The cyberspace depicts an increasing number of difficulties related to security, especially in healthcare. This is evident from how vulnerable critical infrastructures are to cyberattacks and are unprotected against cybercrime. Users, ideally, should maintain a good level of cyber hygiene, via regular software updates and the development of unique passwords, as an effective way to become resilient to cyberattacks. Cyber security breaches are a top priority, and most users are aware that their behaviours may put them at risk; however, they are not educated to follow best practices, such as protecting their passwords. Mass cyber education may serve as a means to offset poor cyber security behaviours; however, mandatory education becomes a questionable point if the content is not focused on human factors, using human-centric approaches and taking into account end users’ behaviours, which is currently the case. P The nature of the present papers report the best pr is largely exploratory, and the purpose is two-fold: To present and explore the cyber hygiene definition, context and habits of end users in order to strengthen our understanding of users. Our paper reports the best practices that should be used by healthcare organisations and healthcare professionals to maintain good cyber hygiene and how these can be applied via a healthcare use case scenario to increase awareness related to data privacy and cybersecurity. This is an issue of great importance and urgency considering the rapid increase of cyberattacks in healthcare organisations, mainly due to human errors. Further to that, based on human-centric approaches, theour long-term vision and future work involves facilitating the development of efficient practices and education associated with cybersecurity hygiene via a flexible, adaptable and practical framework.
Cyber Threat | Description |
---|---|
Attacks on Hosted Components | These types of attacks include destructive software injection to a targeted system, for example, cross-site scripting, SQL injection and related techniques, which threaten the access and/or authentication controls. This may occur in cloud-based control systems handling big volumes of sensitive data. Here, the countermeasures include mainly role-based approaches, creating awareness in order to protect towards impersonation at the cloud level and API authentication. |
Social Engineering | It refers to the attacks performed on the “weakest link” in the security supply chain. This is achieved by psychologically manipulating individuals to perform malicious actions or share confidential information. Common techniques used for this manipulation are shoulder surfing, diversion theft, “dumpster diving”, impersonation of help desk calls, phishing and/or personal blackmailing |
Component | Description | ||||
---|---|---|---|---|---|
User |
| ||||
[ | 19][20]. Social engineering is one of the major reasons why even security-aware and well-equipped companies fall victims to cyberattacks. Hackers identify the weakest link in the security supply chain in which they can insert the malicious software or the virus into the targeted system. Therefore, it is of great importance to identify and further secure the weakest link in the security chain. Some of the initial countermeasures, which can be adopted to prevent upcoming attacks, include block Wi-Fi connections to unsecured networks, block network connections related to malicious content, stop using non-secure web pages and websites and performing actions on them. Further approaches, which can be taken to reduce the high level of cyberattacks, include mitigating known threats in the systems and applications, regularly patching vulnerable systems and/or keeping the company’s devices up-to-date with the latest version. | It refers to the attacks performed on the “weakest link” in the security supply chain. This is achieved by psychologically manipulating individuals to perform malicious actions or share confidential information. Common techniques used for this manipulation are shoulder surfing, diversion theft, “dumpster diving”, impersonation of help desk calls, phishing and/or personal blackmailing [38,39]. Social engineering is one of the major reasons why even security-aware and well-equipped companies fall victims to cyberattacks. Hackers identify the weakest link in the security supply chain in which they can insert the malicious software or the virus into the targeted system. Therefore, it is of great importance to identify and further secure the weakest link in the security chain. Some of the initial countermeasures, which can be adopted to prevent upcoming attacks, include block Wi-Fi connections to unsecured networks, block network connections related to malicious content, stop using non-secure web pages and websites and performing actions on them. Further approaches, which can be taken to reduce the high level of cyberattacks, include mitigating known threats in the systems and applications, regularly patching vulnerable systems and/or keeping the company’s devices up-to-date with the latest version. | |||
Usage |
| Physical Attack | Physical attacks are mostly carried out in fields involving several Internet of Things (IoT) applications since they are connected to a number of components and hardware devices. These are easily located by hackers since they cannot be monitored at a single location and are kept far away from each other [21][22]. The main countermeasures in such cases include trusted platform modules to enable storage of the data on separate platforms securely, file system encryption meaning proper algorithms and encryption decryption techniques shall be used so the data can be stored and secured properly, and lastly remote attestation meaning attesting a remote to each hardware device, which is located far in order to be controlled from faraway locations as well. | ||
Usability | Physical attacks are mostly carried out in fields involving several Internet of Things (IoT) applications since they are connected to a number of components and hardware devices. These are easily located by hackers since they cannot be monitored at a single location and are kept far away from each other [42,43]. The main countermeasures in such cases include trusted platform modules to enable storage of the data on separate platforms securely, file system encryption meaning proper algorithms and encryption decryption techniques shall be used so the data can be stored and secured properly, and lastly remote attestation meaning attesting a remote to each hardware device, which is located far in order to be controlled from faraway locations as well. | ||||
|
Network Compromise | These attacks are known as ‘middle way attacks’ where the hackers use a number of techniques, for example, altering or blocking communications between hardware devices and their cloud-based controller session and/or hijacking to enter and disrupt a network. The countermeasures that can be offered here include performing regular updates on the software and use of proper file decryption and encryption techniques while sending and receiving sensitive data between the end-to-end users. | |||
| Hacked Device Software | In these attacks, the hacker accesses the software at the device level and then it carries out several fraudulent activities and techniques. Such activities and techniques target to take control of the data in the system and include elevation of privileges, denial of service, malware injection and/or false identification [23]. These types of attacks can be tackled by carrying out countermeasures, as for example, software isolation; “secured boot”, meaning that when any malicious activities are carried out in the system, after rebooting the system, it then does not turn on and all the available data in the system becomes resilient to the attacker; and/or software update, which maintains the software and its system updated with the latest version available on the market. | In these attacks, the hacker accesses the software at the device level and then it carries out several fraudulent activities and techniques. Such activities and techniques target to take control of the data in the system and include elevation of privileges, denial of service, malware injection and/or false identification [44]. These types of attacks can be tackled by carrying out countermeasures, as for example, software isolation; “secured boot”, meaning that when any malicious activities are carried out in the system, after rebooting the system, it then does not turn on and all the available data in the system becomes resilient to the attacker; and/or software update, which maintains the software and its system updated with the latest version available on the market. | ||
Security Misconfiguration | This type of attack is being performed due to inattentiveness or carelessness. The moment when it has been observed to occur is when handling the security changes of the software, as the security changes become misconfigured and provide the attackers with the right opportunity to attack the devices and extract the available data from them. Hence, the most significant countermeasure is that the security changes ought to be carried out with extreme care and with proper decryption encryption techniques as well [21]. | This type of attack is being performed due to inattentiveness or carelessness. The moment when it has been observed to occur is when handling the security changes of the software, as the security changes become misconfigured and provide the attackers with the right opportunity to attack the devices and extract the available data from them. Hence, the most significant countermeasure is that the security changes ought to be carried out with extreme care and with proper decryption encryption techniques as well [42]. |
Human behaviour is the weakest link in cybersecurity; it is the employees of any organisation that should be involved and engaged within cybersecurity awareness and the development of mitigation approaches.
Furthermore, as a result of the global COVID-19 pandemic, new working trends have been introduced, where employees working flexibly use their own devices or are using work devices outside the office, resulting in blurred lines between personal and business limits, exacerbating the risky behaviours. As a result, any measures to mitigate the cyber risks need to go beyond the software updating and hardware maintenance to a more human-centric approach. Human-centric cyber security is still a new domain, which is an intangible concept and is challenging to define and to be understood, not only by the lay end user, but also by specialists in cyberspace. The reason is that it sits at the intersection of human behaviour, computing and security systems. Grobler et al. (2021) [24][46