Abstract
Many consider the internet a safe environment for sharing information and performing online transactions. However, they are unaware of the cyberattacks that occur in the cyber environment. People are vulnerable to cyberattacks such as stealing of data and identity theft that cause financial loss and mental distress. Thus, cybersecurity that protects computer systems is considered vital to combat cyberattacks. This chapter aims to review strategies that can combat cyberattacks systematically. The results of this chapter showed an overview of the reviewed literature about authorship, geographical distribution of the studies, applied methods, types of respondents involved, types of strategies used to combat cyberattacks, and main study findings. Twenty-one studies met the authors' inclusion criteria. The findings highlighted that good governance, strategic partnership, perceived threat, coping appraisal, perceived cultural values, attitude, and technology efficacy are the strategies adopted by organisations and individuals to combat cyberattacks.
Top2. Background
Current systematic reviews of cybersecurity mainly focus on identifying types of cybersecurity vulnerabilities (Humayun et al., 2020), approaches to evaluate cybersecurity awareness (Rahim et al., 2015), assess cyber situational awareness levels (Franke & Brynielsson, 2014), tools to evaluate and educate people about cybersecurity (Zhang-Kennedy & Chiasson, 2021), theories used to explain employees about cybersecurity awareness level and their behaviour (Lebek et al., 2014), security issues related to cyber-physical systems (Lun et al., 2016), identify vulnerabilities and attacks related to cross-site scripting (XSS) and assess approaches to handle self-adaptation in cyber-physical systems (CPS) (Muccini et al., 2016).
Humayun et al. (2020) examined the types of cybersecurity vulnerabilities and threats and the standard cyber-threat mitigation techniques various organisations use. The authors highlighted that the common cybersecurity threats reported were malware, phishing, and denial of service (DoS). Meanwhile, the authors also reported other vulnerabilities such as session hijacking, man-in-the-middle attacks, credential reuse, SQL injection attacks and cross-site scripting (XSS). In addition, the authors highlighted that the industries usually use a combination of mitigation techniques to combat cyber threats. For instance, many organisations use firewalls and IDs to protect Information Systems (IS) from vulnerabilities.
Another systematic review by Rahim et al. (2015) examined the security awareness and knowledge level of organisations, home users, higher learning institution students, novice Internet users and social networking users. The authors concluded that very few studies have evaluated cybersecurity awareness using the program evaluation technique, which focuses on assessing youngsters’ cybersecurity awareness level and issues related to protecting the personal information of cyber users.
Franke and Brynielsson (2014) conducted a systematic review to examine cybersecurity situational awareness concepts, tools, architectures, and algorithms used to detect, measure, and protect systems from threats and exercises relating to increasing cyber situational awareness levels. Meanwhile, Zhang-Kennedy and Chiasson (2021) reviewed tools developed to assess cybersecurity awareness and educate non-expert end-users on cybersecurity. The authors reviewed current trends, the use of relevant instructional design principles, and the evidence of the tools’ effectiveness.
Key Terms in this Chapter
Leadership Support: Support and motivation received from top management to create positive workplaces.
Culture: Believe, ideas, and customs of a society.
Threat: Risk that the Information system encountered.
Good Governance: Conduct and manage the organisational process in a manner that promotes realisation of human rights.
Strategic Partnership: Form collaboration with other stakeholders to effectively combat cyber-threat.
Strategy: Actions taken to combat cybercrime activities.
Coping Appraisal: The individual ability to successfully avoid cybercrime threats.
Cybercrime: Threats encountered by information systems.