Search results
1 – 10 of 79Eylem Thron, Shamal Faily, Huseyin Dogan and Martin Freer
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at…
Abstract
Purpose
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.
Design/methodology/approach
Overall, 26 interviews were conducted with 21 participants from industry and academia.
Findings
The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.
Originality/value
The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.
Details
Keywords
Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and…
Abstract
Purpose
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.
Design/methodology/approach
This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.
Findings
This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.
Originality/value
The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.
Details
Keywords
Martina Neri, Federico Niccolini and Luigi Martino
Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known…
Abstract
Purpose
Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.
Design/methodology/approach
This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.
Findings
Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.
Originality/value
Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.
Details
Keywords
Natile Nonhlanhla Cele and Sheila Kwenda
The purpose of the study is to identify cybersecurity threats that hinder the adoption of digital banking and provide sustainable strategies to combat cybersecurity risks in the…
Abstract
Purpose
The purpose of the study is to identify cybersecurity threats that hinder the adoption of digital banking and provide sustainable strategies to combat cybersecurity risks in the banking industry.
Design/methodology/approach
Systematic literature review guidelines were used to conduct a quantitative synthesis of empirical evidence regarding the impact of cybersecurity threats and risks on the adoption of digital banking.
Findings
A total of 84 studies were initially examined, and after applying the selection and eligibility criteria for this systematic review, 58 studies were included. These selected articles consistently identified identity theft, malware attacks, phishing and vishing as significant cybersecurity threats that hinder the adoption of digital banking.
Originality/value
With the country’s banking sector being new in this area, this study contributes to the scant literature on cyber security, which is mostly in need due to the myriad breaches that the industry has already suffered thus far.
Details
Keywords
Morné Owen, Stephen V. Flowerday and Karl van der Schyff
Researchers looking for ways to change the insecure behaviour that results in phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this…
Abstract
Purpose
Researchers looking for ways to change the insecure behaviour that results in phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this paper is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises overly optimistic or unrealistic individuals, to ensure secure behaviour. Research that focused on issues such as personality traits, trust, attitude and Security, Education, Training and Awareness (SETA) was considered.
Design/methodology/approach
This study built on a recontextualized version of the theory of planned behaviour to evaluate the influence that optimism bias has on phishing susceptibility. To model the data, an analysis was performed on 226 survey responses from a South African financial services organisation using partial least squares (PLS) path modelling.
Findings
This study found that overly optimistic employees were inclined to behave insecurely, while factors such as attitude and trust significantly influenced the intention to behave securely.
Practical implications
Our contribution to practice seeks to enhance the effectiveness of SETA by identifying and addressing the optimism bias weakness to deliver a more successful training outcome.
Originality/value
Our study enriches the Information Systems literature by evaluating the effect of a cognitive bias on phishing susceptibility and offers a contextual explanation of the resultant behaviour.
Details
Keywords
Eyad Buhulaiga and Arnesh Telukdarie
Multinational business deliver value via multiple sites with similar operational capacities. The age of the Fourth Industrial Revolution (4IR) delivers significant opportunities…
Abstract
Purpose
Multinational business deliver value via multiple sites with similar operational capacities. The age of the Fourth Industrial Revolution (4IR) delivers significant opportunities for the deployment of digital tools for business optimization. Therefore, this study aims to study the Industry 4.0 implementation for multinationals.
Design/methodology/approach
The key objective of this research is multi-site systems integration using a reproducible, modular and standardized “Cyber Physical System (CPS) as-a-Service”.
Findings
A best practice reference architecture is adopted to guide the design and delivery of a pioneering CPS multi-site deployment. The CPS deployed is a cloud-based platform adopted to enable all manufacturing areas within a multinational energy and petrochemical company. A methodology is developed to quantify the system environmental and sustainability benefits focusing on reduced carbon dioxide (CO2) emissions and energy consumption. These results demonstrate the benefits of standardization, replication and digital enablement for multinational businesses.
Originality/value
The research illustrates the ability to design a single system, reproducible for multiple sites. This research also illustrates the beneficial impact of system reuse due to reduced environmental impact from lower CO2 emissions and energy consumption. The paper assists organizations in deploying complex systems while addressing multinational systems implementation constraints and standardization.
Details
Keywords
The primary objective of this investigation was to explore how employees’ utilization of social media for work-related purposes impacts their service innovation behavior, both…
Abstract
Purpose
The primary objective of this investigation was to explore how employees’ utilization of social media for work-related purposes impacts their service innovation behavior, both directly and through the intermediary mechanisms of knowledge management and employees’ risk-taking.
Design/methodology/approach
In developing its conceptual framework, this study has drawn upon the stimulus-organism-response (SOR) theory. To test its hypotheses, this study has surveyed 241 financial analysts from ten Iranian financial companies and has employed variance-based structural equation modeling (specifically, PLS-SEM) with the assistance of “WarpPLS 8.0 software.”
Findings
The findings revealed that employees’ work-related use of social media positively influences their service innovation behavior using knowledge management, encompassing knowledge sharing and acquisition capability as well as employee risk-taking. However, this influence is not directly significant.
Originality/value
To the best of our knowledge, this study marks the first instance in which the effect of work-related use of social media on employee service innovation behavior directly and through the mediating roles of knowledge management and risk-taking has been investigated through the lens of the SOR paradigm, especially in the financial sector.
Details
Keywords
Oluwatoyin Esther Akinbowale, Heinz Eckart Klingelhöfer and Mulatu Fekadu Zerihun
The purpose of this study is to assess the impact of cyberfraud in the South African banks with the aim to provide recommendations to effectively mitigate it.
Abstract
Purpose
The purpose of this study is to assess the impact of cyberfraud in the South African banks with the aim to provide recommendations to effectively mitigate it.
Design/methodology/approach
The study uses a qualitative approach involving the use of structured questionnaires. The questionnaires were made available to the staff of 17 licensed banks in South Africa who deal with management, operation, administration and banking services. Two hypotheses were formulated and non-parametric statistical analyses involving the use of Chi-square test, Fischer’s Exact test and Spearman’s correlation were carried out. The two hypotheses formulated were tested to draw a conclusion.
Findings
The results obtained indicate that the impact of cyberfraud in the South African banking industry is highly significant and has affected the reputation of some of the banks. This calls for the need to review the diverse ways of curbing cyberfraud to lessen their impact and that of associated fraud risks on the banking operation.
Practical implications
This study provides an analysis on the relationship cyberfraud occurrences and the reputation of South African banks. The implementation of the recommendations may reinforce the existing security measures in the fight against cyberfraud.
Originality/value
The novelty of this study lies in the fact that the assessment of the impact of cyberfraud on the banking industry in South Africa has not been sufficiently highlighted by the existing literature.
Details
Keywords
Hedaia-t-Allah Nabil Abd Al Ghaffar
The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.
Abstract
Purpose
The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.
Design/methodology/approach
The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.
Findings
The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.
Practical implications
Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.
Originality/value
The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.
Details
Keywords
Mahak Sharma, Rose Antony, Ashu Sharma and Tugrul Daim
Supply chains need to be made viable in this volatile and competitive market, which could be possible through digitalization. This study is an attempt to explore the role of…
Abstract
Purpose
Supply chains need to be made viable in this volatile and competitive market, which could be possible through digitalization. This study is an attempt to explore the role of Industry 4.0, smart supply chain, supply chain agility and supply chain resilience on sustainable business performance from the lens of natural resource-based view.
Design/methodology/approach
The study tests the proposed model using a covariance-based structural equation modelling and further investigates the ranking of each construct using the artificial neural networks approach in AMOS and SPSS respectively. A total of 234 respondents selected using purposive sampling aided in capturing the industry practices across supply chains in the UK. The full collinearity test was carried out to study the common method bias and the content validity was carried out using the item content validity index and scale content validity index. The convergent and discriminant validity of the constructs and mediation study was carried out in SPSS and AMOS V.23.
Findings
The results are overtly inferring the significant impact of Industry 4.0 practices on creating smart and ultimately sustainable supply chains. A partial relationship is established between Industry 4.0 and supply chain agility through a smart supply chain. This work empirically reinstates the combined significance of green practices, Industry 4.0, smart supply chain, supply chain agility and supply chain resilience on sustainable business value. The study also uses the ANN approach to determine the relative importance of each significant variable found in SEM analysis. ANN determines the ranking among the significant variables, i.e. supply chain resilience > green practices > Industry 4.0> smart supply chain > supply chain agility presented in descending order.
Originality/value
This study is a novel attempt to establish the role of digitalization in SCs for attaining sustainable business value, providing empirical support to the mediating role of supply chain agility, supply chain resilience and smart supply chain and manifests a significant integrated framework. This work reinforces the integrated model that combines all the constructs dealt with in silos so far in prior literature.
Details