Search results

A cyberattack is an attempt by cybercriminals as individuals or organizations with unauthorized access using one or more computers and computer systems to steal, expose, change, disable or eliminate information, or to breach computer information systems, computer networks, and computer infrastructures. Cyberattackers gain a benefit from victims, which may be criminal such as stealing data or money, or political or personal such as revenge. In cyberattacks, various targets are possible. Some potential targets for businesses include business and customer financial data, customer lists, trade secrets, and login credentials.

Cyberattackers use a variety of methods to gain access to data, including malware such as viruses, worms, and spyware and phishing methods, man-in-the-middle attacks, denial-of-service attacks, SQL injection, zero-day exploit, and DNS tunneling.

Related to cyberattack, the term cyberwarfare is gaining popularity nowadays. Cyberwarfare is the use of cyberattacks by a state or an organization to cause harm as in warfare against another state's or organization's computer information systems, networks, and infrastructures.

Military, civil, and ideological motivations, or hacktivism can be used to launch a cyberwarfare. For these reasons, cyberwarfare may be used to conduct espionage, sabotage, propaganda, and economic disruption.

Considering highly digitalized business processes such as e-mails, digital banking, online conference, and digital manufacturing methods, damage of cyberwarfare to businesses and countries are unavoidable. As a result, developing strategies for defending against cyberattacks and cyberwarfare is critical for businesses. The concepts of cyberattack and cyberwarfare, as well as business strategies to be protected against them will be discussed in this chapter.

This paper aims to manage the dilemma of cyberspace operations, as the incidence of cybercrimes has increased tremendously in the past few decades, turning cyberspace into a field of war in which all nations must fight. For many countries, cyberattacks and conflicts, and even the basic operation of cyberspace in general, are new territories. Furthermore, international law today does not address many aspects of cyber warfare, as it typically has dealt with only traditional warfare.

This study examined this crime whether it is a domestic or an international crime and whether cyber wars are under international law or domestic law to address these issues.

Although many attempts to criminalize these actions occurred, the findings suggest that the world has failed to frame the legal instruments against cyberattacks. The findings also suggest recommendations to solve this issue.

To the best of the author’s knowledge, this study analyzed the comparison between the same crime in the perspective of domestic and international law, highlighting an unsolved dilemma in the world, suggesting some unprecedented solutions to solve.

The banking industry has always been vulnerable to cyberattacks. In recent years, Pakistan’s banking sector experienced the most intense cyberattack in its over 70-year history. Due to these attacks, a large number of debit card accounts of major banks were negotiated. This study aims to examine the impact of cyberattack awareness and customers’ commitment levels after these cyberattacks.

The study integrated the commitment–trust theory framework for the relationship of trust and commitment to the usage of online banking services. The partial least square structural equation modeling is being used to explore the relationship between customer’s trust, which is an outcome of continuous usage, and customer perception of affirmative cybersecurity measures the bank.

The findings revealed that customer trust in online banking is positively associated with customer commitment, but customers’ cyberattack awareness negatively impacts customer trust and commitment to online banking.

The study highlights the importance of proactive communication, transparency and robust incident response that helps organizations establish themselves as trustworthy entities while prioritizing customer information and transaction protection.

The authors report on how cyberattacks on the banking sector influence the trust and commitment of the customers in the sector. The variable of cyberattack awareness used in this study is novel in online banking literature.

The contribution of this study aims to twofold: First, it provides an overview of the current state of research on cyberattacks on Chinese supply chains (SCs). Second, it offers a look at the Chinese Government’s approach to fighting cyberattacks on Chinese SCs and its calls for global governance.

A comprehensive literature review was conducted on Clarivate Analytics’ Web of Science, in Social Sciences Citation Index journals, Scopus and Google Scholar, published between 2010–2021. A systematic review of practitioner literature was also conducted.

Chinese SCs have become a matter of national security, especially in the era of cyber warfare. The risks to SC have been outlined. Cybersecurity regulations are increasing as China aims to build a robust environment for cyberspace development. Using the Technology-organization-environment (TOE) framework, the results show that the top five factors influencing the adoption process in firms are as follows: relative advantage and technological readiness (Technology context); top management support and firm size (Organization context) and government policy and regulations (Environment context).

This review focuses on cyberattacks on Chinese SCs and great care was taken when selecting search terms. However, the author acknowledges that the choice of databases/terms may have excluded a few articles on cyberattacks from this review.

This review provides managerial insights for SC practitioners into how cyberattacks have the potential to disrupt the global SC network.

Past researchers proposed a taxonomic approach to evaluate progress with SC integration into Industry 4.0; in contrast, this study is one of the first steps toward an enhanced understanding of cyberattacks on Chinese SCs and their contribution to the global SC network using the TOE framework.

The study uses cyberattacks announcements on 96 firms that are listed on S&P 500 over the period from January 03, 2013, to December 29, 2017.

The empirical analysis was performed in two ways: cross-section and industry level. The authors use statistical tests that account for the effects of cross-section correlation in returns, returns series correlation, volatility changes and skewness in the returns.

These imply that studying the cumulative effects of cyberattacks on prices of listed firms without grouping them into the various sectors may be non-informative; financial sector firms tend to react cumulatively to cyberattacks over a three-day period than other sectors; and technology firms tend to be less reactive to the announcement of a data breach. Such firms may possibly have the necessary tools and techniques to address large-scale cyberattacks.

For cross-section analysis, the outcome shows that the market does not significantly react to cyberattacks for all the event windows, except [−30, 30], while for the sector-level analysis, the analysis offers two main results.

First, while there is a firm reaction to cyberattacks for long event window for retail sector, there is no evidence of a cumulative firm reaction to cyberattacks for both short and long event windows for the industrial, information technology and health sectors. Second, the firms in the financial sector, there is a strong evidence of cumulative reaction to cyberattacks for [−1, 1] for the financial industry, and the reactions disappear for relatively longer event windows.

These imply that studying the cumulative effects of cyberattacks on prices of listed firms without grouping them into the various sectors may be non-informative, the financial sector firms tend to react cumulatively to cyberattacks over a three-day period than other sectors, technology firms tend to be less reactive to the announcement of a data breach, possibly such firms may have the necessary tools and techniques to address large-scale cyberattacks.

The work provides new insights into the effect of cyber security on stock prices.

This paper aims to analyze the changes in cyberattacks against the health-care sector during the COVID-19 pandemic.

The changes in cyberattacks of the health-care sector are analyzed by examination of the number and essence of published news concerning cybersecurity attacks on the health-care sector during 2019 and compared them to those published during 2020, based on two main websites, which review such incidents.

This study found that there was a significant growth in reports of cyberattacks on the health-care sector. Moreover, the number of cyberattacks fit interestingly to the pattern of waves of the disease, which expanded worldwide. During the first wave the number of reports was doubled or even tripled, compared to the same period in 2019, a tendency that was slightly waned afterwards.

This study helps to deepen the awareness of information security implications of a potential global devastating crisis, even in the cybersecurity domain, and on the health-care sector, among various other affected sectors and domains.

COVID-19 pandemic created long-term wide-range changes that affect every individual and sector, mainly owing to the shift to remote working model, which impose long-term new cybersecurity changes, among them to the health-care industry.

This paper extends the existing information on implication of remote working model on information security and of the COVID-19 pandemic on the cybersecurity of health-care institutions around the world.

Cyber resilience has emerged as an approach for seaports to deal with cyberattacks; it emphasizes ports’ ability to prepare for an attack and to keep operating and recover quickly. However, little research has been undertaken on the challenges of governing cyber risks in seaports. This study aims to address this gap.

Governing cyber resilience is shaped by distributed responsibilities, uncertainties and ambiguities. The authors use this conceptualization to explore the governance of cyber risks in seaports, taking the Port of Rotterdam as a case study and analyzing semistructured interviews with stakeholders, participatory observation and policy documents and legislation.

The authors found that many strategies for governing cyber risks remain dedicated to protecting computer systems against cyberattacks. Nevertheless, port stakeholders have also developed strategies in anticipation of disruptions. However, these strategies appear informal and uncoordinated due to a lack of information exchange, insufficient knowledge regarding cyber risks and disagreement about how to make the Port of Rotterdam cyber resilient. What mainly hampers the cyber resilience of the port is the lack of a comprehensive regulatory framework and economic incentives. The authors conclude that resilience is merely an ideal at the Port of Rotterdam, meaning related governance strategies remain incremental and await institutionalization.

This paper offers insights into the cyber resilience of critical socio-technical systems, which have been underexposed in cyber resilience debates, but, when exploited, can manifest in large-scale disruptions.

This paper aims to outline how destructive communication exemplified by ransomware cyberattacks destroys the process of organization, causes a “state of exception,” and thus constitutes organization. The authors build on Agamben's state of exception and translate it into communicative constitution of organization (CCO) theory.

A significant increase of cyberattacks have impacted organizations in recent times and laid organizations under siege. This conceptual research builds on illustrative cases chosen by positive deviance case selection (PDCS) of ransomware attacks.

CCO theory focuses mainly on ordering characteristics of communication. The authors aim to complement this view with a perspective on destructive communication that destroys the process of organization. Based on illustrative cases, the authors conceptualize a process model of destructive CCO.

The authors expand thoughts about a digital “corporate immune system” to question current offensive cybersecurity strategies of deterrence and promote resilience approaches instead.

Informed by destructive communication of cyberattacks, this theory advancement supports arguments to include notions of disorder into CCO theory. Furthermore, the paper explains where disruptions like cyberattacks may trigger sensemaking and change to preserve stability. Finally, a novel definition of ‘destructive CCO’ is provided: Destructive Communication Constitutes Organization by disrupting and destroying its site and surface while triggering sensemaking and becoming part of sensemaking itself.

Nonexperts do not always follow the advice in cybersecurity warning messages. To increase compliance, it is recommended that warning messages use nontechnical language, describe how the cyberattack will affect the user personally and do so in a way that aligns with how the user thinks about cyberattacks. Implementing those recommendations requires an understanding of how nonexperts think about cyberattack consequences. Unfortunately, research has yet to reveal nonexperts’ thinking about cyberattack consequences. Toward that end, the purpose of this study was to examine how nonexperts think about cyberattack consequences.

Nonexperts sorted cyberattack consequences based on perceived similarity and labeled each group based on the reason those grouped consequences were perceived to be similar. Participants’ labels were analyzed to understand the general themes and the specific features that are present in nonexperts’ thinking.

The results suggested participants mainly thought about cyberattack consequences in terms of what the attacker is doing and what will be affected. Further, the results suggested participants thought about certain aspects of the consequences in concrete terms and other aspects of the consequences in general terms.

This research illuminates how nonexperts think about cyberattack consequences. This paper also reveals what aspects of nonexperts’ thinking are more or less concrete and identifies specific terminology that can be used to describe aspects that fall into each case. Such information allows one to align warning messages to nonexperts’ thinking in more nuanced ways than would otherwise be possible.

The purpose of this study is to understand why individuals choose to avoid using e-services due to security concerns and perceived risk when these factors are affected by the perceived degree of government cybersecurity preparedness against cyberattacks.

The authors adopt the information systems success model to predict the role of government security preparedness efforts in influencing the determinants of e-services avoidance. The conceptual model includes four variables: security concerns, perceived risk of cyberattacks, perceived government cybersecurity preparedness and e-services avoidance. Data from 774 participants were used to analyze our conceptual model.

First, the findings show that security concerns regarding personal information safety and perceived risk of cyberattacks are barriers to e-services use, with the former having a stronger effect. Second, the findings showed that perceived government cybersecurity preparedness significantly reduces security concerns and perceived risk of cyberattacks. Third, the post hoc group analysis between individuals with a bachelor’s degree or higher versus those without a bachelor’s degree showed that the effect of both security concerns and perceived risk of cyberattacks on e-services avoidance was greater for individuals without a bachelor’s degree. The same relationship between perceived risk of cyberattacks and e-services avoidance was not supported for individuals with a bachelor’s degree or higher.

Extant privacy research fails to adequately examine the role of institutional factors, such as government efforts, and how these mitigate or amplify cybersecurity concerns and risks related to e-services. This research takes the first step toward addressing this limitation by examining the influence of government cybersecurity preparedness efforts on the determinants of e-services avoidance.