Towards a Cyber-resilient Workforce – Cybersecurity Challenges, Awareness, and Training in the Age of COVID-19
The outbreak of the COVID‑19 crisis has dramatically impacted our lives, disrupting social, business, and government activities across the globe, while generating fear and uncertainty about the future. A major change for most businesses was digitalization and replacement of the traditional models of office work with home offices. The sudden shift in ways of working and the significant increase in the number of people working outside of their secured office networks presented an ideal environment for the opportunistic cybercriminals, which is reflected by a surge in cybercrimes, phishing scams, and other types of malicious activities. As the society, businesses, and government realized the importance of cybersecurity management more than ever, they look for knowledge and best-practices related to remote work to recover and adapt to the new normal.
The key goal of this research is to develop cyber resilience by proposing new guidelines and sources of advice for businesses on effective cybersecurity management while maintaining business continuity during the COVID‑19 pandemic and beyond, which in turn would lead the development of revised cybersecurity principles, awareness and training programs, and policies. The project is divided into three empirical studies as follows: Study #1: Case studies to develop an in-depth understanding of cybersecurity challenges related to remote work practices, gaps in cybersecurity and awareness programs, and (reactive and proactive) measures adopted to respond to these challenges at different stages of the pandemic; Study #2: A large-scale quantitative analysis to study the importance of common and industry specific cybersecurity challenges related to inverted work practices and test perceived effectiveness of emergency responses; Study #3: A large-scale quantitative analysis to study the importance of common and industry specific gaps in cybersecurity awareness and training programs and effectiveness of revisions undertaken to address these gaps.
The project will take place between September 2021 and August 2023. Each of the proposed studies will be completed in 12-months with the involvement of 5 HQP. The project will start with semi-structured interviews with cybersecurity professionals and members of cybersecurity awareness and training departments from 10-15 case organizations. The results of multiple case studies will help develop the theoretical backbone for the following two large-scale quantitative field surveys with approximately 1000 knowledge workers and cybersecurity professionals, which will be utilized for the generalizability of results and empirical validation of the theoretical models on the effectiveness of adopted response measures. The research team is well situated to carry out this project as they have substantial industry-academic partnerships with technology driven sectors, and a burgeoning reputation for advanced knowledge of emerging technology issues relevant to businesses, regulators, media and civil society.
This project will be the first comprehensive investigation on cybersecurity management for remote workforce, offering insight on emerging and escalating cybersecurity challenges when employees are outside corporate firewalls. Findings will also shed light on best practices of cyber-resilient business, informing development of cybersecurity principles, awareness and training programs, and policies to protect against cyberthreats, manage future crises, and satisfy the necessities of remote work. The outcomes will contribute to the literature on information technologies and management, and will interest academia, government, private sector, professional associations, and general public.