Characteristics of cybersecurity awareness: case study – how cybersecurity awareness supplements technical security of Robot API
Ahola, Anu (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025120331920
https://urn.fi/URN:NBN:fi:amk-2025120331920
Tiivistelmä
Robots are expected to be part of the innovative development that societies will need in the future. Rapidly evolving technologies bring solutions but also challenges, and complex and intertwined systems widen attack surface. In addition to technical protection, human contribution in security is essential. Human behaviour cannot be standardized, which makes it also one of the hardest elements to control in cybersecurity.
Service robots do not operate in silos, therefore cybersecurity awareness of service robots is a broader question than cybersecurity awareness related to the robot itself. The literature review shed light on an overall level to uncertainty that is related to cybersecurity, and what it means that 100% security does not exist. From human perspective, this requires trust to technologies but also critical thinking and healthy level of scepticism to security. Although we often hear noted, and rightly so, that cybersecurity should be embedded by design, not just be ‘bolted on,’ cybersecurity can be, at most, as comprehensive as the best existing understanding of cybersecurity and its conditions are. This applies to people, processes and technologies, and also understanding of what one needs to be aware of. This requires that cybersecurity and the characteristics of corresponding awareness shall be seen as continuously evolving processes.
A survey on cybersecurity awareness was conducted anonymously in a private organization to developers working on a certain Robot API (Application Programming Interface), which enables supplementary features to partner organizations’ service robots. The research applied mixed methods and for minimising presence of sensitive information the theoretical framework, the survey and interpretation of its results are implemented with a fictional, but realistic type of a scenario, benefiting the Double Diamond design process and commonly used frameworks, without having access to company internal information.
The survey results suggest that despite the otherwise positive results, awareness about social engineering forms, various stakeholders and OWASP API Top 10 could benefit of strengthening. Host Organization might gain useful information for the future awareness raising purposes by finding out the reasons behind the different response rates to improve two-way communication related to cybersecurity.
Service robots do not operate in silos, therefore cybersecurity awareness of service robots is a broader question than cybersecurity awareness related to the robot itself. The literature review shed light on an overall level to uncertainty that is related to cybersecurity, and what it means that 100% security does not exist. From human perspective, this requires trust to technologies but also critical thinking and healthy level of scepticism to security. Although we often hear noted, and rightly so, that cybersecurity should be embedded by design, not just be ‘bolted on,’ cybersecurity can be, at most, as comprehensive as the best existing understanding of cybersecurity and its conditions are. This applies to people, processes and technologies, and also understanding of what one needs to be aware of. This requires that cybersecurity and the characteristics of corresponding awareness shall be seen as continuously evolving processes.
A survey on cybersecurity awareness was conducted anonymously in a private organization to developers working on a certain Robot API (Application Programming Interface), which enables supplementary features to partner organizations’ service robots. The research applied mixed methods and for minimising presence of sensitive information the theoretical framework, the survey and interpretation of its results are implemented with a fictional, but realistic type of a scenario, benefiting the Double Diamond design process and commonly used frameworks, without having access to company internal information.
The survey results suggest that despite the otherwise positive results, awareness about social engineering forms, various stakeholders and OWASP API Top 10 could benefit of strengthening. Host Organization might gain useful information for the future awareness raising purposes by finding out the reasons behind the different response rates to improve two-way communication related to cybersecurity.