Periodic Reporting for period 1 - SOTER (cyberSecurity Optimization and Training for Enhanced Resilience in finance)
Reporting period: 2019-07-01 to 2020-08-31
SOTER will create a comprehensive set of tools that will act as a transformative process of the finance sector, helping their players to increase the cybersecurity level of this critical sector, as one of the key threats to deal with nowadays. SOTER will address this issue under a holistic approach, tackling different aspects linked to it, both the technological perspective and the human factor.
On the other hand, desk research on cybersecurity competences has been carried out for determining the current best practices, the legal context and cybersecurity considerations. This will provide a starting point and orientation for cybersecurity trainings. It specifically focuses on the human factor in cybersecurity. SOTER has also explored how companies can increase their cyber resilience and promote the long-term development of a cybersecurity culture.
To complement the technological development, SOTER is engaging with the finance sector to research human factor-based cybersecurity, through social science and humanities based research. SOTER seeks to further the existing body of knowledge by combining three complementary strands of research – the first is a combination of desk-based research and an evidence-led qualitative enquiry with both a dedicated end-user and sectoral partners from the fintech community, to see if existing theory and practice are congruent. This strand of the SOTER project will investigate specific aspects of human factor-based cybersecurity, namely incidents, threats and vulnerabilities related to: 1) Error, malpractice, and misjudgement 2) Malevolent actors, and 3) Legal and ethical threats. The second strand of research will develop a suite of training materials to be released under open licences, with the goal of increasing cybersecurity resilience across the sector. The developed training materials are based on a comprehensive Cybersecurity Competence Catalogue informed by the industry, that clearly outlines which cybersecurity, information security, and information technology related competences are required by employees of financial services organisations to be cyber-resilient. The overarching goal of the social sciences based SOTER research is to ensure that the finance sector is furthermore protected from ever-increasingly complex threats in regard to the human factor in an ethical and trustful manner, taking into account not only organisational integrity, but also the individual integrity of all employees involved.