Risky business: managing electronic payments in the 21st Century

On June 20 and 21, 2005, the Payment Cards Center of the Federal Reserve Bank of Philadelphia, in conjunction with the Electronic Funds Transfer Association (EFTA), hosted a day-and-a-half forum, “Risky Business: Managing Electronic Payments in the 21st Century.” The Center and EFTA invited participants from the financial services and processing sectors, law enforcement, academia, and policymakers to explore key topics associated with the challenge of effectively managing risk in a payments environment that is increasingly electronic. The meeting’s goal was to identify areas of potential risk and explore interindustry solutions. This paper provides highlights from the forum presentations and ensuing conversations.

Cybersecurity Legislation and Ransomware Attacks in the United States, 2015-2019

Ransomware has rapidly emerged as a cyber threat which costs the global economy billions of dollars a year. Since 2015, ransomware criminals have increasingly targeted state and local government institutions. These institutions provide critical infrastructure – e.g., emergency services, water, and tax collection – yet they often operate using outdated technology due to limited budgets. This vulnerability makes state and local institutions prime targets for ransomware attacks. Many states have begun to realize the growing threat from ransomware and other cyber threats and have responded through legislative action. When and how is this legislation effective in preventing ransomware attacks? This dissertation investigates the effects of state cybersecurity legislation on the number of ransomware attacks on state and local institutions from 2015-2019. I review various arguments linking cybersecurity legislation to cybersecurity vulnerability and develop a set of hypotheses about the features of legislation that should deter and prevent ransomware attacks. The cybersecurity literature suggests increased training is a key mechanism to prevent ransomware attacks. However, I find no relationship between direct state legislation on cybersecurity training and ransomware. Instead, the statistical evidence suggests that there are fewer ransomware attacks in states with legislation that indirectly encourages training by shifting the responsibility for a cyber failure back onto vulnerable institutions. This legislation typically focuses on data breaches and often requires the institution to disclose failures, which increases reputational costs. The threat of increased costs for a cybersecurity failure changes these institutions’ cost benefit analysis and encourages these institutions to proactively improve their cybersecurity, such as through increased training. I further examine data breach laws in California and find evidence that these types of laws can promote increased cybersecurity measures. Thus, future legislation should focus on holding institutions responsible for cybersecurity failures, which should in turn lead to increased cybersecurity

Indirect Financial Loss of Phishing to Global Market

This research studies the indirect financial impact of phishing announcements on firm value. Using about 3,000 phishing announcements, we showed that phishing has a significantly negative impact on firms regardless of their size. We also discovered that place of incorporation, type of ownership, industry, and time are significant factors exacerbating the impact. Our research findings may give some insights to industrial practitioners about attitude of investors towards phishing. Compared to other similar event studies, our research has also made several significant breakthroughs. Firstly, we used the largest data set ever in prior event studies. Secondly, our research is the first to analyze global phenomena concerning phishing. Thirdly, we enhanced the robustness of a regression model by introducing the criterion of selection of best fit market index based on R square. We believe that our research can add value to the literature in the subjects of phishing research and event studies

Literature based Cyber Security Topics: Handbook

Cyber security is the practice of protecting systems, networks, and programs from digital attacks. These cyber attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Cloud computing has emerged from the legacy data centres. Consequently, threats applicable in legacy system are equally applicable to cloud computing along with emerging new threats that plague only the cloud systems. Traditionally the data centres were hosted on-premises. Hence, control over the data was comparatively easier than handling a cloud system which is borderless and ubiquitous. Threats due to multi-tenancy, access from anywhere, control of cloud, etc. are some examples of why cloud security becomes important. Considering the significance of cloud security, this work is an attempt to understand the existing cloud service and deployment models, and the major threat factors to cloud security that may be critical in cloud environment. It also highlights various methods employed by the attackers to cause the damage. Cyber-attacks are highlighted as well. This work will be profoundly helpful to the industry and researchers in understanding the various cloud specific cyber-attack and enable them to evolve the strategy to counter them more effectively

INTERNET FRAUD AND ITS EFFECT ON NIGERIA’S IMAGE IN INTERNATIONAL RELATIONS

Internet fraud has become an increasing form of computer crime. This study investigated the effects of internet fraud on Nigeria’s image in international relations. The study adopted quantitative method and descriptive survey. Journals and materials from internet complemented the major sources. Findings showed that unemployment and poverty are major causal factors of internet fraud. The study concluded that, internet use by Nigerians has come with fraudulent acts, and this has put Nigeria under scrutiny and brought negative image in international relations. The study recommended that, government should enact a comprehensive law on internet fraud and empower graduates by providing employment

Challenges to Cybersecurity: Current State of Affairs

Despite increasing investment in cybersecurity initiatives, incidents such as data breach, malware infections, and cyberattacks on cyberphysical systems show an upward trend. I identify the technical, economic, legal, and behavioral challenges that continue to obstruct any meaningful effort to achieve reasonable cybersecurity. I also summarize the recent initiatives that various stakeholders have taken to address these challenges and highlight the limitations of those initiatives