As network technologies reach deeper into our personal, professional, and even political lives, the threats posed by cybersecurity breaches grow in number and degree. In the new study, “Organizational Vulnerability and Cybersecurity Risk to Industrial Control Systems: Developing a Systematic Attentional Framework,” Alberto Zanutto, Sylvain Frey, Karolina Follis, Awais Rashid and Jerry Busby, all from the Security Lancaster Institute, Lancaster University, provide a unique, qualitative analysis for the detection of organizational vulnerabilities.
Dr. Busby will be formally presenting this paper at the June 19-21 conference of the Society for Risk Analysis in Lisbon, Portugal, at the Calouste Gulbenkian Foundation.
To determine “how signals of these vulnerabilities can be obtained in a systematic way,” the authors conducted interviews with academics, consultants and security managers. The results gathered indicate that most vulnerability signals are “attentional” in nature, reflecting “biases, gaps and limitations” in the attention that organizations give to the threat of a cyberattack. More robust technology, the authors suggest, can only help so much when organizational biases emphasize physical security over cybersecurity or minimize cybersecurity threats by denying their probability so managers can avoid professional embarrassment.
This study offers organizations with critical control systems at risk from cybersecurity threats an important corrective to overdependence on technology-only solutions by emphasizing how much organizational biases make cyberattacks possible.
Filed Under: Industrial automation, Cybersecurity