{"id":7063,"date":"2025-01-10T13:23:00","date_gmt":"2025-01-10T02:23:00","guid":{"rendered":"https:\/\/anchoramconsulting.com\/au\/?p=7063"},"modified":"2025-06-30T19:12:34","modified_gmt":"2025-06-30T09:12:34","slug":"managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment","status":"publish","type":"post","link":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/","title":{"rendered":"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment"},"content":{"rendered":"<p aria-level=\"1\"><strong>Abstract\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">This paper traces the evolution of the modern computing landscape, exploring its historical developments and the concurrent rise of cyber security challenges. From its military origins in World War II to today\u2019s interconnected digital era, the narrative highlights the enduring nature of cyber security issues, identified as early as the late 1960s.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The analysis spans decades, noting pivotal moments like the Trusted Computer Systems Evaluation Criteria (TCSEC) in the 1970s to the digital revolution of the 1990s, the Internet\u2019s rise, and the current era dominated by cloud computing, digital transformation, A.I. and quantum computing.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Contemporary challenges, such as the digital-first approach, societal reliance on technology, physical security complications, and the volatile cyber landscape in a Volatile, Uncertain, Complex and Ambiguous (VUCA) world, are detailed. This paper scrutinises issues like data breaches, the limitations of security awareness training, and the evolving threat landscape.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The proposed solution builds on the approaches posited by <\/span><span data-contrast=\"auto\">(Zimmermann and Renaud, 2019)<\/span><span data-contrast=\"auto\"> and <\/span><span data-contrast=\"auto\">(Bauer and Patrick, 2004)<\/span><span data-contrast=\"auto\"> and places new emphasis on the role of the human as an integral part of the system as well as part of the cyber security infrastructure.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">In conclusion, the paper acknowledges the complex nature of cyber security challenges and suggests forward-looking strategies that leverage human involvement, contributing to a more adaptive and resilient cyber security approach.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"1\"><strong>Introduction<\/strong><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:240,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p><i><span data-contrast=\"none\">\u201cBecause that is where the money is.\u201d Willie Sutton<\/span><\/i><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559685&quot;:864,&quot;335559737&quot;:864,&quot;335559738&quot;:200}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The modern computing environment has developed exponentially over the last few decades. It has been a transformative force of the last part of the 20<\/span><span data-contrast=\"auto\">th<\/span><span data-contrast=\"auto\"> century and has an impact on all our lives to one degree or another. The benefits that this environment brings to society are significant and the critical and irreplaceable role that it plays is only becoming greater.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">This paper will cover the following topics:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"0\" data-aria-level=\"1\"><span data-contrast=\"auto\">How we arrived to where we are today. Taking a quick look backwards to see how the environment we are in today evolved.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">What is the environment. A review of today\u2019s environment and elucidating the issues that we face.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">How this happened. Certainly, we started with the best of intentions along the way, but we still came to the problems of today.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Change of approach: human in the system. It would be too much of a stretch to say that this paper presents a solution to the problems described, but it will highlight a seed of an idea which could be used to bring about positive change in what we have today.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p aria-level=\"1\"><strong>How We Got Here\u00a0<\/strong><\/p>\n<p><i><span data-contrast=\"none\">\u201cThe farther backward you can look, the farther forward you are likely to see.\u201d Winston Churchill<\/span><\/i><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559685&quot;:864,&quot;335559737&quot;:864,&quot;335559738&quot;:200}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">As with any development that has changed society, it is usually arrived at by a mixture of planning, accidents, events at the time and organic growth. The cyber environment we see today is no exception to this. Before we look at where we are today and the challenges that exist, a review of where we started from will provide a little bit of insight into these issues. The following paragraphs will be an overview of the development of the environment that we see today. It is by no means complete but is included to illustrate broadly how we arrived to where we are today.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>1940s\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">While the concept of a computing machine predates the 20<\/span><span data-contrast=\"auto\">th<\/span><span data-contrast=\"auto\"> century, the beginning of the modern computing environment can trace back to World War 2 with the need to automate calculations needed for navigation and ballistic firing solutions. This produced an automated calculating machine funded by the US Army Ordinance Ballistic Research Laboratory called ENIAC <\/span><span data-contrast=\"auto\">(Levy, 2013)<\/span><span data-contrast=\"auto\">. An ocean away, the UK were working on similar machines designed to attack the German ENIGMA machines in the form of Colossus <\/span><span data-contrast=\"auto\">(Williams, 2018)<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Modern computing was born into an adversarial and martial period of history to perform a very specific role. The environment that these machines existed in was highly classified with no networking capability, and physical security was the primary form of security used to protect these devices.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>1950-1960s\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">The end of World War 2 saw the recognition that computing devices would provide utility in a civilian content. At this point in time, the introduction of large mainframe devices such as the Univac 1 system, introduced in 1962 <\/span><span data-contrast=\"auto\">(Borgerson et al., 1978)<\/span><span data-contrast=\"auto\">, was seen used in scientific research and used for complex insurance calculations.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Computing was now used outside of a military context (although their military application still continued with the advent of the Cold War) and in the business and general academic community. The use of these machines was on a time-sharing and batch processing basis. Networking was either non-existent or minimal and internal to a single site. The use of physical security was still the primary method of protecting these machines.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>Late 1960s\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">The use of computers continued to expand both in private, public security and military applications. 1967 saw the publication of two seminal papers by the NSA and RAND which identified the need to secure these machines:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">In Security and Privacy in Computer Systems, Willis H. Ware started a discussion about the possibility that information in time-sharing systems could be leaked and exposed between different users <\/span><span data-contrast=\"auto\">(Ware, 1967)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">Bernard Peters in his paper Security Considerations in a Multi-Programmed Computers systems outlined nine security principles that are still relevant today. In the introduction to his paper, he opens with a statement that is still relevant today: \u201cSecurity cannot be attained in the absolute sense. Every security system seeks to attain a probability of loss which is commensurate with the value returned by the operation being secured\u201d.<\/span><span data-contrast=\"auto\">(Peters, 1967)<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">While the technology has moved on significantly from the time of both papers, anyone currently working within the cybersecurity industry will be able to acknowledge that these principles still underpin the work that we are trying to achieve. Cybersecurity is not a new problem.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>1970s\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">Research commenced around the concept of high assurance systems and the development of a form of \u201cevaluated system\u201d where there is a level of assurance around the security of a computer system. This created the Trusted Computer Systems Evaluation Criteria (TCSEC) or \u201cOrange Book\u201d <\/span><span data-contrast=\"auto\">(Lipner, 2015)<\/span><span data-contrast=\"auto\"> which ultimately led to the Evaluated Products List and Protection Profiles which we see today.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>Late 1970s Early 1980s\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">The late 1970s and the early 1980s started to see the introduction of non-mainframe computing devices into offices, albeit still limited and prohibitively expensive except for the largest organisations. Around this period security controls were still very much reliant on physical security but commercial computer security products did start to appear in the form of IBMs Resource Access Control Facility (RACF) and SKK\u2019s Access Control Facility 2 (ACF) <\/span><span data-contrast=\"auto\">(Yost, 2015)<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>1980s<\/strong><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The use of computers in offices started to become more common with the development of the Personal Computer. At this time, rudimentary networking capabilities started to be introduced and the first (of many) PC virus was developed <\/span><span data-contrast=\"auto\">(Kaspersky Labs, 2020)<\/span><span data-contrast=\"auto\">. Physical security still key to protecting computers but with the increase in users at all levels within the organisation, security awareness training started to appear.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>1990s<\/strong><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Networking has become ubiquitous along with the PC. Computer skills have become a requirement for many jobs. The Internet, while technically developed in 1962 <\/span><span data-contrast=\"auto\">(Leiner et al., 1997)<\/span><span data-contrast=\"auto\"> commenced large scale commercialisation as a result of the development of the World Wide Web <\/span><span data-contrast=\"auto\">(Cohen-Almagor, 2013)<\/span><span data-contrast=\"auto\"> which made the Internet more accessible outside specialised academic and business fields.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>2000s to Today\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">From 2000s through to today we see the evolution of the environment that we currently exist in. This is identified by:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"6\" data-aria-level=\"1\"><span data-contrast=\"auto\">Websites being standard for even the smallest of companies.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"7\" data-aria-level=\"1\"><span data-contrast=\"auto\">Computing devices in many forms, not just the PC, have become universal.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"8\" data-aria-level=\"1\"><span data-contrast=\"auto\">Connectivity is commonplace.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"9\" data-aria-level=\"1\"><span data-contrast=\"auto\">Computer skills are mandatory for most occupations.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"10\" data-aria-level=\"1\"><span data-contrast=\"auto\">Developed economies have become data driven.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"11\" data-aria-level=\"1\"><span data-contrast=\"auto\">Businesses have developed that can only exist on the Internet<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"12\" data-aria-level=\"1\"><span data-contrast=\"auto\">Cloud computing common.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"13\" data-aria-level=\"1\"><span data-contrast=\"auto\">Digital transformation moving all aspects of business and organisations to a digital first approach <\/span><span data-contrast=\"auto\">(Schneider and Kokshagina, 2021)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p aria-level=\"2\"><strong>Key Takeaways\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">From this brief overview of how we got to where we are today with the modern computing environment, there are a couple of observations that can be made.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"14\" data-aria-level=\"1\"><span data-contrast=\"auto\">Computing was originally developed in a high secure environment. It was born from an adversarial world and into an adversarial environment.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"15\" data-aria-level=\"1\"><span data-contrast=\"auto\">Cyber security as the problem we see it today is not a new development. The fundamental problems we face were identified many decades ago.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"16\" data-aria-level=\"1\"><span data-contrast=\"auto\">Computers started as a very technical and highly specialised field and a degree of skill or literacy is now a requirement to interact with everyday society<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">The final point is significant. If we look at the environment and measures that were put in place to protect computer systems during their developing years, security (for better or worse and as effective and ineffective as it may have been) was always a variable that was part of the equation of its use. While that is still the case to some degree, it could certainly be argued that the priority of utility, access and business function has changed this equation significantly to the detriment of securing systems and data.<\/span><\/p>\n<p aria-level=\"1\"><strong>What we have here\u00a0<\/strong><\/p>\n<p><i><span data-contrast=\"none\">\u201cThere\u2019s something happening here, but what it is ain\u2019t exactly clear.\u201d Buffalo Springfield<\/span><\/i><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559685&quot;:864,&quot;335559737&quot;:864,&quot;335559738&quot;:200}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">After taking a very quick history lesson of the development of the modern computer age, we can understand a little about how we got here. And now that we are here, these are some of the attributes of the environment we have created.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>Digital First\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">Several initiatives over the last few years has seen greater emphasis place upon a digital first strategy for businesses and governments. This is the realisation of a theory of the paperless office that was originally discussed in the mid-1970s <\/span><span data-contrast=\"auto\">(Appleyard, 2005)<\/span><span data-contrast=\"auto\">, saw some implementation in the 1980s <\/span><span data-contrast=\"auto\">(Milliken, 205)<\/span><span data-contrast=\"auto\"> but ultimately never really was able to see anything more than partial implementation until the development of sophisticated document management systems capable of supporting the needs of all organisations which have only just started to become universally available in the last 10-15 years.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">These initiatives have had great benefits to organisations with advantages from simply being able to conveniently store all their essential business documents in a number of storage servers instead of rooms full of filing cabinets and compactus through to implementation of complex business intelligence systems that allow the integration of data at a scale that would not have been possible with paper-based systems.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">One unintended consequence of these initiatives is that it has made these documents accessible to any location that can access the network storage. While this is also a benefit, it has also provided new threats that wouldn\u2019t have otherwise existed if the documents were in a locked file cabinet in a storage room. The move to digitisation has produced an increase in the size of the attack surface.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>A Requirement of Society\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">The ability to use and interact with information technology is considered a pre-requite of modern life <\/span><span data-contrast=\"auto\">(Selwyn, 2003)<\/span><span data-contrast=\"auto\">. This has reached a point where there is a digital divide is starting to separate people and impacting the level of opportunity someone on the other side of the divide has to societal benefits such as health, education, and economic prospects.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">While it is still possible to a degree to function without technology (and there is a popular movement of \u201cdigital detox\u201d for people to become involved in), long term absence will be difficult to manage and have significant impact on the capability of an individual to function.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>Physical Security\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">As identified earlier in this paper, physical security was the primary security mechanism for most computing systems as they developed through the middle of the 20<\/span><span data-contrast=\"auto\">th<\/span><span data-contrast=\"auto\"> century. Today physical security is still present however for several organisations and functions is it essentially outsourced to someone else. Traditionally, data existed on a machine that was fully controlled by the organisation that owned the data. Physical security could be managed, checked, and applied to the level that the organisation deemed appropriate. The use of Cloud Computing and the distributed nature of the information ecosystem with different computers systems sharing and consuming data from multiple disparate sources has made this protection far more complicated. Physical security is still present in this situation of course, but it is not fully under the control of the organisation that relies on the data being protected.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>A Volatile, Uncertain, Complex and Ambiguous (VUCA) World\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">More and more society is becoming a VUCA world. The term Volatile, Uncertain, Complex and Ambiguous (VUCA) was a term developed by the US Army War College in the 1990s <\/span><span data-contrast=\"auto\">(Lawrence, 2013)<\/span><span data-contrast=\"auto\"> to describe the political and economic impact that was taking place with the end of the Cold War.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Looking backwards at society and the world we have today, this concept appears to be more applicable that ever. It can also be applied to the technology environment that underpins the organisation of business, society, economies, and political structures. Given the societal dependence on information technology discussed above and the overall cyber security issues this paper is discussing, this is a significant area of volatility that can be exploited to great impact.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>Reliance on Security Awareness Training\u00a0\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">As we have discussed earlier in this paper, the usage of computer technology in an organisation was initially limited to specially trained personnel and the need for security was addressed through physical means as well as instruction to those specially trained personnel <\/span><span data-contrast=\"auto\">(Al-Daeef et al., 2017, Yost, 2015)<\/span><span data-contrast=\"auto\">. This reliance is still a primary control that is deployed in most organisations to protect computer systems and is the primary approach used to address the human factors element of cyber security.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">This type of training has developed over the years and can take a number of different forms that make innovative use of different training tools and technologies such as the use of video games as a learning tool <\/span><span data-contrast=\"auto\">(Cone et al., 2007)<\/span><span data-contrast=\"auto\"> and gamification of security awareness <\/span><span data-contrast=\"auto\">(Winkler and Manke, 2014)<\/span><span data-contrast=\"auto\">. However, the efficacy of these approaches has yet to be formally examined and evidence available suggests that it may not solve the problem of the human factor in relation to cyber security. Recent surveys from different organisations on user cyber security identifies several problems:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"17\" data-aria-level=\"1\"><span data-contrast=\"auto\">45% of UK workers never lock their smartphone <\/span><span data-contrast=\"auto\">(Proofpoint, 2020)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"18\" data-aria-level=\"1\"><span data-contrast=\"auto\">94% of organisations had a data breach resulting from inside user action <\/span><span data-contrast=\"auto\">(Egress, 2021)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"19\" data-aria-level=\"1\"><span data-contrast=\"auto\">58% of employers reported that employees ignore cyber security policy and guidelines <\/span><span data-contrast=\"auto\">(Netrix, 2020)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"20\" data-aria-level=\"1\"><span data-contrast=\"auto\">Users are not selecting strong passwords to protect their systems with the most common password \u2018password\u2019 being identified as being used <\/span><span data-contrast=\"auto\">(NordPass, 2022)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"25\" data-list-defn-props=\"{&quot;335551671&quot;:0,&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"21\" data-aria-level=\"1\"><span data-contrast=\"auto\">52% of users reuse the same password for multiple accounts with 13% of users reusing the same password on all accounts <\/span><span data-contrast=\"auto\">(Google and Harris Poll, 2019)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p aria-level=\"2\"><strong>Data Breaches\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">Recent years have seen significant levels of data breaches both within Australia and overseas. The information economy trades on data and it is a commodity that is sought after by threat actors. The full extent of this problem is difficult to fully ascertain.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Highlighted in <\/span><span data-contrast=\"auto\">Figure 1<\/span><span data-contrast=\"auto\">, since the beginning of this century a direction is emerging <\/span><span data-contrast=\"auto\">(Center for Strategic &amp; International Studies, 2023)<\/span><span data-contrast=\"auto\">. Looking at a graph of significant<\/span><span data-contrast=\"auto\">2<\/span><span data-contrast=\"auto\"> cyber security incidents worldwide (<\/span><span data-contrast=\"auto\">Figure 1<\/span><span data-contrast=\"auto\">), as compiled by the Centre for Strategic &amp; International Studies, there is a small increase in incidents from 2009 with a larger increase occurring from 2016 onwards. This trend of increases in incidents over this time is also reflected in other indicators identified in different reports from the same period. This includes:\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">An increase in the average cost of a data breach by 10% since 2014 <\/span><span data-contrast=\"auto\">(IBM Corporation, 2020)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">An increase in average cost of a data breach by 23% in 2017 <\/span><span data-contrast=\"auto\">(Kaspersky Labs, 2018)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">An increase in the average cost of a data breach by 15.3% in 2023 compared to 2020 <\/span><span data-contrast=\"auto\">(IBM Corporation, 2023)<\/span><span data-contrast=\"auto\">\u00a0\u00a0\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">While each of these reports point towards a similar increasing direction, it is not possible to establish that this direction is empirical. There is no consistent methodology underpinning these reports and each report has influence by corporations that sponsor the research.<\/span><\/p>\n<p><img decoding=\"async\" class=\"lazyload size-medium wp-image-7066 alignnone\" src=\"https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Significant_cyber_events-300x181.png\" data-orig-src=\"https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Significant_cyber_events-300x181.png\" alt=\"\" width=\"300\" height=\"181\" srcset=\"data:image\/svg+xml,%3Csvg%20xmlns%3D%27http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%27%20width%3D%27300%27%20height%3D%27181%27%20viewBox%3D%270%200%20300%20181%27%3E%3Crect%20width%3D%27300%27%20height%3D%27181%27%20fill-opacity%3D%220%22%2F%3E%3C%2Fsvg%3E\" data-srcset=\"https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Significant_cyber_events-200x121.png 200w, https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Significant_cyber_events-300x181.png 300w, https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Significant_cyber_events-400x241.png 400w, https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Significant_cyber_events-600x362.png 600w, https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Significant_cyber_events-768x463.png 768w, https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Significant_cyber_events.png 798w\" data-sizes=\"auto\" data-orig-sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<h6><i><span data-contrast=\"none\">Figure <\/span><\/i><i><span data-contrast=\"none\">1<\/span><\/i><i><span data-contrast=\"none\"> Graph of significant cyber events from 2003 to 2022. (Center for Strategic &amp; International Studies, 2023).<\/span><\/i><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559739&quot;:200,&quot;335559740&quot;:240}\">\u00a0<\/span><\/h6>\n<p><span data-contrast=\"auto\">It can be observed that data represented by <\/span><span data-contrast=\"auto\">Figure 1<\/span><span data-contrast=\"auto\"> identifies that a sharp increase in growth of these incidents started to occur around 2014. This correlates to the development of the trend of \u201cconsumerisation of IT\u201d into organisations <\/span><span data-contrast=\"auto\">(Stagliano et al., 2013)<\/span><span data-contrast=\"auto\"> which represents a change in the role of the both the organisation and user in regards to the use and selection of information technology. A level of control and management of user computing devices was initially ceded to the user with the introduction of Bring Your Own Devices (BYOD) and ubiquitous computing platforms that expanded beyond the desktop to the table, phone, and Internet of Things (IoT) devices This required groups and organisations to go beyond the existing models of security and introduce additional measures to address this introduction <\/span><span data-contrast=\"auto\">(Eslahi et al., 2014)<\/span><span data-contrast=\"auto\">.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The exact cause of a number of these incidents will not be immediately known outside of the organisation impacted due to a number of different factors including legal, human resources, and business process sensitivities <\/span><span data-contrast=\"auto\">(Davidson, 2023)<\/span><span data-contrast=\"auto\">. However, once the extent of these incidents is known and resolved analysis of the causes, outcomes and methods of mitigation is undertaken and published by security researchers and journalists and made available to the cyber security community for review.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">An example of this can be seen with the following examination of major cyber incidents such as:\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">The RSA supply chain attack that took place in 2011. In this example, personnel involved internally were bound by 10 year Non-Disclosure Agreements (NDAs) <\/span><span data-contrast=\"auto\">(Greenberg, 2021)<\/span><span data-contrast=\"auto\"> and have only in the last 2 years been able to talk about the cause of the attack which was a user clicking on a malicious email attachment titled \u201c2011 Recruitment Plan\u201d <\/span><span data-contrast=\"auto\">(Greenberg, 2021)<\/span><span data-contrast=\"auto\">.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">The breach of data from the US retailed Target in 2013. This resulted in the loss of 110 million customer records containing personal data and credit card information <\/span><span data-contrast=\"auto\">(Kassner, 2015)<\/span><span data-contrast=\"auto\">. Analysis was conducted and released by the US Government Committee on Commerce, Science, and Transportation in 2014 which identified in the Majority Staff Report for Chairman Rockefeller that the cause of the breach was a HVAC contractor with access to the target network being attacked <\/span><span data-contrast=\"auto\">(Committee on Commerce Science and Transportation, 2014)<\/span><span data-contrast=\"auto\">. Later analysis further expanded on this to reveal Target did maintain a secure network that utilised sophisticated cyber security protection involving both technology from FireEye<\/span><span data-contrast=\"auto\">3<\/span><span data-contrast=\"auto\"> and monitoring 24\/7 by a team of security specialists <\/span><span data-contrast=\"auto\">(Hartzog and Solove, 2022)<\/span><span data-contrast=\"auto\">. This protection was bypassed by the attack on the third-party HVAC Contractor (identified as Fazio Mechanical). Fazio Mechanical had legitimate access to the Target network as part of their contract. The attack on Fazio Mechanical consisted of a phishing email sent to one of their employees which contained the Citadel Trojan Horse. With this access to Fazio Mechanical networks the attacker was able to gain access to the Target network credentials and was able to perform the attack <\/span><span data-contrast=\"auto\">(Hartzog and Solove, 2022)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Both the statistics identified in the report above and the detailed review of the cyber incidents experienced by RSA and Target indicate that the problem of data breaches is here, does not have a current resolution and is getting worse.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"1\"><strong>The Solution\u00a0<\/strong><\/p>\n<p><i><span data-contrast=\"none\">\u201cIt is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change\u201d Charles Darwin<\/span><\/i><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559685&quot;:864,&quot;335559737&quot;:864,&quot;335559738&quot;:200}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">So far, we have discussed how we got to where we are today and now that we are here, what we are seeing. Several complex problems have developed into the environment. Efforts have been made to address those problems, but it does appear that this effort might not be enough.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Cybersecurity has the following strong and well matured controls that protect it:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"6\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Technology<\/span><\/b><span data-contrast=\"auto\">. There has been constant development in security technology since the 1970s through to today <\/span><span data-contrast=\"auto\">(Fidler, 2017, Warner, 2012, Yost, 2015)<\/span><span data-contrast=\"auto\"> in an attempt to address the fundamental lack of security that was built into the underlying TCP\/IP protocol layers of the Internet <\/span><span data-contrast=\"auto\">(Bellovin, 2004)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"7\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Process<\/span><\/b><span data-contrast=\"auto\">. Cyber security policy and procedures that govern all aspects of related to the protection of systems and their data <\/span><span data-contrast=\"auto\">(Mishra et al., 2022)<\/span><span data-contrast=\"auto\"> as well as robust security frameworks that have been adopted by different organisations both private and public <\/span><span data-contrast=\"auto\">(Brenner, 2007, Australian Government, 2023)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">There is certainly no suggestion that these measures are to be removed or changed in any significant manner. They provide a vital baseline of protection that we have today. The one area that is to be addressed and will see new development as well as some modification to the existing controls is the integration of human factors into the protection of cyber security systems beyond simply the use of security awareness training.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">This approach is proposed in two different forms:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"8\" data-aria-level=\"1\"><span data-contrast=\"auto\">Integrate the role of the human in the system<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"9\" data-aria-level=\"1\"><span data-contrast=\"auto\">Development of the Human as a Solution mindset<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p aria-level=\"2\"><strong>Integrating the Human into the System\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">Although sounding a little dystopian and cyberpunk, integration of the human into the system is simply a methodology that treats the human as part of the system rather than just a user. As all levels of system design have controls and attributes that need to be addressed, looking at addressing those attributes specifically for the human will introduce changes into the design.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"3\"><strong>The OSI Model\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">The Open System Interconnection (OSI) Framework model was developed by the International Organisation for Standards as a way of standardising the description and specifications of networking protocols at a time where there was a number of diverse standards in use <\/span><span data-contrast=\"auto\">(Kumar et al., 2014)<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<table data-tablestyle=\"MsoNormalTable\" data-tablelook=\"1056\" aria-rowcount=\"8\">\n<tbody>\n<tr aria-rowindex=\"1\">\n<td data-celllook=\"69905\"><b><span data-contrast=\"auto\">Layer Number<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><b><span data-contrast=\"auto\">Layer Name<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><b><span data-contrast=\"auto\">Cyber Attack<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><b><span data-contrast=\"auto\">Mitigation<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr aria-rowindex=\"2\">\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">7<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Application<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Exploit<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Secure coding practices<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr aria-rowindex=\"3\">\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">6<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Presentation<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Phishing<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">SPF\/DMARC\/Spam Filtering<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr aria-rowindex=\"4\">\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">5<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Session<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Hijacking<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Encryption\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr aria-rowindex=\"5\">\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">4<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Transport<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Reconnaissance\/DoS<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Encryption\/DoS Protection<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr aria-rowindex=\"6\">\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">3<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Network<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Man-in-the-Middle<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Encryption\/Digital signing<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr aria-rowindex=\"7\">\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">2<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Data-Link<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Spoofing<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Encryption\/Port locking<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr aria-rowindex=\"8\">\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">1<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Physical<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Sniffing<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Encryption\/ steel conduit<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true}\">\u00a0<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h6><i><span data-contrast=\"none\">Table <\/span><\/i><i><span data-contrast=\"none\">1<\/span><\/i><i><span data-contrast=\"none\"> The OSI Model including cyber attacks and mitigations relevant at each layer<\/span><\/i><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:200,&quot;335559740&quot;:240}\">\u00a0<\/span><\/h6>\n<p><span data-contrast=\"auto\">While network protocols have long been standardised, the model is still relevant today particularly for troubleshooting network issues as well as aiding in analysis of cyber attacks that can occur at the different layers (see <\/span><span data-contrast=\"auto\">Table 1<\/span><span data-contrast=\"auto\"> for a simple example).\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>The HCI Extension to the OSI Model\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">The OSI model solidly speaks about the implementation of technology. The Human Computer Interaction (HCI) Extension to the model <\/span><span data-contrast=\"auto\">(Bauer and Patrick, 2004)<\/span><span data-contrast=\"auto\"> proposes additional layers that incorporate the human factors into the system. These layers consist of the following additional layers:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"10\" data-aria-level=\"1\"><span data-contrast=\"auto\">Layer 10 \u2013 Human Needs<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"11\" data-aria-level=\"1\"><span data-contrast=\"auto\">Layer 9 \u2013 Human Performance<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"12\" data-aria-level=\"1\"><span data-contrast=\"auto\">Layer 8 &#8211; Display<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">These layers acknowledge the importance of the user in protecting the system more than just as a user but as a part of the system which enables the system to achieve its objectives. This extension looks to aspects of the human factor and how it can help protect the system and involves a cross-discipline approach to implementation taking in aspects of organisational behaviour and psychology.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"3\"><strong>Layer 10 \u2013 Human Needs\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">At this layer the focus is on addressing the human need provided by the system. The system is used to achieve a particular need of the human and by extension the organisation the human works for. Identifying the need of the human such as communication, education, acquisition, security, accessibility,\u00a0 or entertainment, will allow this need to be integrated into the system.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"3\"><strong>Layer 9 \u2013 Human Performance\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">Layer 9 looks to how the human user will interact with the system and takes into consideration of attributes such as perception, cognition, memory, motor control and social.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"3\"><strong>Layer 8 \u2013 Display\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">This layer is the interchange layer between the HCI and OSI models and considers how information is displayed and entered by the human user. Aspects of this layer include input devices, GUI\/CLI design, printing and other feedback mechanisms that the system employs to communicate and obtain input from the user.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>Implementing the HCI\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">Unlike the OSI model, the implementation of the HCI is a little less standardised. How each of these layers are addressed will depend upon several factors some of which will exist outside of the technical system implementation. Consideration for implementation can include:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"13\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Environment the system operates in<\/span><\/b><span data-contrast=\"auto\">. Considerations for Layer 8 will have a dependency upon where the system operates. Considerations for display for example will differ if the system is designed to operate within a secure office environment versus in a publicly accessible area.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"14\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">The people using the system<\/span><\/b><span data-contrast=\"auto\">. A key aspect of consideration for Layer 10 will be the human need that the system meets. The needs of the user for a communication system will differ from a system designed to provide entertainment or security.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"15\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Feedback to and from the system.<\/span><\/b><span data-contrast=\"auto\"> The amount of information that needs to enter the system or be produced by the system needs to be appropriate for the capabilities of the user and ensure that the Layer 9 design provides adequate comprehension.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">As with the OSI model in <\/span><span data-contrast=\"auto\">Table 1<\/span><span data-contrast=\"auto\">, <\/span><span data-contrast=\"auto\">Table 2<\/span><span data-contrast=\"auto\"> presents a simplified view of cyber attacks and mitigations that exist at each layer.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<table data-tablestyle=\"MsoNormalTable\" data-tablelook=\"1056\" aria-rowcount=\"4\">\n<tbody>\n<tr aria-rowindex=\"1\">\n<td data-celllook=\"69905\"><b><span data-contrast=\"auto\">Layer Number<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><b><span data-contrast=\"auto\">Layer Name<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><b><span data-contrast=\"auto\">Cyber Attack<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><b><span data-contrast=\"auto\">Mitigation<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr aria-rowindex=\"2\">\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">10<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Human Needs<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Phishing\/Social Engineering\/Influence<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Authenticity\/integrity checks<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr aria-rowindex=\"3\">\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">9<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Human Performance<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Deep Fakes\/Dark Patterns\/DoS (limitation of service)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Authenticity\/integrity checks<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Redundancy<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr aria-rowindex=\"4\">\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">8<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Display<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">DoS\/Disruption of hardware<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"auto\">Redundancy<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true}\">\u00a0<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h6><i><span data-contrast=\"none\">Table <\/span><\/i><i><span data-contrast=\"none\">2<\/span><\/i><i><span data-contrast=\"none\"> The HCI Model including cyber attacks and mitigations relevant at each layer<\/span><\/i><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:200,&quot;335559740&quot;:240}\">\u00a0<\/span><\/h6>\n<p aria-level=\"1\"><strong>Human as a Solution Mindset\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">For anyone who has worked within the information technology industry for any time will at least be able to relate (in whole or in part) to the following: \u201cmanaging this system would be great if we didn\u2019t have users\u201d. This is often seen as particularly relevant to the cyber security industry where despite best efforts and intentions, user actions are generally the major cause of breaches.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">While we have discussed incorporating the human factor into system design, a second approach is to flip the script and look at how the human factor can be modified to participate as a solution to the problem rather than the cause.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>The Current Cyber Security Model\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">At a very high-level cyber security is implemented in most organisations with the following fundamental principles:<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"16\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Prevent Errors<\/span><\/b><span data-contrast=\"auto\">. Errors in the system, either accidental or deliberated, must be prevented with considerable resources being allocated for this task.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"17\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Exclude, Train, Control &amp; Constrain<\/span><\/b><span data-contrast=\"auto\">. The environment is such that we need to stop access to resources, train user how to use resources (although indoctrination is a more accurate description in reality) and provide constraints around usage to ensure security.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"18\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Policy Adequacy<\/span><\/b><span data-contrast=\"auto\">. Control of the environment is exercised by strong policy, procedure, and effective governance.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"19\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Resistance Stance<\/span><\/b><span data-contrast=\"auto\">. The environment must be setup with the view to ensuring resistance to attack and misuse is the primary focus.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">All these principles work together as the basis of how cyber security is managed today. Based upon the how we arrived at this environment as discussed earlier in this paper, these principles do seem rationale and appropriate.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">However, as also identified in this paper, this approach was developed from the adversarial environment that computer technology was born into. Evidence does suggests that this approach, while still playing a vital role, is no longer providing the effective results that it once did.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p aria-level=\"2\"><strong>A New Approach\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">A new approach proposed is to look at these principles differently <\/span><span data-contrast=\"auto\">(Zimmermann and Renaud, 2019)<\/span><span data-contrast=\"auto\"> and attempt to use the role that the human user plays in the system as a positive cyber security attribute:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"20\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Human as a Solution<\/span><\/b><span data-contrast=\"auto\">. The user is the part of the system that facilitates access and enables the system to undertake its function. As with any other component of the system, the user must be used to help facilitate the cyber security of the system.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"21\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Focus on Successes<\/span><\/b><span data-contrast=\"auto\">. A common activity at the end of any data breach or other cyber security event is to undertake an After Action Report in an attempt to provide lessons learned from the event which can then be fed back into the incident procedures to improve them. While this is an important activity, it does lack the focus on successes. We are only looking at part of the equation with this activity. Benefit could be obtained by analysis of activities that worked and prevented cyber security incidents or data breaches. Looking at this information would provide the opportunity to enhance and strengthen activities that have proven to be effective.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"22\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Collaborate and Communicate.<\/span><\/b><span data-contrast=\"auto\"> If we are integrating the human into the system, there will be some activities that the human will do better than the system and some activities that the system will always do better than the human. This approach examines the concept of HABA-MABA (Humans are Better At \u2013 Machines are Better At). Modern systems require automation for several tasks, but an examination of the most appropriate tasks to automate versus those that require a human in the loops needs to be undertaken.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"23\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Balance Resistance and Resilience.<\/span><\/b><span data-contrast=\"auto\"> In a world defined by a VUCA environment, cyber security threats are a constant and their form and nature will continue to be irregular and continually adapting to defences. The attributes of resistance that are in the traditional model are still vital, but these need to be balanced against resilience attributes that include the ability to anticipate, monitor, respond and learn.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"24\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Defer to Expertise.<\/span><\/b><span data-contrast=\"auto\"> Monitoring the environment and the system is a vital tool to provide protection to systems. Cyber security professional are (and always will be) the necessary expertise to provide this level of oversight. Traditional approaches do tend to ignore the expertise that the system user will potentially bring to this process. The system user has a level of expertise in the use of the system that the cyber security professional does not possess. Appropriately educated with what to look for, the user could provide valuable insight to indications that problems, potentially linked to cyber security incidents are occurring.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"26\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"25\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Encourage Learning<\/span><\/b><span data-contrast=\"auto\">. Users do, and always will, make mistakes which will have the potential to lead to cyber security incidents. The nature of integrating the human into the system will always produce this result. While measures will always need to be in place to prevent this where possible ensuring that when it does occur will provide opportunities for improvement and further education. A system user will want to achieve the goals of their role and use the system to the best of their abilities (putting aside the issue of malicious insiders of course). When this doesn\u2019t occur, it will generally be a result of lack of understanding in some form. Developing an environment of risk-free reporting when this occur will provide additional information that can be further incorporated into lessons learned and analysis activities.\u00a0\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p aria-level=\"1\"><strong>Conclusion\u00a0<\/strong><\/p>\n<p><i><span data-contrast=\"none\">\u201cThe only truly secure system is one that is powered off, cast in a block of concrete, and sealed in a lead-lined room with armed guards \u2013 and even then I have my doubts.\u201d \u2013 Gene Spafford<\/span><\/i><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559685&quot;:864,&quot;335559737&quot;:864,&quot;335559738&quot;:200}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The problems that we are facing in the field of cyber security are many and varied and have become worse over recent years. This paper is proposing two different approaches, Human Computer Interaction Model and Cyber Security Differently, that could be applied to the current environment to better use the human elements that are part of the system. Both methods are at a theoretical level of development and need to be adapted to the environment they are to be implemented into. They also need to be looked at as complimentary to existing system development methodologies and cyber security practice and procedures rather than a replacement.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">These two approaches look to maximise the use of the resources that exist within all organisations and systems and take advantage of the system user to enhance the cyber security approach.<\/span><\/p>\n<p><a href=\"https:\/\/anchoramconsulting.com\/au\/au\/contact\/\">Contact Anchoram Consulting today!<\/a><\/p>\n<p>_______________________________________________________________________<\/p>\n<p aria-level=\"1\"><strong>References:\u00a0<\/strong><\/p>\n<p><span data-contrast=\"auto\">AL-DAEEF, M. M., BASIR, N. &amp; SAUDI, M. M. 2017. Security awareness training: A review. <\/span><i><span data-contrast=\"auto\">Lecture Notes in Engineering and Computer Science<\/span><\/i><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">APPLEYARD, R. 2005. Whatever happened to the paperless office? Available from: <\/span><a href=\"https:\/\/idm.net.au\/blog\/002622whatever-happened-paperless-office\"><span data-contrast=\"none\">https:\/\/idm.net.au\/blog\/002622whatever-happened-paperless-office<\/span><\/a><span data-contrast=\"auto\"> [Accessed 2 December 2023].<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">AUSTRALIAN GOVERNMENT. 2023. <\/span><i><span data-contrast=\"auto\">Protective Security Policy Framework <\/span><\/i><span data-contrast=\"auto\">[Online]. Australian Government. Available: <\/span><a href=\"https:\/\/www.protectivesecurity.gov.au\/\"><span data-contrast=\"none\">https:\/\/www.protectivesecurity.gov.au\/<\/span><\/a><span data-contrast=\"auto\"> [Accessed 7 May 2023].<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">BAUER, B. &amp; PATRICK, A. S. 2004. <\/span><i><span data-contrast=\"auto\">A human factors extension to the seven-layer OSI reference model <\/span><\/i><span data-contrast=\"auto\">[Online]. 6 January 2004. Available: <\/span><a href=\"https:\/\/www.andrewpatrick.ca\/OSI\/10layer.html\"><span data-contrast=\"none\">https:\/\/www.andrewpatrick.ca\/OSI\/10layer.html<\/span><\/a><span data-contrast=\"auto\"> [Accessed 15 July 2023].<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">BELLOVIN, S. M. A look back at&#8221; security problems in the tcp\/ip protocol suite.\u00a0 20th Annual Computer Security Applications Conference, 2004. IEEE, 229-249.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">BORGERSON, B. R., HANSON, M. L. &amp; HARTLEY, P. 1978. The evolution of the Sperry Univac 1100 series: a history, analysis, and projection. <\/span><i><span data-contrast=\"auto\">Communications of the ACM,<\/span><\/i><span data-contrast=\"auto\"> 21<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 25-43.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">BRENNER, J. 2007. ISO 27001 risk management and compliance. <\/span><i><span data-contrast=\"auto\">Risk management,<\/span><\/i><span data-contrast=\"auto\"> 54<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 24-29.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">CENTER FOR STRATEGIC &amp; INTERNATIONAL STUDIES. 2023. <\/span><i><span data-contrast=\"auto\">Signficant Cyber Incidents <\/span><\/i><span data-contrast=\"auto\">[Online]. CSIS Center for Strategic &amp; International Studies. Available: <\/span><a href=\"https:\/\/www.csis.org\/programs\/strategic-technologies-program\/significant-cyber-incidents\"><span data-contrast=\"none\">https:\/\/www.csis.org\/programs\/strategic-technologies-program\/significant-cyber-incidents<\/span><\/a><span data-contrast=\"auto\"> [Accessed 29 May 2023].<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">COHEN-ALMAGOR, R. 2013. Internet history. <\/span><i><span data-contrast=\"auto\">Moral, ethical, and social dilemmas in the age of technology: Theories and practice.<\/span><\/i><span data-contrast=\"auto\"> IGI Global.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">COMMITTEE ON COMMERCE SCIENCE AND TRANSPORTATION 2014. A &#8220;Kill Chain&#8221; Analysis of the 2013 Target Data Breach. <\/span><i><span data-contrast=\"auto\">In:<\/span><\/i><span data-contrast=\"auto\"> SENATE, U. S. (ed.).<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">CONE, B. D., IRVINE, C. E., THOMPSON, M. F. &amp; NGUYEN, T. D. 2007. A video game for cyber security training and awareness. <\/span><i><span data-contrast=\"auto\">Computers and Security,<\/span><\/i><span data-contrast=\"auto\"> 26<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 63-72.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">DAVIDSON, J. 2023. Inside Optus&#8217;s secret cyberattack briefings. <\/span><i><span data-contrast=\"auto\">Financial Review<\/span><\/i><span data-contrast=\"auto\">, 5\/09\/2023.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">EGRESS 2021. Insider Data Breach Ssurvey 2021.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">ESLAHI, M., NASERI, M. V., HASHIM, H., TAHIR, N. &amp; SAAD, E. H. M. BYOD: Current state and security challenges.\u00a0 2014 IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE), 2014. IEEE, 189-192.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">FIDLER, B. 2017. Cybersecurity governance: A prehistory and its implications. <\/span><i><span data-contrast=\"auto\">Digital Policy, Regulation and Governance<\/span><\/i><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">GOOGLE &amp; HARRIS POLL 2019. Online Security Survey Google\/Harris Poll.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">GREENBERG, A. 2021. The Full Story of the Stunning RSA Hack Can Finally Be Told. <\/span><i><span data-contrast=\"auto\">Wired.<\/span><\/i><span data-contrast=\"auto\"> Conde Nast.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">HARTZOG, W. &amp; SOLOVE, D. J. 2022. <\/span><i><span data-contrast=\"auto\">We Still Haven&#8217;t Learned the Major Lesson of the 2013 Target Hack <\/span><\/i><span data-contrast=\"auto\">[Online]. Slate. Available: <\/span><a href=\"https:\/\/slate.com\/technology\/2022\/04\/breached-excerpt-hartzog-solove-target.html\"><span data-contrast=\"none\">https:\/\/slate.com\/technology\/2022\/04\/breached-excerpt-hartzog-solove-target.html<\/span><\/a><span data-contrast=\"auto\"> [Accessed 16 September 2023].<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">IBM CORPORATION 2020. Cost of a Data Breach Report. Ponemon Institute.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">IBM CORPORATION 2023. Cost of a Data Breach Report 2023. Ponemon Institute.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">KASPERSKY LABS. 2018. <\/span><i><span data-contrast=\"auto\">Kaspersky Lab Report: The Cost of a Data Breach Continues to Grow Worldwide <\/span><\/i><span data-contrast=\"auto\">[Online]. Available: <\/span><a href=\"https:\/\/usa.kaspersky.com\/about\/press-releases\/2018_kaspersky-lab-report-the-cost-of-a-data-breach-continues-to-grow-worldwide\"><span data-contrast=\"none\">https:\/\/usa.kaspersky.com\/about\/press-releases\/2018_kaspersky-lab-report-the-cost-of-a-data-breach-continues-to-grow-worldwide<\/span><\/a><span data-contrast=\"auto\"> [Accessed 10 September 2023].<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">KASPERSKY LABS. 2020. <\/span><i><span data-contrast=\"auto\">A Brief History of Computer Viruses &amp; What the Future Holds <\/span><\/i><span data-contrast=\"auto\">[Online]. Available: <\/span><a href=\"https:\/\/www.kaspersky.com\/resource-center\/threats\/a-brief-history-of-computer-viruses-and-what-the-future-holds\"><span data-contrast=\"none\">https:\/\/www.kaspersky.com\/resource-center\/threats\/a-brief-history-of-computer-viruses-and-what-the-future-holds<\/span><\/a><span data-contrast=\"auto\"> [Accessed 1 December 2023].<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">KASSNER, M. 2015. <\/span><i><span data-contrast=\"auto\">Anatomy of the Target data breach: Missed opportunities and lessons learned <\/span><\/i><span data-contrast=\"auto\">[Online]. ZDNET. Available: <\/span><a href=\"https:\/\/www.zdnet.com\/article\/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned\/\"><span data-contrast=\"none\">https:\/\/www.zdnet.com\/article\/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned\/<\/span><\/a><span data-contrast=\"auto\"> [Accessed 16 September 2023].<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">KUMAR, S., DALAL, S. &amp; DIXIT, V. 2014. The OSI model: Overview on the seven layers of computer networks. <\/span><i><span data-contrast=\"auto\">International Journal of Computer Science and Information Technology Research,<\/span><\/i><span data-contrast=\"auto\"> 2<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 461-466.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">LAWRENCE, K. 2013. Developing leaders in a VUCA environment. <\/span><i><span data-contrast=\"auto\">UNC Executive Development,<\/span><\/i><span data-contrast=\"auto\"> 2013<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 1-15.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">LEINER, B. M., CERF, V. G., CLARK, D. D., KAHN, R. E., KLEINROCK, L., LYNCH, D. C., POSTEL, J., ROBERTS, L. G. &amp; WOLFF, S. S. 1997. The past and future history of the Internet. <\/span><i><span data-contrast=\"auto\">Communications of the ACM,<\/span><\/i><span data-contrast=\"auto\"> 40<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 102-108.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">LEVY, S. 2013. <\/span><i><span data-contrast=\"auto\">The Brief History of the ENIAC Computer <\/span><\/i><span data-contrast=\"auto\">[Online]. Smithsonian Magazine. Available: <\/span><a href=\"https:\/\/www.smithsonianmag.com\/history\/the-brief-history-of-the-eniac-computer-3889120\/\"><span data-contrast=\"none\">https:\/\/www.smithsonianmag.com\/history\/the-brief-history-of-the-eniac-computer-3889120\/<\/span><\/a><span data-contrast=\"auto\"> [Accessed 30 November 2023].<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">LIPNER, S. B. 2015. The birth and death of the orange book. <\/span><i><span data-contrast=\"auto\">IEEE Annals of the History of Computing,<\/span><\/i><span data-contrast=\"auto\"> 37<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 19-31.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">MILLIKEN, G. 205. The Paperless Office: 30-Year Old Pipe-Dream? <\/span><i><span data-contrast=\"auto\">Wired.<\/span><\/i><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">MISHRA, A., ALZOUBI, Y. I., GILL, A. Q. &amp; ANWAR, M. J. 2022. Cybersecurity enterprises policies: a Comparative study. <\/span><i><span data-contrast=\"auto\">Sensors,<\/span><\/i><span data-contrast=\"auto\"> 22<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 538.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">NETRIX 2020. 2020 Cyber Threats Report.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">NORDPASS. 2022. <\/span><i><span data-contrast=\"auto\">Top 200 most common passwords <\/span><\/i><span data-contrast=\"auto\">[Online]. Available: <\/span><a href=\"https:\/\/nordpass.com\/most-common-passwords-list\/\"><span data-contrast=\"none\">https:\/\/nordpass.com\/most-common-passwords-list\/<\/span><\/a><span data-contrast=\"auto\"> [Accessed 19 September 2023].<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">PETERS, B. Security considerations in a multi-programmed computer system.\u00a0 Proceedings of the April 18-20, 1967, spring joint computer conference, 1967. 283-286.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">PROOFPOINT 2020. 2020 User Risk Report.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">SCHNEIDER, S. &amp; KOKSHAGINA, O. 2021. Digital transformation: What we have learned (thus far) and what is next. <\/span><i><span data-contrast=\"auto\">Creativity and innovation management,<\/span><\/i><span data-contrast=\"auto\"> 30<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 384-411.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">SELWYN, N. 2003. Apart from technology: understanding people\u2019s non-use of information and communication technologies in everyday life. <\/span><i><span data-contrast=\"auto\">Technology in society,<\/span><\/i><span data-contrast=\"auto\"> 25<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 99-116.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">STAGLIANO, T., DIPOALO, A. &amp; COONELLY, P. 2013. Consumerization of IT.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">WARE, W. H. Security and privacy in computer systems.\u00a0 Proceedings of the April 18-20, 1967, spring joint computer conference, 1967. 279-282.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">WARNER, M. 2012. Cybersecurity: A Pre-History. <\/span><i><span data-contrast=\"auto\">Intelligence and National Security,<\/span><\/i><span data-contrast=\"auto\"> 27<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 781-799.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">WILLIAMS, M. 2018. The First Public Discussion of the Secret Colossus Project. <\/span><i><span data-contrast=\"auto\">IEEE Annals of the History of Computing,<\/span><\/i><span data-contrast=\"auto\"> 40<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 84-87.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">WINKLER, I. &amp; MANKE, S. 2014. Gamifying Security Awareness. <\/span><i><span data-contrast=\"auto\">RSA Conference 2014.<\/span><\/i><span data-contrast=\"auto\"> Moscone Centre, San Francisco.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">YOST, J. R. 2015. The Origin and Early History of the Computer Security Software Products Industry. <\/span><i><span data-contrast=\"auto\">IEEE Annals of the History of Computer,<\/span><\/i><span data-contrast=\"auto\"> 15<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 1058-6180.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:720}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">ZIMMERMANN, V. &amp; RENAUD, K. 2019. Moving from a &#8216;human-as-aproblem&#8217; to a &#8216;human-as-solution&#8217; cybersecurity mindset. <\/span><i><span data-contrast=\"auto\">International Journal of Human-Computer Studies,<\/span><\/i><span data-contrast=\"auto\"> 131<\/span><b><span data-contrast=\"auto\">,<\/span><\/b><span data-contrast=\"auto\"> 169-187.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Abstract\u00a0 This paper traces the evolution of the modern computing  [&#8230;]<\/p>\n","protected":false},"author":29,"featured_media":7064,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[20],"tags":[],"class_list":["post-7063","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment - Anchoram Australia<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment - Anchoram Australia\" \/>\n<meta property=\"og:description\" content=\"Abstract\u00a0 This paper traces the evolution of the modern computing [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/\" \/>\n<meta property=\"og:site_name\" content=\"Anchoram Australia\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-10T02:23:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-30T09:12:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Managing_Risk-e1745996469230.png\" \/>\n\t<meta property=\"og:image:width\" content=\"526\" \/>\n\t<meta property=\"og:image:height\" content=\"526\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Daryl Sheppard\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daryl Sheppard\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"30 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/\"},\"author\":{\"name\":\"Daryl Sheppard\",\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/#\\\/schema\\\/person\\\/2ed909a98acd153fa78e279e3782b757\"},\"headline\":\"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment\",\"datePublished\":\"2025-01-10T02:23:00+00:00\",\"dateModified\":\"2025-06-30T09:12:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/\"},\"wordCount\":6007,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/Managing_Risk-e1745996469230.png\",\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/\",\"url\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/\",\"name\":\"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment - Anchoram Australia\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/Managing_Risk-e1745996469230.png\",\"datePublished\":\"2025-01-10T02:23:00+00:00\",\"dateModified\":\"2025-06-30T09:12:34+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/#\\\/schema\\\/person\\\/2ed909a98acd153fa78e279e3782b757\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/#primaryimage\",\"url\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/Managing_Risk-e1745996469230.png\",\"contentUrl\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/Managing_Risk-e1745996469230.png\",\"width\":526,\"height\":526,\"caption\":\"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/2025\\\/01\\\/10\\\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/#website\",\"url\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/\",\"name\":\"Anchoram Australia\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/#\\\/schema\\\/person\\\/2ed909a98acd153fa78e279e3782b757\",\"name\":\"Daryl Sheppard\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/209396fa809cd3b278598dbeb99fd9a5fa169ffcbba60a33b9ab956691a01cf8?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/209396fa809cd3b278598dbeb99fd9a5fa169ffcbba60a33b9ab956691a01cf8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/209396fa809cd3b278598dbeb99fd9a5fa169ffcbba60a33b9ab956691a01cf8?s=96&d=mm&r=g\",\"caption\":\"Daryl Sheppard\"},\"sameAs\":[\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/\"],\"url\":\"https:\\\/\\\/anchoramconsulting.com\\\/au\\\/blog\\\/profiles\\\/daryl-sheppard\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment - Anchoram Australia","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/","og_locale":"en_US","og_type":"article","og_title":"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment - Anchoram Australia","og_description":"Abstract\u00a0 This paper traces the evolution of the modern computing [...]","og_url":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/","og_site_name":"Anchoram Australia","article_published_time":"2025-01-10T02:23:00+00:00","article_modified_time":"2025-06-30T09:12:34+00:00","og_image":[{"width":526,"height":526,"url":"https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Managing_Risk-e1745996469230.png","type":"image\/png"}],"author":"Daryl Sheppard","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Daryl Sheppard","Est. reading time":"30 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/#article","isPartOf":{"@id":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/"},"author":{"name":"Daryl Sheppard","@id":"https:\/\/anchoramconsulting.com\/au\/#\/schema\/person\/2ed909a98acd153fa78e279e3782b757"},"headline":"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment","datePublished":"2025-01-10T02:23:00+00:00","dateModified":"2025-06-30T09:12:34+00:00","mainEntityOfPage":{"@id":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/"},"wordCount":6007,"commentCount":0,"image":{"@id":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/#primaryimage"},"thumbnailUrl":"https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Managing_Risk-e1745996469230.png","articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/","url":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/","name":"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment - Anchoram Australia","isPartOf":{"@id":"https:\/\/anchoramconsulting.com\/au\/#website"},"primaryImageOfPage":{"@id":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/#primaryimage"},"image":{"@id":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/#primaryimage"},"thumbnailUrl":"https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Managing_Risk-e1745996469230.png","datePublished":"2025-01-10T02:23:00+00:00","dateModified":"2025-06-30T09:12:34+00:00","author":{"@id":"https:\/\/anchoramconsulting.com\/au\/#\/schema\/person\/2ed909a98acd153fa78e279e3782b757"},"breadcrumb":{"@id":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/#primaryimage","url":"https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Managing_Risk-e1745996469230.png","contentUrl":"https:\/\/anchoramconsulting.com\/au\/wp-content\/uploads\/sites\/2\/2025\/01\/Managing_Risk-e1745996469230.png","width":526,"height":526,"caption":"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment"},{"@type":"BreadcrumbList","@id":"https:\/\/anchoramconsulting.com\/au\/blog\/2025\/01\/10\/managing-risk-introducing-resilience-and-securing-layer-8-in-an-increasingly-volatile-uncertain-and-ambiguous-cyber-environment\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/anchoramconsulting.com\/au\/"},{"@type":"ListItem","position":2,"name":"Managing Risk, Introducing Resilience and Securing Layer 8 in an Increasingly Volatile, Uncertain and Ambiguous Cyber Environment"}]},{"@type":"WebSite","@id":"https:\/\/anchoramconsulting.com\/au\/#website","url":"https:\/\/anchoramconsulting.com\/au\/","name":"Anchoram Australia","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/anchoramconsulting.com\/au\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/anchoramconsulting.com\/au\/#\/schema\/person\/2ed909a98acd153fa78e279e3782b757","name":"Daryl Sheppard","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/209396fa809cd3b278598dbeb99fd9a5fa169ffcbba60a33b9ab956691a01cf8?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/209396fa809cd3b278598dbeb99fd9a5fa169ffcbba60a33b9ab956691a01cf8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/209396fa809cd3b278598dbeb99fd9a5fa169ffcbba60a33b9ab956691a01cf8?s=96&d=mm&r=g","caption":"Daryl Sheppard"},"sameAs":["https:\/\/anchoramconsulting.com\/au\/"],"url":"https:\/\/anchoramconsulting.com\/au\/blog\/profiles\/daryl-sheppard\/"}]}},"_links":{"self":[{"href":"https:\/\/anchoramconsulting.com\/au\/wp-json\/wp\/v2\/posts\/7063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/anchoramconsulting.com\/au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/anchoramconsulting.com\/au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/anchoramconsulting.com\/au\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/anchoramconsulting.com\/au\/wp-json\/wp\/v2\/comments?post=7063"}],"version-history":[{"count":4,"href":"https:\/\/anchoramconsulting.com\/au\/wp-json\/wp\/v2\/posts\/7063\/revisions"}],"predecessor-version":[{"id":7069,"href":"https:\/\/anchoramconsulting.com\/au\/wp-json\/wp\/v2\/posts\/7063\/revisions\/7069"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/anchoramconsulting.com\/au\/wp-json\/wp\/v2\/media\/7064"}],"wp:attachment":[{"href":"https:\/\/anchoramconsulting.com\/au\/wp-json\/wp\/v2\/media?parent=7063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/anchoramconsulting.com\/au\/wp-json\/wp\/v2\/categories?post=7063"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/anchoramconsulting.com\/au\/wp-json\/wp\/v2\/tags?post=7063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}