Risk Management: Cybersecurity

In IT
Tue, 4 Jul 2017

A cyberattack does not occur spontaneously for it requires some planning and preparation. These attacks make use of a variety of techniques, including methods of social engineering, and they are prepared stealthily and a long time in advance, says IT security expert Stefan Rass, associate professor at the Institute for Applied Informatics (InfAI), Alpen-Adria-Universität Klagenfurt (AAU).

“A Trojan is usually smuggled into a computer as an attachment to an e-mail”, Prof. Rass explains. Then, for a long period, nothing happens. Weeks or even months later, when the effects of a cyberattack become apparent, most people won’t associate the events with the e-mail. Everything you need to carry out an IT infrastructure attack can be purchased from the Darknet: “The supply chain works very smoothly there. It means that anybody can become an attacker; it’s not necessary to have a lot of technical knowledge,” Rass says.

As cyberattacks become more frequent, it therefore behoves public institutions and companies to improve their risk management in order to be prepared for any threats, according to Prof. Rass.

Recent hacking incidents, including attacks on large-scale infrastructure organisations such as the electricity grid in the Ukraine, increase the general awareness about the issue of managing cybersecurity risk. “However, as a general fact, IT security does not tend to bring a direct return on investment," Rass notes. "Sometimes, it results in making things slower and more complicated. Security investments do not produce profits, but rather they avoid losses.”

Prof. Rass is part of an IT security team that is currently working on a set of support tools designed to simplify the decision-making process for institutions of this kind. In order to answer questions such as “Which technical units are at risk”, “Which security measures should be integrated?” or “How likely is an attack?”, a computer-aided method should develop a decision recommendation. Statistical data serve as a basis, while the method itself is based on game theory, the professor adds.

Source: Alpen-Adria-Universität Klagenfurt | Graz | Wien
Image Credit: Pixabay

«« Staff Training to Prevent Hacking Attacks

Artificial Intelligence: Explosive Growth »»

cybersecurity, Risk Management, cyberattack, social engineering

Latest Articles

Decision-Making in the ICU
- Journal Article
- 19/04/2024
Decision-making in the ICU is a multifaceted process that involves clinical assessment, collaboration among multidisciplinary teams, ethical considerations, evidence-based practice, communication, and continuous adaptation to evolving clinical scenarios. Balancing the complex factors requires
READ MORE
Dealing With Uncertainty in ICU Decision-Making: A Practical Guide
- Journal Article
- 19/04/2024
When the stakes are high, and the path ahead is uncertain, the decisions made, especially if a patient continues to worsen, can be sources of self-torment and can haunt us for a long time. Our goal is to suggest ways to steer decision-making for intensivists in the face of uncertainty by prop
READ MORE
The Least Bad Decision: Crisis Standards of Care After the Pandemic
- Journal Article
- 19/04/2024
COVID-19 was an emergency that lasted for years and left few regions of the world untouched. The pandemic shone a spotlight on both the strengths and weaknesses of our disaster planning. What worked, what did not, and how can we better plan for future emergencies? The COVID-19 pandemic fo
READ MORE

cybersecurity, Risk Management, cyberattack, social engineering A cyberattack does not occur spontaneously for it requires some planning and preparation. These attacks make use of a variety of techniques, including methods of social engineering, and they are prepared stealthily and a long time in advance