Risk Management: Cybersecurity

share Share

A cyberattack does not occur spontaneously for it requires some planning and preparation. These attacks make use of a variety of techniques, including methods of social engineering, and they are prepared stealthily and a long time in advance, says IT security expert Stefan Rass, associate professor at the Institute for Applied Informatics (InfAI), Alpen-Adria-Universität Klagenfurt (AAU).

“A Trojan is usually smuggled into a computer as an attachment to an e-mail”, Prof. Rass explains. Then, for a long period, nothing happens. Weeks or even months later, when the effects of a cyberattack become apparent, most people won’t associate the events with the e-mail. Everything you need to carry out an IT infrastructure attack can be purchased from the Darknet: “The supply chain works very smoothly there. It means that anybody can become an attacker; it’s not necessary to have a lot of technical knowledge,” Rass says.

As cyberattacks become more frequent, it therefore behoves public institutions and companies to improve their risk management in order to be prepared for any threats, according to Prof. Rass.

Recent hacking incidents, including attacks on large-scale infrastructure organisations such as the electricity grid in the Ukraine, increase the general awareness about the issue of managing cybersecurity risk. “However, as a general fact, IT security does not tend to bring a direct return on investment," Rass notes. "Sometimes, it results in making things slower and more complicated. Security investments do not produce profits, but rather they avoid losses.”

Prof. Rass is part of an IT security team that is currently working on a set of support tools designed to simplify the decision-making process for institutions of this kind. In order to answer questions such as “Which technical units are at risk”, “Which security measures should be integrated?” or “How likely is an attack?”, a computer-aided method should develop a decision recommendation. Statistical data serve as a basis, while the method itself is based on game theory, the professor adds.

Source: Alpen-Adria-Universität Klagenfurt | Graz | Wien
Image Credit: Pixabay

Published on : Tue, 4 Jul 2017


Print as PDF

Related Articles

WannaCry, Petya and other attacks make the work of cybersecurity professionals more challenging. Often, they need to work long... Read more

Budgetary constraints often make it difficult for some hospitals to protect highly sensitive health information. But infosec experts... Read more

Remember that any connected device or system can be hacked. This is a central message of the latest HIMSS Healthcare and Cross-Sector... Read more

cybersecurity, Risk Management, cyberattack, social engineering A cyberattack does not occur spontaneously for it requires some planning and preparation. These attacks make use of a variety of techniques, including methods of social engineering, and they are prepared stealthily and a long time in advance

No comment


Please login to leave a comment...

Highlighted Products