Delivering an interactive university curriculum during Russia's invasion of Ukraine

Background: To mitigate the educational consequences of Russia's war against Ukraine, an interactive online curriculum was devised for the winter term (12 Sep – 5 Dec 2022) for psychology students at the Taras Shevchenko National University in Kyiv (henceforth: TSUK). The guiding principle of this educational approach is expressed by Six core values. Methods: TSUK sent out an expression of interest form to the students (92 students applied). The author then gathered feedback about their course expectations for the theory component (31/92 respondents) as well as the practical component (48/92 respondents), which was implemented. Results: The result is an interactive course curriculum, which is available in its final form via a pdf. with hyperlinks to the Google Drive learning and assessments platform. Conclusion: A pioneering interactive curriculum was developed collaboratively with Ukrainian students, which is an original educational solution to the effects of the War in Ukraine. Resources should be designated to thoroughly research this approach as students' minds are a key defence and post-war recovery national asset

Improving cybercrime reporting in Scotland : a systematic literature review

Background: The UK system for reporting economic cybercrime is called Action Fraud (AF). AF has been found to prioritise high value and low volume crimes. Therefore, people who have been scammed out of less than £100 000 are less likely to have their crime investigated via AF. Consequently, Scotland severed its ties with AF and proceeded to develop its own systems for reporting low value and high-volume crimes. Another problem with AF was that its reports were inaccurate and incomplete. Interestingly, since the 1930s the compilation and investigation of crime reports has always suffered from inaccuracies and discrepancies. This pattern has not been reversed by rapid technological development. Instead, the trend is preserved, not just in the UK, but across the globe. Aim: An exploration of how to improve cybercrime reporting in Scotland was implemented via a systematic literature review the results of which will inform upcoming fieldwork. Due to the lack of data on Scotland, frequent extrapolations were conducted from both the UK and the West. The research questions were: 1. What is known about cybercrime in the UK to date? 2. What is known about cybercrime victims in the UK to date? 3. What is known about cybercrime reporting to date? Method and Analysis: The answers were retrieved by combining Boolean variables with keywords into Scopus, Web of Science and ProQuest. This resulted in the inclusion of 100 peer-reviewed articles (after the exclusion of unsuitable ones). The articles were analysed using Inductive thematic analysis (ITA). The underlying principle of ITA is based on data immersion to identify the themes within. This analysis revealed a common trend, a novel taxonomy, and an original conclusion. Results: The common trend is that of responsibilisation, which is the shifting of responsibility for policing cybercrime from the government onto the citizens and private sector. For example, the government educating citizens about the risks of cybercrime and disengaging with them thereafter is a case of responsibilisation. This is because the government sees it as the victims’ responsibility to follow its advice. One problem of responsibilisation in cybercrime is that if one person is attacked, then many computers can become infected through their error. Therefore, the government should step-up to the task of protecting its citizens. The novel taxonomy is for classifying cybercrime reporting systems according to three pillars, which I referred to as Human-To-Human (H2H), Human-To-Machine (H2M) and Machine-To-Machine (M2M). The advantage of this classification is parsimony, the disadvantage is reductionism. The risk of reductionism applies specifically to crimes that sit in between pillars. Conclusion: To improve cybercrime reporting in Scotland, the process needs to be treated also as a social one rather than a purely mathematical one. This can be achieved by engaging with psychological principles of how emotionally charged social interactions are encoded into memory. Understanding memory will help the police record cybercrime reports in an effective way. This research will impact society because it serves as a foundation for fieldwork with victims of cybercrime and the police tasked with those investigations. The results of the upcoming fieldwork will serve to inform national guidance on how to improve the reporting of cybercrime, which will reduce it and give victims living in Scotland a sense of closure

The role of Responsibilised Non-Policing Agencies (RNPAs) in improving cybercrime reporting in Scotland

The Scottish neoliberal government's enlisting of community and private sector organisations in economic cybercrime reporting is a form of responsibilisation. These organisations collect, evaluate and forward victims' cybercrime reports as state intelligence. I pioneer the term Responsibilised Non-Policing Agencies (RNPAs) to unmask the genealogy of their acquired role. I interviewed and compared Scottish versus Italian RNPAs to understand responsibilisation internationally and improve cybercrime reporting nationally. Scottish RNPAs are state-sponsored charities, banks, regulators of commerce and private institutions. Italian RNPAs are private law firms. All were represented by their relevant functions. In Scotland, RNPAs form a responsibilisation buffer zone between the state and victims. The Scots state exports selective funding and catholic responsibility to RNPAs and imports cybercrime intelligence. The Italian state is comparatively disengaged. Victims risk criminal responsibilisation, which is why they turn to RNPAs. Scottish RNPAs supply an opportunity cost dilemma. The state can keep using RNPAs to narrate an improving cybercrime reporting strategy, which is cheaper. Alternatively, the state can restructure the funding of select RNPAs and increase funding for specialised cybercrime policing, which is more expensive. Both options are viable with specialisation bearing the opportunity cost

Improving cybercrime reporting in Scotland : the victims' perspective

People victimised by cybercrime can feel excluded within their communities due to shame, which results in underreporting cybercrime. This research builds on earlier work by Sikra, Renaud and Thomas (2023), which used a systematic literature review to establish a theoretical foundation for improving economic cybercrime reporting in Scotland. Using the paradigms from the latter, this research focuses on three types of Scottish victims of cybercrime (SVC): Individuals, Private institutions and Public institutions. It analyses their reporting experiences via the taxonomy of Human-to-human (H2H), Human-to-machine (H2M) and Machine-to-machine (M2M). Importantly, it adds value to the research subject by using victims’ own views on what is required to improve cybercrime reporting in Scotland. In doing so, it is addressing a research gap whereby there is currently no research with victims on how to improve cybercrime reporting in Scotland. This study used a qualitative semi-structured interview design to collect information from SVC about their background, the cybercrime they had to endure as well as their experiences of reporting and suggestions for improvement. Participants were recruited using several methods. Firstly, in cases of Private and Public institutions, news coverage was followed-up for news of prominent cybercrimes based on which potential interview candidates were contacted. Secondly, all researchers’ private connections were explored. Thirdly, snowballing participants was used. Fourthly, recruitment was done via social media. There was a total of 10 SVC (9 males, 1 female): 3 Individual SVC who incurred cybercrime harm of £1000, £5240, and £20. 2 Private institution SVC who incurred cybercrime harm of over £20,000 and non-monetary harm. 5 Public institutions, represented by various functions, which suffered technological and psychological harms. All the cybercrimes were from the years: 2012 (1), 2015 (2), 2017 (1), 2020 (1), 2021 (3) and 2022 (2), where the number of interviewees is in brackets. Approval for the study was granted by the CIS Departmental ethics committee 7 times from 22 April 2022 – 09 January 2023. Most of these were extensions to the original application due to substantial problems with participant recruitment. The analysis was carried out with ‘NVivo 1.3 Release software’ in three stages which were: Stage 1: Initial coding, Stage 2: Focused coding, Stage 3: Thematic coding. Individual SVC were attacked via an E-Bay Scam, HMRC Scam and Credit card details theft. Individual SVC link improved reporting to aftercare and returned finances. Individual SVC link impeded reporting to anxiety and frustration with the Police. All individual SVC reported via H2H approaches. Private institution SVC were attacked via .ru ransomware. Private institution SVC link improved reporting to having a unified phone number, awareness raising and a possibility to report online. Private institutions SVC link impeded reporting to unpreparedness of the local Police as well as not knowing who to report to. Private institution SVC reported via H2H approaches, but only one reported to the Police. The other reported to their IT company. Public institution SVC were attacked via fraudulent invoices, ransomware, and a vendetta-motivated cybercrime. Public institution SVC link improved reporting to following procedures and taking a multistakeholder approach among others. Public institution SVC link impeded reporting to Police being unhelpful and terminological confusion. All Public institutions SVC reported via H2H approaches both to the Police and multiple other interested agencies in most cases. Since all SVC reported via H2H approaches this suggests that it is the dominant mode of reporting currently utilised in Scotland implying a proclivity towards a socially inclusive preference, which suggests that the way to improve cybercrime reporting should be social rather than purely technical. References: Sikra, J., Renaud, K. V. and Thomas, D. R. (2023) ‘UK Cybercrime, Victims and Reporting.’ The Commonwealth Cybercrime Journal, 1(1), pp. 28-59

Improving Cybercrime Reporting in Scotland : A Systematic Literature Review

I have explored how to improve cybercrime reporting in Scotland by conducting a systematic literature review. Due to the lack of data on Scotland, I have frequently extrapolated from both the UK and the West. The research questions were: 1. What is known about cybercrime in the UK to date? 2. What is known about cybercrime victims in the UK to date? 3. What is known about cybercrime reporting to date? The answers were retrieved by combining Boolean variables with keywords into Scopus, Web of Science and ProQuest. This resulted in the analysis of 100 peer-reviewed articles. The analysis revealed a common trend, a novel taxonomy and an original conclusion. The common trend is that of responsibilisation, which is the shifting of responsibility for policing cybercrime from the government onto the citizens and private sector. The novel taxonomy is for classifying cybercrime reporting systems according to three pillars, which I referred to as Human-To-Human (H2H), Human-To-Machine (H2M) and Machine-To-Machine (M2M). The original conclusion is that to improve cybercrime reporting in Scotland, the process needs to be treated also as a social one rather than a purely mathematical one

UK cybercrime, victims and reporting : a systematic review

Individuals and organisations based in the United Kingdom often fall foul of cyber criminals. Unfortunately, these kinds of crimes are under-reported [66][115][123]. This under-reporting hampers the ability of crime fighting units to gauge the full extent of the problem, as well as their ability to pursue and apprehend cyber criminals [13][77]. To comprehend cybercrime under-reporting, we need to explore the nature of United Kingdom’s (henceforth: UK) cybercrime and its impact on UK-based victims. We investigated the entire landscape by carrying out a systematic literature review, covering both academic and grey literature. In our review, we sought to answer three research questions: (1) What characterises cybercrime in the UK? (2) What is known about UK cybercrime victims? and (3) What influences and deters cybercrime reporting in the UK? Our investigation revealed three types of reportable cybercrime, depending on the targets: (a) individuals, (b) private organisations, and (c) public organisations. Victimhood varies with various identified dimensions, such as: vulnerability aspects, psychological perspectives, age-related differences, and researcher attempts to model the victims of cybercrime. We also explored UK victims’ reported experiences in dealing with the consequences of falling victim to a cybercrime. In terms of cybercrime reporting, we identify three kinds of reporting: (a) Human-To-Human, (b) Human-To-Machine, and (c) Machine-To-Machine. In examining factors deterring reporting, we incorporate discussions of policing, and the challenges UK police forces face in coping with this relatively novel crime. Unlike traditional crimes, perpetrators possess sophisticated technological skills and reside outside of UK’s police jurisdiction. We discovered a strong social dimension to reporting incidence with the UK government‘s cyber responsibilization agenda likely playing a major role in deterring reporting. This strategy involves governments providing a great deal of advice and then expecting citizens to take care of their own cybersecurity. If they do not act on the advice, they should know that they will have to accept the consequences. Improvements in cybercrime reporting, to date, have been technologically focused. This neglects the social dimensions of cybercrime victimhood and does not acknowledge the reporting-deterring side effects of the UK's cyber responsibilization agenda. We conclude with suggestions for improving cybercrime reporting in the UK

Client-centred Cybercrime Training for Scottish Small-to-Medium Sized Enterprises (SMEs)

The information contained within this client-centred cybercrime training booklet is basic. Yet, cybercrime experience teaches us that these things are not obvious for far too many people regardless of their level of education or net worth. In addition, I have a feeling that a lot of people could provide the correct answers for questions on how to avoid scams. It’s not always the lack of knowledge that is the problem, sometimes it is the inability to correctly transfer it into the real-world setting. If you are encountering the information within for the first time, then I hope it will be helpful in safeguarding you and your SME at least during the year it was published. This booklet was designed in collaboration with a Scottish SME post-attack to address their learning and developmental needs. I am thankful for their open-mindedness and courage to collaborate with me on this research

Identifying factors that promote or deter cybercrimes reporting in Scotland

Cybercrime is under-reported in Scotland, with the reasons for this being poorly understood. To investigate underreporting, we commenced with a search of the related research and then carried out a review of actual cases. Next, to uncover Scottish-specific factors, we qualitatively interviewed 10 Scottish cybercrime victims. It emerged that victims blamed themselves for falling prey to cybercrime and were reluctant to report the incident. This is arguably a direct consequence of the UK government’s cybersecurity responsibilization strategy. Informed by our findings, we articulated a national strategy for promoting cybercrime reporting using the MINDSPACE behavioral influence model. Subsequently, we verified this model with a survey of 380 Scottish respondents, a representative sample of the general population in terms of age and gender. We report on and discuss our findings. Finally, we recommend two interventions to inform a national strategy for improving cybercrime reporting in Scotland

Client-centred cybercrime training : C-C Cybercrime Training

Background: The UK neoliberal government responsibilizes Small-to-Medium enterprises (SMEs) to take care of their own cyber-resilience, meaning that they do not receive any support if they fall victim to a cyber attack. Consequently, SMEs tend not to report cybercrimes. Aim: The aim was to collaboratively develop, deliver, and evaluate a client-centred cybercrime training session with an accompanying booklet as means of achieving closure post-attack, upskilling an SME, increasing their knowledge and improving reporting. Methods: We surveyed 9 staff of an attacked SME to elicit their training preferences; 6 staff members attended and 5 supplied feedback in the form of a post-training survey. From those who completed the survey, 2 staff members were interviewed. The results showed that the training helped some staff members take cyber-resilience into consideration because they supplied evidence of their learning either via the post-training survey or via the interviews. Results: The training served to improve staff’s cyber-resilience awareness and skill-set to a limited degree. It became clear that the government’s responsibilization agenda deterred staff from reporting cybercrimes to Police Scotland. Conclusions: Future work should engage with victimised SMEs and foster a trusting relationship. Academia can play a part in upskilling government-appointed cyber-resilience trainers