What We Think We Know About Cybersecurity: An Investigation of the Relationship between Perceived Knowledge, Internet Trust, and Protection Motivation in a Cybercrime Context

Individual internet users are commonly considered the weakest links in the cybersecurity chain. One reason for this is that they tend to be overoptimistic regarding their own online safety. To gain a better understanding of the cognitive processes involved in this assessment, the current study applies an extended version of the protection motivation theory. More specifically, this study includes perceived knowledge and internet trust to discover how these antecedents influence the threat and coping appraisal processes. Based on representative survey data collected from 967 respondents, we found that people who feel well-informed about online safety feel less vulnerable to cybercrime and are less inclined to take security measures. At the same time, feeling informed is associated with being more convinced of the severity of cybercrime. High levels of trust in the safety of the internet are linked to the feeling that one is less vulnerable to cybercrime and the perception that cybercrime is not a severe threat. Future interventions should remind internet users about their own perceived vulnerability and the risks that exist online while ensuring that internet users do not lose their trust in the internet and confidence in their own online knowledge

Fair, Equitable, and Just: A Socio-technical Approach to Online Safety

Socio-technical systems have been revolutionary in reshaping how people maintain relationships, learn about new opportunities, engage in meaningful discourse, and even express grief and frustrations. At the same time, these systems have been central in the proliferation of harmful behaviors online as internet users are confronted with serious and pervasive threats at alarming rates. Although researchers and companies have attempted to develop tools to mitigate threats, the perception of dominant (often Western) frameworks as the standard for the implementation of safety mechanisms fails to account for imbalances, inequalities, and injustices in non-Western civilizations like the Caribbean. Therefore, in this dissertation I adopt a holistic approach to online safety that acknowledges the complexities of harms for understudied populations specifically focusing on the Caribbean. In this dissertation, I conduct three studies that take steps towards (1) filling in the gap of missing empirical understanding around users’ perceptions of safety threats and how that is associated with their intentions to engage with supportive countermeasures, (2) understanding the gaps in current approaches to justice, and (3) developing an understanding towards the development of equitable and inclusive countermeasures. In the first study, I conduct a region-wide survey which reveals Caribbean citizens experience high rates of exposure to online threats. Moreover, I show that by conceptually defining protective behaviors based on the threats that they address, it exposes how the perceptions of threats influences the adoption of online safety countermeasures while uncovering distinctions in perceptions depending on the type of harm. The second study utilizes a multi-disciplinary approach to understand the state of legislative protections. Through a reflective legislative and media analysis, the study uncovered major discrepancies in the region’s approach towards justice in online spaces. Lastly, the final study incorporates the findings of these works by conducting an online experiment to test the design of justice-oriented safety countermeasures. The results provide support for the development of countermeasures that people perceive to be fair, equitable, and just

An Empirical Assessment of Senior Citizens’ Cybersecurity Awareness, Computer Self-Efficacy, Perceived Risk of Identity Theft, Attitude, and Motivation to Acquire Cybersecurity Skills

Cyber-attacks on Internet users have caused billions of dollars in losses annually. Cybercriminals launch attacks via threat vectors such as unsecured wireless networks and phishing attacks on Internet users who are usually not aware of such attacks. Senior citizens are one of the most vulnerable groups who are prone to cyber-attacks, and this is largely due to their limited cybersecurity awareness and skills. Within the last decade, there has been a significant increase in Internet usage among senior citizens. It was documented that senior citizens had the greatest rate of increase in Internet usage over all the other age groups during the past decade. However, whenever senior citizens use the Internet, they are being targeted and exploited particularly for financial crimes, with estimation that one in five becoming a victim of financial fraud, costing more than $2.6 billion per year. Increasing the cybersecurity awareness and skills levels of Internet users have been recommended to mitigate the effects of cyber-attacks. However, it is unclear what motivates Internet users, particularly senior citizens, to acquire cybersecurity skills so that they can identify as well as mitigate the effects of the cyber-attacks. It is also not known how effective cybersecurity awareness training are on the cybersecurity skill level of senior citizens. Therefore, the main goal of this quantitative study was to empirically investigate the factors that contributed to senior citizens’ motivation to acquire cybersecurity skills so that they would be able to identify and mitigate cyber-attacks, as well as assess their actual cybersecurity skills level. This was done by assessing a model of contributing factors identified in prior literature (senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, & older adults’ computer technology attitude) on the motivation of senior citizens to acquire cybersecurity skills. This study utilized a Web-based survey to measure the contributing factors and a hands-on scenarios-based iPad app called MyCyberSkills™ that was developed and empirically validated in prior research to measure the cybersecurity skills level of the senior citizens. All study measures were done before and after cybersecurity awareness training (pre- & post-test) to uncover if there were any differences on the assessed models and scores due to such treatment. The study included a sample of 254 senior citizens with a mean age of about 70 years. Path analyses using Smart PLS 3.0 were done to assess the pre- and post-test models to determine the contributions of each contributing factor to senior citizens’ motivation to acquire cybersecurity skills. Additionally, analysis of variance (ANOVA) and analysis of covariance (ANCOVA) using SPSS were done to determine significant mean difference between the pre-and post-test levels of the senior citizens’ cybersecurity skill level. The path analysis results indicate that while all paths on both models were significant, many of the paths had very low path coefficients, which in turn, indicated weak relationships among the assessed paths. However, although the path coefficients were lower than expected, the findings suggest that both intrinsic and extrinsic motivation, along with antecedents such as senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, and older adults’ computer technology attitude significantly impact the cybersecurity skill levels of senior citizens. The analysis of variance results indicated that there was a significant increase in the mean cybersecurity skills scores from 59.67% to 64.51% (N=254) as a result of the cybersecurity awareness training. Hence, the cybersecurity awareness training was effective in increasing the cybersecurity skill level of the senior citizens, and empowered them with small but significant improvement in the requisite skills to take mitigating actions against cyberattacks. The analysis of covariance results indicated that, except for years using computers, all the other demographic indicators were not significant. Contributions from this study add to the body of knowledge by providing empirical results on the factors that motivate senior citizens to acquire cybersecurity skills, and thus, may help in reducing some of the billions of dollars in losses accrued to them because of cyber-attacks. Senior citizens will also benefit in that they will be better able to identify and mitigate the effects of cyber-attacks should they attend cybersecurity awareness trainings. Additionally, the recommendations from this study can be useful to law enforcement and other agencies that work with senior citizens in reducing the number of cases relating to cybersecurity issues amongst senior citizens, and thus, free up resources to fight other sources of cybercrime for law enforcement agencies

Cyber defensive capacity and capability::A perspective from the financial sector of a small state

This thesis explores ways in which the financial sectors of small states are able todefend themselves against ever-growing cyber threats, as well as ways these states can improve their cyber defense capability in order to withstand current andfuture attacks. To date, the context of small states in general is understudied. This study presents the challenges faced by financial sectors in small states with regard to withstanding cyberattacks. This study applies a mixed method approach through the use of various surveys, brainstorming sessions with financial sector focus groups, interviews with critical infrastructure stakeholders, a literature review, a comparative analysis of secondary data and a theoretical narrative review. The findings suggest that, for the Aruban financial sector, compliance is important, as with minimal drivers, precautionary behavior is significant. Countermeasures of formal, informal, and technical controls need to be in place. This study indicates the view that defending a small state such as Aruba is challenging, yet enough economic indicators indicate it not being outside the realm of possibility. On a theoretical level, this thesis proposes a conceptual “whole-of-cyber” model inspired by military science and the VSM (Viable Systems Model). The concept of fighting power components and governance S4 function form cyber defensive capacity’s shield and capability. The “whole-of-cyber” approach may be a good way to compensate for the lack of resources of small states. Collaboration may be an only out, as the fastest-growing need will be for advanced IT skillsets

Perceptions of online fraud and the impact on the countermeasures for the control of online fraud in Saudi Arabian financial institutions

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonThis study addresses the impact of countermeasures in the control and prevention of online fraud in Saudi Arabia and the influence of the environmental context. Combatting online fraud is facilitated when the public is fully educated and is aware of its types and of the prevention methods available. People are reliant on the Internet; the possibility of being breached by hackers and fraudsters is growing, especially as socialising, online shopping and banking are carried out through personal computers or mobile devices. Online fraud has been described as an epidemic that has spread to most online activities. Its prevalence has been noted to be in regions where there is high adoption of e-commerce, and, along with it, large online financial transactions. The argument is therefore the measures taken are either are inadequate or have failed to effectively address all the issues because of the organisational and environmental context of the country. This research aims to examine online fraud perceptions and the countermeasures designed and used by financial institutions in Saudi Arabia to control and prevent online fraud in its environmental context, to examine the effectiveness/impact of the countermeasures and to examine the factors that may affect/influence the impact of the countermeasures. The qualitative method approach was chosen to ensure balanced coverage of the subject matter. The nature of the research requires a broader, in-depth, examination of the experiences of the participants from their own perspective. Meanwhile levels of awareness are low, because of lack of knowledge and training, a lack of government sensitisation and the religious inclinations of the population. The findings also confirm the efforts of organisations to put in place countermeasures using various technological means, coupled with procedural controls and checks. The measures create obstacles to most customers, who find it cumbersome to engage in online activities because of those procedures and checks. The findings also show two types of regulations: government and organisational rules, with different foci and purposes, which are mostly centred on the monitoring of Internet operations and operational guidelines. The enforcement of rules in the light of prosecuting offenders has also been minimal and passive. The countermeasures of most banks/organisations mostly focus on prevention and detection. However, the findings suggest that the activities in each component and their interrelationships have a collective impact on combatting online fraud. The success of any effort or approach to combat fraudulent activities therefore depends on the activities of the four countermeasure components

Mobile Identity Protection: The Moderation Role of Self-Efficacy

The rapid growth of mobile applications and the associated increased dependency on digital identity raises the growing risk of identity theft and related fraud. Hence, protecting identity in a mobile environment is a problem. This study develops a model that examines the role of identity protection self-efficacy in increasing users’ motivation intentions to achieve actual mobile identity protection. Our research found that self-efficacy significantly affects the relationship between users’ perceived threat appraisal and their motivational intentions for identity protection. The relation between mobile users’ protection, motivational intentions, and actual mobile identity protection actions was also found to be significant. Additionally, the findings revealed the considerable impact of awareness in fully mediating between self-efficacy and actual identity protection. The model and its hypotheses are empirically tested through a survey of 383 mobile users, and the findings are validated through a panel of experts, thus confirming the impact of self-efficacy on an individual’s identity protection in the mobile context

The Effect of Cybersecurity Training on Government Employee’s Knowledge of Cybersecurity Issues and Practices

There is an ever-pressing need for cybersecurity awareness and implementation of learning strategies in the workplace to mitigate the increased threat posed by cyber-attacks and exacerbated by an untrained workforce. The lack of cybersecurity knowledge amongst government employees has increased to critical levels due to the amount of sensitive information their agencies are responsible for. The digital compromise of a government entity often leads to a compromise of constituent data along with the disruption of public services (Axelrod, 2019; Yazdanpanahi, 2021). The need for awareness is further complicated by agencies looking to cater to a digital culture looking for a balance in government transparency and access by providing more services online. This act of modernizing services for a connected constituency adds further risk to the agency by exposing its workforce to threats associated with the internet-connected world. If their workforce is not prepared for the tactics used by cybercriminals, the consequences can be both fiscally and politically reprehensible. This study considers the knowledge enhancements resulting from the incorporation of cybersecurity training for local government employees in South Texas and the potential effects it will have on the cybersecurity awareness of the population. This study requires the collection and analysis of the following archival data: the results of a state-mandated cybersecurity awareness training and Cybersecurity Awareness Survey, which was adapted from the Pew Research Center’s (2016) Cybersecurity Knowledge Quiz. The purpose of this study is to analyze the effect of a cybersecurity awareness training program on government employees’ knowledge of cybersecurity issues and their ability to mitigate cybersecurity threats

On the Peace and Security Implications of Cybercrime: A Call for an Integrated Perspective

Criminal cyberattacks have skyrocketed in the past decade, with ransomware attacks during the pandemic being a prime example. While private corporations remain the main targets and headlines are often dominated by the financial cost, public institutions and services are increasingly affected. Governments across the globe are working on combatting cybercrime. However, they often do not see eye-to-eye, with geopolitical tensions complicating the search for effective multilateral remedies further. In this research report, we focus on the threat that cybercrime poses to peace and security, which is rarely addressed. We examine the potential of cybercrime to exacerbate state-internal conflicts, for example by fuelling war economies or by weakening social coherence and stability. Various actors sharing similar, possibly even identical, approaches to compromising adversarial computer systems is another threat that we assess, as it has the potential to cause unintended escalation. Similarly, cyber vigilantism and hack-backs, whether conducted by private actors or corporate entities, can also endanger state agency and the rule of law. While an international treaty, as for example currently being discussed at the UN, could be a valuable step toward curbing cybercriminal behaviour, we also reflect on possible negative side effects - from increased domestic surveillance to repression of opposition. Lastly, we argue for an integrated perspective, combining various knowledge bases and research methodologies to counter direct and indirect limitations of research, particularly pertaining to data availability but also analytical concepts