity also limit us to do automated analysis. Thus, these challenges for cybersecurity learners can be addressed through appropriate educational data analysis by having insights or testing hypotheses or models on a proper dataset. Revealing the patterns, rules, item sets and time taken by trainees while using any command line tool could help the trainer to assess the trainees and to provide feedback. Therefore, in this paper we are analyzing the frequency patterns and timing information captured from the trainees’ command line log to reveal their solving techniques, easy and struggling stages, slipups, and individual performance. Through our study, we aim to show how education and training providers can foresee learners who are less likely to succeed in a task or exhibit low performance, which can impede learning proficiency. With this knowledge, organizations and trainers can identify trainees who require additional attention or support. It may also be able to identify elements related to an organization like training aids, training methodology, etc. that need improvement. This study demonstrates the utility of data-mining techniques, specifically rule mining and sequential mining, to empower training designers to delve into datasets derived from cyber security training exercises.