Search results

The purpose of this paper is to identify how the management structure of cybercriminals has changed and will continue to be revised in the future as their criminal business models are modified. In the early days of hacktivism, a distinction was made between a “hacker” and a “cracker”. The hacker was considered someone who was interested in the vulnerabilities in a computer system, but they were not out to exploit these vulnerabilities for illicit gains. Today, this is no longer true, as loosely coordinated gangs of computer hackers exploit vulnerabilities of financial institutions and the public to steal and transfer money across borders without difficulty.

The paper reviews legal cases dealing with the computer theft of assets from financial institutions and individuals. The focus is on external exploits of hackers not on employee’s theft of assets. It explores the management structure used by cybercriminals who have been caught and prosecuted by legal authorities in the USA and other countries. The paper discusses how this management structure has evolved from older traditional crime business models based on “family” relationships to morphing criminal gangs based in Russia, the Ukraine and other locations almost untouchable by the US legal authorities. These new criminal networks are based on knowledge relationships and quickly disappearing network connections. The paper concludes with a discussion regarding the management structure cybercriminals will follow in the future, as they continue their criminal activities.

The study provides indications of a trend toward more complex management and organizational structures among cybergangs.

Although there are many annual studies identifying the growth of cybercrime and the types of attacks being made, but there is not even a single study that shows how the cybercrime business model has changed over the past 20 years. From that perspective, the paper provides information of a changing and more effective business model for cyberattacks.

This paper aims to discuss the experiences designing and conducting an experiential learning virtual incident response tabletop exercise (VIRTTX) to review a business's security posture as it adapts to remote working because of the Coronavirus 2019 (COVID-19). The pandemic forced businesses to move operations from offices to remote working. Given that this happened quickly for many, some firms had little time to factor in appropriate cyber-hygiene and incident prevention measures, thereby exposing themselves to vulnerabilities such as phishing and other scams.

The exercise was designed and facilitated through Microsoft Teams. The approach used included a literature review and an experiential learning method that used scenario-based, active pedagogical strategies such as case studies, simulations, role-playing and discussion-focused techniques to develop and evaluate processes and procedures used in preventing, detecting, mitigating, responding and recovering from cyber incidents.

The exercise highlighted the value of using scenario-based exercises in cyber security training. It elaborated that scenario-based incident response (IR) exercises are beneficial because well-crafted and well-executed exercises raise cyber security awareness among managers and IT professionals. Such activities with integrated operational and decision-making components enable businesses to evaluate IR and disaster recovery (DR) procedures, including communication flows, to improve decision-making at strategic levels and enhance the technical skills of cyber security personnel.

It maintained that the primary implication for practice is that they enhance security awareness through practical experiential, hands-on exercises such as this VIRTTX. These exercises bring together staff from across a business to evaluate existing IR/DR processes to determine if they are fit for purpose, establish existing gaps and identify strategies to prevent future threats, including during challenging circumstances such as the COVID-19 outbreak. Furthermore, the use of TTXs or TTEs for scenario-based incident response exercises was extremely useful for cyber security practice because well-crafted and well-executed exercises have been found to serve as valuable and effective tools for raising cyber security awareness among senior leadership, managers and IT professionals (Ulmanová, 2020).

This paper underlines the importance of practical, scenario-based cyber-IR training and reports on the experience of conducting a virtual IR/DR tabletop exercise within a large organisation.

To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.

The authors gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. They conducted interviews with key stakeholders in Australian universities in order to validate these links.

The authors’ investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.

There is a need to acknowledge the different roles played by actors within the university and the relevance of information security to IC-related preservation.

Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.

This is one of the first studies to explore the connections between data and information security and the three core components of IC's knowledge security in the university context.

This paper aims to explore the use of soft systems methodology (SSM) to analyse the socio-technical information security issues in a major bank.

Case study research was conducted on a major bank. Semi-structured interviews with a purposive sample of key stakeholders in the business, comprising senior managers, security professionals and branch employees were conducted.

SSM was particularly useful for exploring the holistic information security issues, enabling models to be constructed which were valuable analytical tools and easily understood by stakeholders, which increased the receptiveness of the bank, and assisted with member validation. Significant risks were apparent from internal sources with weaknesses in aspects of governance and security culture.

This research uses a single case study and whilst it cannot be generalised, it identifies potential security issues others may face and solutions they may apply.

Information security is complex and addresses technical, governance, management and cultural risks. Banking attacks are changing, with greater focus on employees and customers. A systemic approach is required for full consideration. SSM is a suitable approach for such analysis within large organisations.

This study demonstrates how important benefits can be obtained by using SSM alongside traditional risk assessment approaches to identify holistic security issues. A holistic approach is particularly important given the increasing complexity of the security threat surface. Banking was selected as a case study because it is both critical to society and is a prime target for attack. Furthermore, developing economies are under-represented in information security research, this paper adds to the evidence base. As global finance is highly interconnected, it is important that banks in such economies do not comprise a weak link, and hence, results from this case have value for the industry as a whole.

The purpose of this study is to empirically analyse the key factors that influence the adoption of financial technology innovation in the country Germany. The advancement of mobile devices and their usage have increased the uptake of financial technology (FinTech) innovation. Financial sectors and startups see FinTech as a gateway to increase business opportunities, but mobile applications and other technology platforms must be launched to explore such opportunities. Mobile application security threats have increased tremendously and have become a challenge for both users and FinTech innovators. In this paper, the authors empirically inspect the components that influence the expectations of both users and organizations to adopt FinTech, such as customer trust, data security, value added, user interface design and FinTech promotion. The empirical results definitely confirm that data security, customer trust and the user design interface affect the adoption of FinTech. Existing studies have used the Technology Acceptance Model (TAM) to address this issue. The outcomes of this study can be used to improve the performance of FinTech strategies and enable banks to achieve economies of scale for global intensity.

In this paper, the authors empirically consider factors that influence the expectations of both users and organizations in adopting FinTech, such as customer trust, data security, value added, the user design interface and FinTech promotion. The results confirm that customer trust, data security and the user design interface affect the adoption of FinTech. This research proposes a model called “Intention to adopt FinTech in Germany,” constructs of which were developed based on the TAM and five additional components, as identified. The outcomes of this study can be used to improve the performance of FinTech strategies and enable banks to achieve economies of scale for global intensity.

The authors demonstrated that the number of mobile users in Germany is rapidly increasing; yet the adoption of FinTech is extremely sluggish. It is intriguing to reckon that 99 per cent of respondents had mobile devices, but only 10 per cent recognized FinTech. Further, it is significantly discouraging to perceive that only 10 of the 209 respondents had ever used FinTech services, representing under 1 per cent of the surveyed respondents. It is obvious that the FinTech incubators and banks offering FinTech services need to persuade their customers regarding the usefulness and value added advantages of FinTech. This study has been carried out to determine the key factors that influence and provoke FinTech adoption.

There are a few limitations in this study. Initially, this study focuses on FinTech implementation in Germany and not the whole of Europe. In addition, demographic and regional factors could be consolidated to inspect their particular impact on the intention to use FinTech services, particularly among younger users with a high interest in technology. Without these constraints, the authors could have gathered additional data for a more robust result and obtained new knowledge to further upgrade polices to enhance the FinTech adoption process. Future analysts can assist exploration of this topic by altering determinants in the unified theory of acceptance and use of technology model. Additionally, because the cluster sampling technique was used, the reported outcomes are not 100 per cent generalized to the German population. To accomplish a complete generalization, a basic random sampling strategy for the whole population is essential. The authors could also alleviate some limitations by examining how online vendors are performing with regard to FinTech to satisfy the needs of customers via case studies.

This study was conducted in Germany and might have produced different results if held in other countries, as technology acceptance is different in a different environment. For instance, the authors suspect that the results would be somewhat different, were the research to be conducted in the United Kingdom, where take-up of FinTech appears to be far greater than in Germany. Therefore, the authors’ results are only generalized for the country of Germany and not other geographical areas. Furthermore, respondents may have been influenced by past experiences about FinTech usage which might have led them to neglect to answer some questions. In spite of this, this study did not consider the influence of moderating variables such as age, education and FinTech services experience. The authors also neglected social impact and control factors, as their corresponding items disregarded the instrument dependability. Accordingly, the authors could not quantify social impact and control factors on FinTech use.

The outcomes of this study can be used to improve the performance of FinTech strategies and enable banks to accomplish economies of scale for global intensity. The authors do hope that this paper will serve to encourage FinTech innovators in their approach to FinTech and enable FinTech researchers to use past work with more prominent certainty, resulting in rigid hypothesis improvement in the future.

A considerable amount of revenue has been invested in the information technology (IT) infrastructure of banks to enhance their performance, but investment in IT remains a substantial risk regarding the return on investment (Carlson, 2015). Most banks and financial organizations around the globe are engaging in an extreme pressure from their customers and competitors to enhance IT.