Hur åtgärdar offentliga aktörer deras cybersäkerhet efter att ha blivit utsatta för cyberattacker? / How do public actors address their cyber security after cyber attacks against them?

Mohammed Abdu, Mohammed, Alsaif, Anas

January 2023

Digitization has been a growing phenomenon in today's society where organizations, individuals and society at large are affected by it. In pace with the emerging use of digitization,a realization of the relevance of cyber security in the public sector has increased, but not to a sufficient extent. Cyber security is about processes used to protect personal information and important data in organizations. Cyber security also includes knowledge of cyberattacks, where actors attack an organization's data most often for financial reasons. Cyber attacks have affected the public sector in several countries. The study focuses on known cyber attacks around the world that are related to public actors in healthcare, transport and electricity supply,among others. The study's analysis compares implemented measures after the incidents based on a cyber risk assessment framework. The survey shows that increased investments, new and clear work routines, training for employees and continuous testing of computer systems are important measures for the prevention of cyber attacks. The mentioned main actions that are common between the studied actors are supported by the theoretical frame of reference. This is because frameworks linked to cyber attacks also point out that investments, clear work routines and monitoring of systems contribute to protection against cyber attacks. / Digitalisering har varit ett växande fenomen i dagens samhälle där organisationer, individer och samhället i stort påverkas av det. Med takt av den framväxande användningen av digitalisering, har en realisering av cybersäkerhetens relevans inom den offentliga sektorn ökat, men inte i tillräcklig stor omfattning. Cybersäkerhet handlar om processer som används för att skydda personlig information och viktiga data i organisationer. Cybersäkerhet omfattar också kunskap om cyberattacker, där aktörer angriper en organisations data oftast för ekonomiska skäl. Cyberattacker har påverkat den offentliga sektorn i flera länder. Studien fokuserar på kända cyberangrepp runt om i världen som är relaterade till offentliga aktörer inom bland annat sjukvård, transport och elförsörjning. Studiens analys jämför genomförda åtgärder efter incidenterna utifrån ett ramverk om cyberriskbedömning. Undersökningen visar att ökade investeringar, nya och tydliga arbetsrutiner, utbildning till medarbetare ochkontinuerliga testningar av datasystem är viktiga åtgärder för förebyggande av cyberattacker.De nämnda huvudsakliga åtgärderna som är gemensamma mellan de studerade aktörerna stödjas av den teoretiska referensramen. Detta eftersom ramverk kopplade till cyberattacker påpekar också att investeringar, tydliga arbetsrutiner och övervakning av system, bidrar till skydd mot cyberattacker.

Cyber attacks

Cyber security

Cyber risk management framework

Public sector

Nyckelord: Cyberattacker

Cybersäkerhet

Cyber risk management framework

Offentlig sektor.

Computer Systems

Datorsystem

Communication Systems

Kommunikationssystem

"The cyber war" : A qualitative study investigating the management of cybersecurity in Swedish online fashion companies

Steinbernreiter, Kajsa

January 2018

Due to a world-wide digitalisation, the fashion segment has experienced a shift from offline to online shopping. Consequently, more companies choose to interconnect digitally with consumers and suppliers. This highlights cyber risks and cybersecurity issues more than ever, which becomes specifically apparent amongst online companies. Through qualitative semi-structured interviews with three different Swedish online fashion companies, the purpose of investigating how cybersecurity currently is prioritised and managed was reached. In addition to this, two cybersecurity experts gave their view of the most important aspects in the field, which companies should consider. Results showed a fairly well-managed cybersecurity amongst Swedish online fashion companies, even though knowledge in the field is scarce. Through educating everyone at the company and implementing a group of people in charge of these questions, a more holistic view could be attained. By offering thoughts on how online fashion companies can enhance their current cybersecurity, this paper contributes to the literature of cyber risk management as well as provides meaningful knowledge to all types of online companies.

cybersecurity

cyber risk management

risk management

cyber risks

online fashion companies

fashion online

qualitative

Swedish

textile management

Economics and Business

Ekonomi och näringsliv