A socio-technical perspective to counter cyber-enabled industrial espionage
The ubiquitous digitization of information and the pervasive connectivity of work systems have inevitably facilitated cyber-enabled industrial espionage. Security failures explain most of cyber industrial espionage incidents, and insider threats represent a significant pattern in many case examples. Insiders can inadvertently or purposefully pose serious threats to organisations by facilitating access to or misuse of proprietary sensitive data. This paper argues that technical security solutions have rather limited scope to tackle this problem, and that a socio-technical approach has potential to provide a better means to address the challenge of preventing and responding to insider threats. Such an approach could bridge the gap between the design and implementation of security solutions and creation of an organisational culture that is security-aware.
KeywordsCyber-security Socio-technical Industrial espionage Work system Insider threat
- Ackoff, R.L., and F.E. Emery. 1972. On purposeful systems. London: Tavistock.Google Scholar
- Alotaibi, M., S. Furnell, and N. Clarke. 2016. Information security policies: a review of challenges and influencing factors. In 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST), 352–358. IEEE.Google Scholar
- Bada, M., A.M. Sasse, and J.R. Nurse. 2015. Cyber security awareness campaigns: Why do they fail to change behaviour? Working Papers of the Sustainable Society Network vol. 3, First International Conference on Cyber Security for Sustainable Society 2015, Coventry University, 26–27 February 2015, 118–132. arXiv preprint arXiv:1901.02672.
- Baron, R., and M. Pigeon. 2017. Adapting the EU Directive on Trade Secrets ‘Protection’ into National Law: A transposition guide for legislators and civil society organisations. Brussels: Corporate Europe Observatory, February 2017.Google Scholar
- Beadnar, P.M. 2018. The socio-technical toolbox. Portsmouth: Portsmouth Craneswater Press.Google Scholar
- Bednar, P.M., and V. Katos. 2009. Addressing the human factor in information systems security. MCIS2009. In ed. A. Poulymenakou, N. Pouloudi, and K. Pramatari, Proceedings of 4th Mediterranean Conference on Information Systems, 900–912. Athens, Greece, September 25–27.Google Scholar
- Bednar, P.M., and C. Welch. 2009. Inquiry into informing systems: Critical systemic thinking in practice, Chapter 14. In Foundations of informing science, ed. G. Gill. Santa Rosa: Informing Science Press.Google Scholar
- Bissell, K., R.M. Lasalle, and P. Dal Chin. 2019. Ninth Annual Cost of Cybercrime Study, Accenture and the Ponemon Institute. https://www.accenture.com/us-en/insights/security/cost-cybercrime-study. Accessed 16 July 2019.
- Cabinet Office/Detica. 2011. The Costs of Cybercrime: A Detica report in Partnership with the Office of Cyber Security and Information Assurance in the Cabinet Office. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/60942/THE-COST-OF-CYBER-CRIME-SUMMARY-FINAL.pdf. Accessed 16 July 2019.
- Carl, S. 2017. An unacknowledged crisis—economic and industrial espionage in Europe. Essays in honour of Nestor Courakis, 1316–1326. Athens: Ant. N. Sakkoulas Publications L.P. 2017.Google Scholar
- Checkland, P., and S. Holwell. 1998. Information, systems and information systems: Making sense of the field. Chichester: Wiley.Google Scholar
- CPNI. 2013. Insider Threat Data Collection Study: Report of Main Findings. Retrieved from https://www.cpni.gov.uk/…/insider-data-collection-study-report-of-main-findings.pdf.
- CSIS. 2018. Economic Impact of cyber Crime—No Slowing Down. p17. Retrieved from https://csis-prod.s3.amazonaws.com/s3fs-public/publication/economic-impact-cybercrime.pdf.
- Davenport, T.H., and L. Prusak. 2000. Working knowledge: How organizations manage what they know. Boston: Harvard Business School Press.Google Scholar
- Furnell, S. 2016. The usability of security—revisited, Computer Fraud & Security, September 5–11.Google Scholar
- Global Economic Crime Survey. 2016. Adjusting the Lens on Economic Crime. Retrieved from https://www.pwc.com/gx/en/economic-crime-survey/pdf/GlobalEconomicCrimeSurvey2016.pdf.
- Information Commissioner. 2017. Warning for workers after charity employee is prosecuted for data protection offences. ICO News 8 November 2017. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/11/warning-for-workers-after-charity-employee-is-prosecuted-for-data-protection-offences/. Accessed 26 Apr 2019.
- IP Commission. 2017. The Theft Of American Intellectual Property: Reassessments Of The Challenge And United States Policy. The National Bureau of Asian Research. Retrieved from http://ipcommission.org/report/IP_Commission_Report_Update_2017.pdf.
- Isdell, N., and D. Beasley. 2011. Inside coca-cola: A CEO's life story of building the world's. St. Martin's Press.Google Scholar
- Keller, S., and B. Schaninger. 2019. A better way to lead large-scale change. McKinsey & Company. https://www.mckinsey.com/business-functions/organization/our-insights/a-better-way-to-lead-large-scale-change. Accessed 30 Jun 2019.
- Koppel, R., S. Smith, J. Blythe, and V. Kothari. 2015. Workarounds to computer access in healthcare organizations: You want my password or a dead patient? Studies in Health Technology and Informatics 280: 220–251.Google Scholar
- Mohr, B.J. 2016. Creating high-performing organizations: The North American open socio-technical systems design approach. Chapter 2 in ed. B.J. Mohr and P. van Amelsvoort, Co-creating humane and innovative organizations: Evolutions in the practice of socio-technical system design. Portland: Global STS-D Network Press.Google Scholar
- Mohr, B.J., and P. van Amelsvoort (eds.). 2016. Co-creating humane and innovative organizations evolutions in the practice of socio-technical system design. Portland: Global STS-D Network Press.Google Scholar
- Moulières-Seban, T., D. Bitonneau, J.M. Salotti, J.F. Thibault, and B. Claverie. 2017. Human factors issues for the design of a cobotic system. In Advances in human factors in robots and unmanned systems, 375–385. Cham: Springer.Google Scholar
- Mumford, E., and G.J. Beekman. 1994. Tools for change & progress: A socio-technical approach to business process re-engineering. Leiden: CSG Publications.Google Scholar
- Mumford, E., and M. Weir. 1979. Computer systems in work design—the ETHICS method. New York: Wiley.Google Scholar
- Naughton, J. 2018. How Facebook got into a mess—and why it can’t get out of it. The Observer, 28 April 2018. https://www.theguardian.com/technology/2018/apr/07/facebookgot-into-mess-cant-get-out-of-it-mark-zuckerberg-surveillance-capitalism. Accessed 30 Jun 2019.
- Nissen, H.-E. 2002. Challenging traditions of inquiry in software practice, Chapter 4. In Social thinking—software practice, ed. Y. Dittrich, C. Floyd, and R. Klischewski. Cambridge Mass: MIT Press.Google Scholar
- Nonaka, I. 1991. The knowledge creating company, Harvard Business Review, 69 Nov–Dec 1991.Google Scholar
- Oz, E., and A. Jones. 2008. Management information systems. London: Cengage Learning EMEA. ISBN 978-1-84480-758-1.Google Scholar
- Sadok, M., and P.M. Bednar. 2016. Information security management in SMEs: Beyond the IT challenges. In Proceedings of International Symposium on Human Aspects of Information Security & Assurance, Frankfurt, Germany, 209–219, July 19–21.Google Scholar
- Sarker, S., S. Chatterjee, X. Xiao, and A. Elbanna .2019. The sociotechnical “Axis of Cohesion” for the IS discipline: Its historical legacy and its continued relevance, MISQ (forthcoming).Google Scholar
- Shedden, P., R. Scheepers, W. Smith, and A. Ahmad. 2011. Incorporating a knowledge perspective into security risk assessments. VINE Journal Information Knowledge Management System 41 (2): 152–166.Google Scholar
- Silberg, J. and J. Maryilka. 2019. Tackling bias in artificial intelligence (and in humans). McKinsey Global Institute. https://www.mckinsey.com/featured-insights/artificial-intelligence/tackling-bias-in-artificial-intelligence-and-in-humans. Accessed 27 Apr 2019.
- Sommerville, I. 2011, Software engineering, Pearson Education Inc, ISBN: 978-0-13-705346-9.Google Scholar
- Symantec Internet Security Threat Report 20. 2015. https://www.symantec.com/content/en/us/enterprise/other_resources/21347933_GA_RPT-internet-security-threat-report-volume-20-2015.pdf. Accessed 16 July 2019.
- The Global State of Information Security Survey. 2016. Managing cyber risks in an interconnected world. www.pwc.com/gsiss2015.
- Trist, E., H. Murray and F. Emery. 1997. The social engagement of social science: A Tavistock anthology: The socio-ecological perspective (Tavistock Anthology), University of Pennsylvania. http://www.moderntimesworkplace.com/archives/ericsess/sessvol1/sessvol1.html. Accessed 26 Apr 2019.
- Verizon Data Breach Investigation Report. 2018. https://enterprise.verizon.com/resources/reports/DBIR_2018_Report_execsummary.pdf. Accessed 16 July 2019.