It’s one of those things everyone knows we should be doing. The problem is that no one knows “how” we should be doing it.

Adopting a holistic approach to protect modern organisations from cyber-breaches is more easily said than done: What should we be focusing on? How should we prioritise cyber-risks? What vulnerability factors are under our control? Where are our organisational boundaries?

Whilst acknowledging the importance of human and organisational factors, current approaches to vulnerability management focus overwhelmingly on the technical side of things: protect your networks, gain intel on current threats, select the most appropriate architecture, rely on reputable MSPs, educate your workforce, etc.

No one, however, has the perfect recipe for the “do-it-all”.

In this presentation, I will review several comprehensive frameworks for early detection of organisational vulnerability to cyber-breaches based on socio-technical systems approaches. As the name itself illustrates, STS frameworks are intended to detect the comprehensive gamut of factors increasing likelihood and/or consequences of cyber-breaches, including technical, procedural, and people-related ones. STS frameworks can have two possible functions: 1) Supporting root-cause analysis by unpacking, ex post, the determinants of a cyber-breach; 2) Identifying weak signals of organisational vulnerability for prompt intervention and reduction of impact and probability of or aversion of data breaches. Examples of instances and determinants detected through STS approaches include: negligence in detecting a threat alarm (e.g., adverse psychological state in a SOC operator; human factors); lack of leadership in cybersecurity (e.g., cost-cutting due to other business investment); scarce compliance to information security policies (e.g., ISP ‘sits in a drawer untouched’); etc.

The presented STS frameworks will be the result of an intense research activity I conducted with my team across 2022 and the beginning of 2023, investigating industry best practices and academic literature on the topic and eminent cyber-breaches of the past and present. In my presentation, I will also give the audience suggestions and directions on how to deploy selections or portions of STS approaches in their organisations, for example through internal audit processes or by interviewing and surveying key personnel working in strategic positions.

To substantiate my presentation, I will offer practical examples of eminent cases of cyber-breaches whose root causes emerged from the interaction of factors originating at several layers.

After this presentation, participants will be more familiar with STS approaches for cybersecurity and will be able to apply them in their organisations, through a practical step-by-step guide on how to do so.