Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Critical success factors for preventing E-banking fraud

E-Banking fraud is an issue being experienced globally and is continuing to prove costly to both banks and customers. Frauds in e-banking services occur as a result of various compromises in security ranging from weak authentication systems to insufficient internal controls. Lack of research in this area is problematic for practitioners so there is need to conduct research to help improve security and prevent stakeholders from losing confidence in the system. The purpose of this paper is to understand factors that could be critical in strengthening fraud prevention systems in electronic banking. The paper reviews relevant literatures to help identify potential critical success factors of frauds prevention in e-banking. Our findings show that beyond technology, there are other factors that need to be considered such as internal controls, customer education and staff education etc. These findings will help assist banks and regulators with information on specific areas that should be addressed to build on their existing fraud prevention systems

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

Is the responsibilization of the cyber security risk reasonable and judicious?

Cyber criminals appear to be plying their trade without much hindrance. Home computer users are particularly vulnerable to attack by an increasingly sophisticated and globally dispersed hacker group. The smartphone era has exacerbated the situation, offering hackers even more attack surfaces to exploit. It might not be entirely coincidental that cyber crime has mushroomed in parallel with governments pursuing a neoliberalist agenda. This agenda has a strong drive towards individualizing risk i.e. advising citizens how to take care of themselves, and then leaving them to face the consequences if they choose not to follow the advice. In effect, citizens are “responsibilized .” Whereas responsibilization is effective for some risks, the responsibilization of cyber security is, we believe, contributing to the global success of cyber attacks. There is, consequently, a case to be made for governments taking a more active role than the mere provision of advice, which is the case in many countries. We conclude with a concrete proposal for a risk regulation regime that would more effectively mitigate and ameliorate cyber risk

Perceptions of online fraud and the impact on the countermeasures for the control of online fraud in Saudi Arabian financial institutions

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonThis study addresses the impact of countermeasures in the control and prevention of online fraud in Saudi Arabia and the influence of the environmental context. Combatting online fraud is facilitated when the public is fully educated and is aware of its types and of the prevention methods available. People are reliant on the Internet; the possibility of being breached by hackers and fraudsters is growing, especially as socialising, online shopping and banking are carried out through personal computers or mobile devices. Online fraud has been described as an epidemic that has spread to most online activities. Its prevalence has been noted to be in regions where there is high adoption of e-commerce, and, along with it, large online financial transactions. The argument is therefore the measures taken are either are inadequate or have failed to effectively address all the issues because of the organisational and environmental context of the country. This research aims to examine online fraud perceptions and the countermeasures designed and used by financial institutions in Saudi Arabia to control and prevent online fraud in its environmental context, to examine the effectiveness/impact of the countermeasures and to examine the factors that may affect/influence the impact of the countermeasures. The qualitative method approach was chosen to ensure balanced coverage of the subject matter. The nature of the research requires a broader, in-depth, examination of the experiences of the participants from their own perspective. Meanwhile levels of awareness are low, because of lack of knowledge and training, a lack of government sensitisation and the religious inclinations of the population. The findings also confirm the efforts of organisations to put in place countermeasures using various technological means, coupled with procedural controls and checks. The measures create obstacles to most customers, who find it cumbersome to engage in online activities because of those procedures and checks. The findings also show two types of regulations: government and organisational rules, with different foci and purposes, which are mostly centred on the monitoring of Internet operations and operational guidelines. The enforcement of rules in the light of prosecuting offenders has also been minimal and passive. The countermeasures of most banks/organisations mostly focus on prevention and detection. However, the findings suggest that the activities in each component and their interrelationships have a collective impact on combatting online fraud. The success of any effort or approach to combat fraudulent activities therefore depends on the activities of the four countermeasure components

PREVENTIVNE MJERE PROTIV RAČUNALNOG KRIMINALA: PRIBLIŽAVANJE POJEDINCU

Cybercrime is a combination of information, financial and personal security threats. The purpose of this research is to target statistical data to allocate the most effective preventive measures against cybercrime that would contribute to the combat at the level of potential (or real) cyber victims and cyber criminals. Brining the so-called Cyberethics into the life of people will be preventive against cybercrimes, as it will add to their culture of cyberspace through educational and popular science projects (such-like program that was put into action in Nigeria stroke positively). With the rapid spread of cybercrime, preventive measures geared towards individuals such as anti-criminalization, anti-bullying and anti-phishing propaganda, the practice of shaping negative attitude towards crimes, and discovery of responsibility for committing cybercrimes gain in importance. Society improvement as a counter-move to cut out criminal factors provoking a positive or neutral attitude to cybercrimes should be geared towards better living, as the higher is the standard the lower is the level of cybercrime. Taking individualized preventing measures to people prone to commit cybercrimes will prevent against such even before they take place (with cyber extortion and ransomware threats, such actions gain in relevance). For the fight against cybercrime, special programs are to level down victimization in the field of cybersecurity by fostering a shielding attitude in persons who can become victims. The path of designing such programs will lead to a drop cybercrime activity. Specific public authorities and non-governmental organizations should take part in the preventive process. All-encompassing preventive measures against cybercrime approaching individual at the international level will allow designing specific pilot programs for individualized prevention.Kibernetički kriminal je kombinacija informacijskih, financijskih i osobnih sigurnosnih prijetnji. Svrha ovog istraživanja je ciljati statističke podatke za dodjelu najučinkovitijih preventivnih mjera protiv cyber kriminala koje bi doprinijele borbi na razini potencijalnih (ili stvarnih) cyber žrtava i cyber kriminalaca. Uvođenjem tzv. Cyber-etike u život ljudi bit će preventiva protiv cyber kriminala, jer će doprinijeti njihovoj kulturi korištenja cyber-prostora kroz obrazovne i popularno-znanstvene projekte (takav program je pozitivno djelovao u Nigeriji). S naglim širenjem cyber kriminala, preventivne mjere usmjerene prema pojedincima kao što su anti-kriminalizacija, propaganda protiv zlostavljanja i anti-phishing, praksa oblikovanja negativnog stava prema zločinima i otkrivanje odgovornosti za počinjenje kibernetičkih kriminala dobivaju na važnosti. Poboljšanje društva kao protupotez za izostavljanje kriminalnih čimbenika koji izazivaju pozitivan ili neutralan stav prema kiberkriminalitetu treba biti usmjereno prema boljem životu, jer što je viši standard, to je niža razina cyber kriminala. Poduzimanje individualiziranih mjera za sprječavanje ljudi koji su skloni počiniti kibernetički kriminal spriječit će takve napade čak i prije nego što se dogode (s prijetnjama cyber iznuđivanja i ransomwarea, takve akcije dobivaju na važnosti). Za borbu protiv kibernetičkog kriminala, posebni programi su smanjivanje viktimizacije u području kibernetičke sigurnosti poticanjem zaštitnog stava osoba koje mogu postati žrtve. Put izrade takvih programa dovest će do pada aktivnosti cyber kriminala. U preventivnom procesu trebaju sudjelovati posebna javna tijela i nevladine organizacije. Sveobuhvatne preventivne mjere protiv cyber kriminala koje se približavaju pojedincu na međunarodnoj razini omogućit će osmišljavanje specifičnih pilot-programa za individualiziranu prevenciju

A discrete choice approach to model credit card fraud

This paper analyses the demographic, socio-economics and banking specific determinants that influence the risk of fraud in a portfolio of credit cards. The data are from recent account archives for cards issued throughout Italy. A logit framework is employed that incorporates cards at a risk of fraud as the dependent variable and a set of explanatory variables (e.g. gender, location, credit line, number of transactions in euros and in non euros currency). The empirical results provide useful indicators on the factors that are responsible for potential risk of fraud.credit card; fraud; demographic and socio-economics factors; logit modelling.

Cybercrime: a theoretical overview of the growing digital threat

This theoretical paper is published by the EUCPN Secretariat in connection with the theme of the Luxembourgian presidency which was cybercrime. Cybercrime is a global definition which characterizes many different criminal forms committed in the virtual world. This means the phenomenon covers a very wide scope of activities. This theoretical paper is written as an overview to help understand the definition of cybercrime and its forms. We concentrate on the variety of consequences as a result of the phenomenon. Moreover, this paper also has attention to the current European law and legislative actions against cybercrime

What Do We Know About Senior Citizens As Cybervictims? A Rapid Evidence Synthesis

Internet-based victimization of senior citizens is an important potential threat of growing social, economic, and public policy interest. Given this, we sought to examine whether the existing research base could be used to formulate sound public policy in this area. To do so, we conducted a rapid evidence synthesis and assessment of the research literature from 2010-2020 surrounding three central organizing themes: cyber-related harms, responses and strategies, and prevention programs and solutions. Results reveal that there is an insufficient research base, lack of diverse research topics, and shortage of research beyond that of which is exploratory in nature. However, our findings did show promising insights on areas for future research development, such as support for seniors and their caregivers. We conclude with recommendations for future research that can begin to address the vulnerabilities senior citizens face with online victimization and potential policy implications for how to effectively combat this issue and these acts