As technology and economies grow in Central and Eastern Europe countries (CEE), cybercrime originating from this region is ramping up both in scale and sophistication. Some of the most malicious viruses in the last several years are suspected to have launched from this region, including Tinba from Romania, Gozi from Bulgaria, and GozNym from Poland.

Despite becoming more technologically advanced and a hotbed for cybercrime, many countries in this region still fall short when it comes to battling it.

Robert Crossler lends expertise on cyber defense and deterrence

Robert Crossler, associate professor of information systems in the Carson College of Business and faculty expert on cyber security, is helping CEE institutions and companies develop strategic responses to emerging forms of high-tech crime. He is part of a WSU contingent that participates in the annual Black Sea and Balkans Security Forum in Romania organized by the Ovidius University of Constanta and other international sponsors.

At this year’s forum, Crossler presented “Cyber Defense and Deterrence: The Human Component,” discussing how employees can make correct security decisions and address passive, volitional, and malicious internal security threats caused by individuals.

“The three types of internal security threatscoming from individuals are on a continuum from accidental —often due to lack of awareness—to intentionally harmful,” Crossler said.

Combatting passive, volitional, and malicious threats

A passive threat could occur when an employee who doesn’t know better clicks on a link in a scam email, Crossler explains. An example of a volitional threat is when an employee is trained not to use the same password for different systems or websites but does so anyway. A malicious threat is “doing something on purpose” and a criminal offense, such as stealing records, deleting files, or dumping water into a mainframe server.

The key to dealing with passive and volitional threats is training and awareness, Crossler said. Managers can implement volitional training by giving employees a sense of autonomy, such as providing them with choices on password management software. Additionally, managers could strive to create an environment of positive empowerment and dialogue so that when breaches occur, employees engage rather than keep silent for fear of punishment.

He suggests managers use formal deterrence for cases of malicious threats. Helpful practices beyond a formal report filed with the company’s human resources department could include web monitoring and developing policy that states the severity and swiftness of consequences for malicious acts.

Offering research-based insights to international business communities

Crossler said he became interested in cyber security as a doctoral student studying information systems. He decided to develop his doctoral research on the interplay between individual behavior and technical decisions in relation to cyber security. He joined the Carson College in 2016.

“When I came to WSU, I learned we have a memorandum of understanding with Ovidius University on environmental, food, cyber, and other security topics,” Crossler said. “Asif Chaudhry, vice president of WSU International Programs, asked if anyone at WSU had cyber security expertise. That was my cue to join the WSU contingent of faculty who participate in informational panel sessions at the Black Sea and Balkans Security Forum.”

Now at its third edition, the forum has acquired a distinct profile in the regional security arena as a highly professional conference bringing together officials, scholars, analysts, military generals, representatives of non-governmental organizations and international experts, including NATO and Microsoft, to facilitate dialogue and develop realistic solutions.

Building future collaboration

Ovidius University is also interested in building a relationship with the Carson College for possible student and faculty exchanges and collaborative research. At the 2019 forum, Professor Sung Ahn, Carson College associate dean for international programs, met with Ovidius’s business school dean and discussed possible opportunities of collaboration.

In the future, Crossler aims take a group of students to Ovidius University, teach a topic on cybersecurity, and participate in the forum—providing students with hands-on international cyber security experience specific to the Black Sea and Balkans region. He also plans to apply for a Fulbright grant to spend a semester abroad in Romania.

“In time, WSU and Ovidius University will have a reciprocal student exchange program agreement which will lead toward building a strong partnership between our two institutions,” Ahn said. “As a first step, the Carson College is planning to launch a faculty-led study abroad program on the Ovidius campus in summer 2020.”