Cyber attacks exploit flaws in software, human error or misplaced trust. The end goal is to access information, money or to disrupt an organisation. To keep a step ahead of these criminals requires the organisation to have ‘strategic cyber-foresight’, advises Bruno Fischer of the University of Campinas; he is one of the editors of a special IEEE supplement on cybersecurity.
Fischer also observes that a move to seamless integrated innovation processes can increase the vulnerability to attack.
“Many organisations have undergone a digital transformation to increase visibility of information flows through an organisation. In parallel they have integrated those systems with others in the value chain. This increases the opportunities for outsiders to access the infrastructure and for organisation members to leak valuable information.
“What these organisations need is strategic cyber-foresight to look not just at the technology assets, but also at human factors and the wider environment in which the organisation operates.”
Co-editor Dirk Meissner, of HSE University Moscow, observes that the security needs to be balanced with the need to ensure that there is still sufficient flexibility to enable innovation.
“The challenge lies in designing cyber strategies that set standards and protocols that are not too restrictive. They need to respect personal trust and relations with partners but are not too lax in technical terms and standards.”
He explains that trust forms part of an organisations’ intellectual assets and it comes in many forms. He says: “Trust is a very human feature that is driven by many determinants, such as experiences, sharing of attitudes with others, and level of communication openness. An element of trust is essential for an individual’s professional performance and organisational knowledge production.
“An important task for an organisation is to take stock of internal data and information, assess the importance for the organisation, and prioritise and assign access rights accordingly, such as the rights to upload, change, download, and similar.
“In this way, cyber security shares many elements of change management, effective initiatives are required to support new processes in order to generate sustainable impacts.”
The editors have curated a Special Section for the IEEE, Transactions on Engineering Management, VOL. 69, NO. 6, DECEMBER 2022, that covers cybersecurity.
Fischer concludes: “Taken together, the papers contained in this Special Section provide some searing insight into the salient theoretical and empirical foundations underlying cyber-attacks, strategic cyber- foresight, and security. They also indicate the current state of the literature and provide some fruitful directions for future research.”
Authors: Bruno Fischer (University of Campinas Campinas, Brazil); Dirk Meissner (HSE University Moscow); Richard Nyuur (University of Bradford School of Management Bradford, UK); David Sarpong (Brunel University London).