Introducing the concept of cybersecurity footprint

• Published in: Information and computer security Vol. 29; no. 5; pp. 724 - 736
• Main Authors: Levy, Yair, Gafni, Ruti
• Format: Journal Article
• Language: English
• Published: Bingley Emerald Group Publishing Limited 12.11.2021
• Subjects: Cybercrime; Cybersecurity; Data integrity; Employees; Internet service providers; Organizations; Personal health; Social networks; Supply chains; Taxonomy; Virtual private networks; Websites
• ISSN: 2056-4961; 2056-497X
• DOI: 10.1108/ICS-04-2020-0054

PurposeThis paper aims to introduce the concept of cybersecurity footprint.Design/methodology/approachCharacteristics of cybersecurity footprint are presented based on documented cases, and the domino effect of cybersecurity is illustrated. Organizational and individual cybersecurity footprints are outlined. Active and passive – digital vs cybersecurity footprints are then reviewed. Taxonomy of aware/unaware vs active/passive cybersecurity footprints are presented, followed by brief discussion of the implications for future research.FindingsThe concept of cybersecurity footprint is defined, and the evidence from prior cyber incidents is shown to emphasize the concept. Smaller organizations may have a large cybersecurity footprint, whereas larger organizations may have smaller one. Cyberattacks are focusing on the individuals or small organizations that are in the supply chain of larger organizations causing the domino effect.Practical implicationsImplications of cybersecurity footprint to individuals, organizations, societies and governments are discussed. The authors present organizations with ways to lower cybersecurity footprint along with recommendations for future research.Social implicationsCybersecurity has a significant social implication worldwide, as the world is becoming cyber dependent. With the authors’ introduction of the cybersecurity footprint concept and call to further understand how organizations can measure and reduce it, the authors envision it as another perspective of assessing cyber risk and further help mitigate future cyber incidents.Originality/valueThis paper extends the existing information and computer security body of knowledge on the concept of cybersecurity footprint with illustrated cases.