|
1
|
Weichbroth P, Wereszko K, Anacka H, Kowal J. Security of Cryptocurrencies: A View on the State-of-the-Art Research and Current Developments. SENSORS (BASEL, SWITZERLAND) 2023; 23:3155. [PMID: 36991866 PMCID: PMC10051655 DOI: 10.3390/s23063155] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 01/28/2023] [Revised: 03/10/2023] [Accepted: 03/13/2023] [Indexed: 06/19/2023]
Abstract
[Context] The goal of security is to protect digital assets, devices, and services from being disrupted, exploited or stolen by unauthorized users. It is also about having reliable information available at the right time. [Motivation] Since the inception in 2009 of the first cryptocurrency, few studies have been undertaken to analyze and review the state-of-the-art research and current developments with respect to the security of cryptocurrencies. [Purpose] We aim to provide both theoretical and empirical insights into the security landscape, in particular focusing on both technical solutions and human-related facets. [Methodology] We used an integrative review which could help in building science and scholarly research, the basis for conceptual and empirical models. [Results] Successful defense against cyberattacks depends on technical measures on the one hand, as well as on self-education and training with the aim to develop competence, knowledge, skills and social abilities, on the other. [Contribution] Our findings provide a comprehensive review for the major achievements and developments of the recent progress on the security of cryptocurrencies. [Future research] Since there is increasing interest in adoption of the current solutions within the central bank digital currencies, the future research should explore the development and inception of effective measures against social engineering attacks, which still remain the main concern.
Collapse
Affiliation(s)
- Paweł Weichbroth
- Department of Software Engineering, Faculty of Electronics, Telecommunications and Informatics, Gdańsk University of Technology, Gabriela Narutowicza 11/12, 80-233 Gdańsk, Poland
| | - Kacper Wereszko
- Department of Algorithms and System Modeling, Faculty of Electronics, Telecommunications and Informatics, Gdańsk University of Technology, Gabriela Narutowicza 11/12, 80-233 Gdańsk, Poland
| | - Helena Anacka
- Faculty of Management and Economics, Gdańsk University of Technology, Gabriela Narutowicza 11/12, 80-233 Gdańsk, Poland
| | - Jolanta Kowal
- Institute of Psychology, University of Wrocław, Dawida 1, 50-529 Wrocław, Poland
| |
Collapse
|
|
2
|
Apolinário S, Yoshikuni AC, Larieira CLC. Resistance to information security due to users’ information safety behaviors: Empirical research on the emerging markets. COMPUTERS IN HUMAN BEHAVIOR 2023. [DOI: 10.1016/j.chb.2023.107772] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 03/30/2023]
|
|
3
|
Hilowle M, Yeoh W, Grobler M, Pye G, Jiang F. Users’ Adoption of National Digital Identity Systems: Human-Centric Cybersecurity Review. JOURNAL OF COMPUTER INFORMATION SYSTEMS 2022. [DOI: 10.1080/08874417.2022.2140089] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/18/2022]
Affiliation(s)
- Malyun Hilowle
- Cyber Security Cooperative Research Centre (CSCRC), Centre for Cyber Security Research and Innovation (CSRI), School of Information Technology, Deakin University, Australia
| | - William Yeoh
- Cyber Security Cooperative Research Centre (CSCRC), Centre for Cyber Security Research and Innovation (CSRI), Department of Information Systems and Business Analytics, Deakin University, Geelong, Australia
| | - Marthie Grobler
- Data61 Commonwealth Scientific and Industrial Research Organisation, Melbourne, Australia
| | - Graeme Pye
- Cyber Security Cooperative Research Centre (CSCRC), Centre for Cyber Security Research and Innovation (CSRI), Department of Information Systems and Business Analytics, Deakin University, Geelong, Australia
| | - Frank Jiang
- Cyber Security Cooperative Research Centre (CSCRC), Centre for Cyber Security Research and Innovation (CSRI), School of Information Technology, Deakin University, Australia
| |
Collapse
|
|
4
|
Improving data quality for human-as-a-security-sensor. A process driven quality improvement approach for user-provided incident information. INFORMATION AND COMPUTER SECURITY 2021. [DOI: 10.1108/ics-06-2020-0100] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
Purpose
In the past, people were usually seen as the weakest link in the IT security chain. However, this view has changed in recent years and people are no longer seen only as a problem, but also as part of the solution. In research, this change is reflected in the fact that people are enabled to report security incidents that they have detected. During this reporting process, however, it is important to ensure that the reports are submitted with the highest possible data quality. This paper aims to provide a process-driven quality improvement approach for human-as-a-security-sensor information.
Design/methodology/approach
This work builds upon existing approaches for structured reporting of security incidents. In the first step, relevant data quality dimensions and influencing factors are defined. Based on this, an approach for quality improvement is proposed. To demonstrate the feasibility of the approach, it is prototypically implemented and evaluated using an exemplary use case.
Findings
In this paper, a process-driven approach is proposed, which allows improving the data quality by analyzing the similarity of incidents. It is shown that this approach is feasible and leads to better data quality with real-world data.
Originality/value
The originality of the approach lies in the fact that data quality is already improved during the reporting of an incident. In addition, approaches from other areas, such as recommender systems, are applied innovatively to the area of the human-as-a-security-sensor.
Collapse
|
|
5
|
Astakhova LV, Medvedev IA. An Information Tool for Increasing the Resistance of Employees of an Organization to Social Engineering Attacks. SCIENTIFIC AND TECHNICAL INFORMATION PROCESSING 2021. [DOI: 10.3103/s0147688221010020] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/30/2022]
|
|
6
|
Astakhova LV. The Validity of Information Security Risk Assessment Methods for Organizations. SCIENTIFIC AND TECHNICAL INFORMATION PROCESSING 2021. [DOI: 10.3103/s014768822004005x] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/30/2022]
|
|
7
|
Astakhova LV. A Corporate Employee as a Subject of Corporate Information Security Management. SCIENTIFIC AND TECHNICAL INFORMATION PROCESSING 2020. [DOI: 10.3103/s0147688220020069] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/30/2022]
|
|
8
|
Bullee JW, Junger M. How effective are social engineering interventions? A meta-analysis. INFORMATION AND COMPUTER SECURITY 2020. [DOI: 10.1108/ics-07-2019-0078] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
PurposeSocial engineering is a prominent aspect of online crime. Various interventions have been developed to reduce the success of this type of attacks. This paper aims to investigate if interventions can help to decrease the vulnerability to social engineering attacks. If they help, the authors investigate which forms of interventions and specific elements constitute success.Design/methodology/approachThe authors selected studies which had an experimental design and rigorously tested at least one intervention that aimed to reduce the vulnerability to social engineering. The studies were primarily identified from querying the Scopus database. The authors identified 19 studies which lead to the identification of 37 effect sizes, based on a total sample of N = 23,146 subjects. The available training, intervention materials and effect sizes were analysed. The authors collected information on the context of the intervention, the characteristics of the intervention and the characteristics of the research methodology. All analyses were performed using random-effects models, and heterogeneity was quantified.FindingsThe authors find substantial differences in effect size for the different interventions. Some interventions are highly effective; others have no effect at all. Highly intensive interventions are more effective than those that are low on intensity. Furthermore, interventions with a narrow focus are more effective than those with a broad focus.Practical implicationsThe results of this study show differences in effect for different elements of interventions. This allows practitioners to review their awareness campaigns and tailor them to increase their success.Originality/valueThe authors believe that this is the first study that compares the impact of social engineering interventions systematically.
Collapse
|
|
9
|
|
|
10
|
Fatima R, Yasin A, Liu L, Wang J. How persuasive is a phishing email? A phishing game for phishing awareness. JOURNAL OF COMPUTER SECURITY 2019. [DOI: 10.3233/jcs-181253] [Citation(s) in RCA: 10] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
Affiliation(s)
- Rubia Fatima
- School of Software, Tsinghua University, Beijing, P.R.China. E-mails: , , ,
| | - Affan Yasin
- School of Software, Tsinghua University, Beijing, P.R.China. E-mails: , , ,
| | - Lin Liu
- School of Software, Tsinghua University, Beijing, P.R.China. E-mails: , , ,
| | - Jianmin Wang
- School of Software, Tsinghua University, Beijing, P.R.China. E-mails: , , ,
| |
Collapse
|
|
11
|
Brett T, Loukas G, Moreno Y, Perra N. Spreading of computer viruses on time-varying networks. Phys Rev E 2019; 99:050303. [PMID: 31212481 DOI: 10.1103/physreve.99.050303] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.2] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/28/2019] [Indexed: 06/09/2023]
Abstract
Social networks are the prime channel for the spreading of computer viruses. Yet the study of their propagation neglects the temporal nature of social interactions and the heterogeneity of users' susceptibility. Here, we introduce a theoretical framework that captures both properties. We study two realistic types of viruses propagating on temporal networks featuring Q categories of susceptibility and derive analytically the invasion threshold. We found that the temporal coupling of categories might increase the fragility of the system to cyber threats. Our results show that networks' dynamics and their interplay with users' features are crucial for the spreading of computer viruses.
Collapse
Affiliation(s)
- Terry Brett
- University of Greenwich, Old Royal Naval College, London SE 10 9LS, United Kingdom
| | - George Loukas
- University of Greenwich, Old Royal Naval College, London SE 10 9LS, United Kingdom
| | - Yamir Moreno
- Institute for Biocomputation and Physics of Complex Systems (BIFI), University of Zaragoza, Zaragoza 50018, Spain
- ISI Foundation, Turin 10126, Italy
| | - Nicola Perra
- University of Greenwich, Old Royal Naval College, London SE 10 9LS, United Kingdom
- ISI Foundation, Turin 10126, Italy
| |
Collapse
|
|
12
|
Heartfield R, Loukas G, Budimir S, Bezemskij A, Fontaine JR, Filippoupolitis A, Roesch E. A taxonomy of cyber-physical threats and impact in the smart home. Comput Secur 2018. [DOI: 10.1016/j.cose.2018.07.011] [Citation(s) in RCA: 26] [Impact Index Per Article: 4.3] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/28/2022]
|