| Abstract [eng] |
The number of cyberattacks continues to grow steadily and has become more sophisticated in recent years. While organizations are adopting innovative cyber defense technologies and automating processes, detecting and responding to these attacks often remain reactive and event-driven, where human-centric decision-making plays an important role. Also, it must be pointed out that among the most frequent types of attacks are those that deal with human factor vulnerabilities. Cybersecurity is an interdisciplinary field encompassing platforms, systems, technologies, and humans. During cyberattacks or incident response, the behavior and decision-making of cybersecurity professionals are shaped not only by their technical skills and experience but also by psychological and social factors such as emotional states, stress, and fatigue. Cybersecurity professionals tend to act predictably and rationally, however, innate reasoning abilities and emotions often influence their decisions and people make irrational decisions when they are highly stressed. Therefore, recent researches suggest that a holistic approach instead of technical solutions alone is required to contrast cyberattacks. This research aims to analyze the event-based decision-making of cybersecurity professionals during cybersecurity exercises, emphasizing the human factors. Data for this research were collected through surveys during the international cybersecurity defense exercise „Locked Shields 2024“ organized in Vilnius. The user profile, competence assessment data as well as emotional data framed by Plutchik’s model of emotions were collected. Criteria and decision-making options were identified. AHP method was used to calculate weighting coefficients and prioritize the criteria. To deepen the analysis of decision-making, MCDM methods including SAW and TOPSIS were employed. The finding revealed the importance of human factors in decision-making and offered valuable insights for the enhancement of cybersecurity training programs. |
