In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
While criminality is digitizing, a theory-based understanding of the impact of cybercrime on victims is lacking. Therefore, this study addresses the psychological and financial impact of cybercrime on victims, applying the shattered assumptions theory (SAT) to predict that impact. A secondary analysis was performed on a representative data set of Dutch citizens (N = 33,702), exploring the psychological and financial impact for different groups of cybercrime victims. The results showed a higher negative impact on emotional well-being for victims of person-centered cybercrime, victims for whom the offender was an acquaintance, and victims whose financial loss was not compensated and a lower negative impact on emotional well-being for victims with a higher income. The study led to novel scientific insights and showed the applicability of the SAT for developing hypotheses about cybercrime victimization impact. In this study, most hypotheses had to be rejected, leading to the conclusion that more work has to be done to test the applicability of the SAT in the field of cybercrime. Furthermore, policy implications were identified considering the prioritization of and approach to specific cybercrimes, treatment of victims, and financial loss compensation.
MULTIFILE
What is platformization and why is it a relevant category in the contemporary political landscape? How is it related to cybernetics and the history of computation? This book tries to answer such questions by engaging in multidisciplinary dialogues about the first ten years of the emerging fields of platform studies and platform theory. It deploys a narrative and playful approach that makes use of anecdotes, personal histories, etymologies, and futurable speculations to investigate both the fragmented genealogy that led to platformization and the organizational and economic trends that guide nowadays platform sociotechnical imaginaries. The dialogues cover fields such as media studies, software studies, internet governance, network theory, urban studies, social movement studies, political economy, management, and platform regulation. The interviews are set up to develop a network of internal cross-references that highlight the multi-layered connections from which platform power emerges.
MULTIFILE