Abstract
Purpose: The purpose of this paper is to explore the role of four cognitive biases, namely, selective perception, exposure to limited alternatives, adjustment and anchoring, and illusion of control in anticipating and responding to Distributed Denial of Service (DDoS) attacks.
Design/methodology/approach: The paper is based on exploratory case study research and secondary data on decision making in the Australian Bureau of Statistics (ABS) in regards to planning and managing DDoS attacks on Census day in 2016.
Findings: Cognitive biases limited the ABS's awareness of the eCensus system’s vulnerabilities, preparation for and management of DDoS attacks. Cyberattacks are on the increase, and managers should expect and be prepared to deal with them.
Research limitations/implications: Due to the sensitivity of the topic, it was not possible to interview relevant stakeholders. Analysis is based on high-quality secondary data that includes comprehensive government reports investigating the events on Census day.
Practical implications: Cyberattacks are inevitable and not an aberration. A checklist of actions is identified to help organisations avoid the failures revealed in our case study. Managers need to increase their awareness of cyberattacks, develop clear processes for dealing with them and increase the robustness of their decision-making processes relating to cybersecurity.
Originality/value: This we believe is the first major study of the DDoS attacks on the Australian census. DDoS is a security reality of the 21st century and this case study illustrates the significance of cognitive biases and their impact on developing effective decisions and conducting regular risk assessments in managing cyberattacks.
Design/methodology/approach: The paper is based on exploratory case study research and secondary data on decision making in the Australian Bureau of Statistics (ABS) in regards to planning and managing DDoS attacks on Census day in 2016.
Findings: Cognitive biases limited the ABS's awareness of the eCensus system’s vulnerabilities, preparation for and management of DDoS attacks. Cyberattacks are on the increase, and managers should expect and be prepared to deal with them.
Research limitations/implications: Due to the sensitivity of the topic, it was not possible to interview relevant stakeholders. Analysis is based on high-quality secondary data that includes comprehensive government reports investigating the events on Census day.
Practical implications: Cyberattacks are inevitable and not an aberration. A checklist of actions is identified to help organisations avoid the failures revealed in our case study. Managers need to increase their awareness of cyberattacks, develop clear processes for dealing with them and increase the robustness of their decision-making processes relating to cybersecurity.
Originality/value: This we believe is the first major study of the DDoS attacks on the Australian census. DDoS is a security reality of the 21st century and this case study illustrates the significance of cognitive biases and their impact on developing effective decisions and conducting regular risk assessments in managing cyberattacks.
Original language | English |
---|---|
Pages (from-to) | 171-188 |
Number of pages | 18 |
Journal | Information Technology and People |
Volume | 32 |
Issue number | 1 |
Early online date | 24 Sept 2018 |
DOIs | |
Publication status | Published - Jun 2019 |