Search results

1 – 10 of 467
To view the access options for this content please click here
Article

Raman Singh, Harish Kumar, Ravinder Kumar Singla and Ramachandran Ramkumar Ketti

The paper addresses various cyber threats and their effects on the internet. A review of the literature on intrusion detection systems (IDSs) as a means of mitigating…

Abstract

Purpose

The paper addresses various cyber threats and their effects on the internet. A review of the literature on intrusion detection systems (IDSs) as a means of mitigating internet attacks is presented, and gaps in the research are identified. The purpose of this paper is to identify the limitations of the current research and presents future directions for intrusion/malware detection research.

Design/methodology/approach

The paper presents a review of the research literature on IDSs, prior to identifying research gaps and limitations and suggesting future directions.

Findings

The popularity of the internet makes it vulnerable against various cyber-attacks. Ongoing research on intrusion detection methods aims to overcome the limitations of earlier approaches to internet security. However, findings from the literature review indicate a number of different limitations of existing techniques: poor accuracy, high detection time, and low flexibility in detecting zero-day attacks.

Originality/value

This paper provides a review of major issues in intrusion detection approaches. On the basis of a systematic and detailed review of the literature, various research limitations are discovered. Clear and concise directions for future research are provided.

Details

Online Information Review, vol. 41 no. 2
Type: Research Article
ISSN: 1468-4527

Keywords

To view the access options for this content please click here
Article

Ehinome Ikhalia, Alan Serrano, David Bell and Panos Louvieris

Online social network (OSN) users have a high propensity to malware threats due to the trust and persuasive factors that underpin OSN models. The escalation of social…

Abstract

Purpose

Online social network (OSN) users have a high propensity to malware threats due to the trust and persuasive factors that underpin OSN models. The escalation of social engineering malware encourages a growing demand for end-user security awareness measures. The purpose of this paper is to take the theoretical cybersecurity awareness model TTAT-MIP and test its feasibility via a Facebook app, namely social network criminal (SNC).

Design/methodology/approach

The research employs a mixed-methods approach to evaluate the SNC app. A system usability scale measures the usability of SNC. Paired samples t-tests were administered to 40 participants to measure security awareness – before and after the intervention. Finally, 20 semi-structured interviews were deployed to obtain qualitative data about the usefulness of the App itself.

Findings

Results validate the effectiveness of OSN apps utilising a TTAT-MIP model – specifically the mass interpersonal persuasion (MIP) attributes. Using TTAT-MIP as a guidance, practitioners can develop security awareness systems that better leverage the intra-relationship model of OSNs.

Research limitations/implications

The primary limitation of this study is the experimental settings. Although the results testing the TTAT-MIP Facebook app are promising, these were set under experimental conditions.

Practical implications

SNC enable persuasive security behaviour amongst employees and avoid potential malware threats. SNC support consistent security awareness practices by the regular identification of new threats which may inspire the creation of new security awareness videos.

Social implications

The structure of OSNs is making it easier for malicious users to carry out their activities without the possibility of detection. By building a security awareness programme using the TTAT-MIP model, organisations can proactively manage security awareness.

Originality/value

Many security systems are cumbersome, inconsistent and non-specific. The outcome of this research provides organisations and security practitioners with a framework for designing and developing proactive and tailored security awareness systems.

Details

Information Technology & People, vol. 32 no. 5
Type: Research Article
ISSN: 0959-3845

Keywords

To view the access options for this content please click here
Article

Ali Vafaei-Zadeh, Ramayah Thurasamy and Haniruzila Hanifah

This paper aims to investigate the impact of perceived price level and information security awareness on computer users’ attitude. Moreover, this study aims to investigate…

Abstract

Purpose

This paper aims to investigate the impact of perceived price level and information security awareness on computer users’ attitude. Moreover, this study aims to investigate the effect of attitude, subjective norms and perceived behavioral control (PBC) on intention to use anti-malware software.

Design/methodology/approach

Data were collected using a structured questionnaire from 225 students of five public universities in Malaysia. Purposive sampling technique was used in this study. AMOS 24 was used to test the research framework using a two-step approach.

Findings

Findings give support to some of the hypotheses developed with R2 values of 0.521 for attitude and 0.740 for intention. Perceived price level had a negative effect on attitude while information security awareness had a positive effect on attitude and intention. Attitude, subjective norms and PBC were all positively related to intention, but perceived price level did not affect intention. This suggests that benefits of using anti-malware are more than its price value. Therefore, the price has no direct effect on intention to use.

Research limitations/implications

University computer networks are as open and inviting as their campuses. Therefore, this research can be helpful to the universities to safeguard their networks and encourage the students to use anti-malware. However, using anti-malware software will enable an individual to identify and prioritize security risks, quickly detect and mitigate security breaches, improve the understanding of security gaps and safeguard the sensitive data by minimizing the risks related to malware.

Originality/value

This study ventured to model the information security behavior of anti-malware usage by individual users by using the theory of planned behavior with the addition of two new variables, perceived price level and information security awareness to explain the behavior better.

To view the access options for this content please click here
Article

Wu He, Ivan Ash, Mohd Anwar, Ling Li, Xiaohong Yuan, Li Xu and Xin Tian

An organization’s ability to successfully manage intellectual capital is determined by the actions of its employees to prevent or minimize information security incidents…

Abstract

Purpose

An organization’s ability to successfully manage intellectual capital is determined by the actions of its employees to prevent or minimize information security incidents. To prevent more data breaches to intellectual capital, organizations must provide regular cybersecurity awareness training for all personnel. The purpose of this paper is to investigate the effect of different evidence-based cybersecurity training methods on employees’ cybersecurity risk perception and self-reported behavior.

Design/methodology/approach

The study participants were randomly assigned into four groups (i.e. malware report, malware videos, both malware report and malware videos and no interventions) to assess the effects of cybersecurity training on their perceptions of vulnerability, severity, self-efficacy, security intention as well as their self-reported cybersecurity behaviors.

Findings

The results show that evidence-based malware report is a relatively better training method in affecting employees’ intentions of engaging in recommended cybersecurity behaviors comparing with the other training methods used in this study. A closer analysis suggests whether the training method contains self-relevant information could make a difference to the training effects.

Originality/value

This paper reports an in-depth investigation on how different evidence-based cybersecurity training methods impact employees’ perceptions of susceptibility, severity, self-efficacy, security intention as well as on their self-reported cybersecurity behaviors.

Details

Journal of Intellectual Capital, vol. 21 no. 2
Type: Research Article
ISSN: 1469-1930

Keywords

Content available
Article

Steven Furnell and Samantha Dowling

The purpose of this paper is to review current evidence in relation to scale and impacts of cyber crime, including various approaches to defining and measuring the problem.

Abstract

Purpose

The purpose of this paper is to review current evidence in relation to scale and impacts of cyber crime, including various approaches to defining and measuring the problem.

Design/methodology/approach

A review and analysis of survey evidence is used to enable an understanding of the scope and scale of the cyber crime problem, and its effect upon those experiencing it.

Findings

The analysis evidences that cyber crime exists in several dimensions, with costs and harms that can be similarly varied. There is also a sense that, moving forward, the “cyber” label will become somewhat redundant as many crimes have the potential to have a technology component.

Research limitations/implications

The key evidence in this particular discussion has some geographic limitations, with much of the discussion focussed upon data drawn from the Crime Survey for England and Wales, as well as other UK-based sources. However, many of the broader points still remain more widely relevant.

Practical implications

This study helps in: better understanding the range and scale of cyber crime threats; understanding how the cyber element fits into the wider context of crime; improving the appreciation of what cyber crime can mean for potential victims; and recognising the cost dimensions, and the implications for protection and response.

Social implications

The discussion will help businesses and individuals to have a better appreciation of the cyber crime threat, and what ought to be considered in response to it.

Originality/value

The discussion is based upon recent evidence, and therefore represents a more up-to-date view of the cyber crime landscape than reviews already available in earlier literature.

Details

Journal of Criminological Research, Policy and Practice, vol. 5 no. 1
Type: Research Article
ISSN: 2056-3841

Keywords

To view the access options for this content please click here
Article

Pintu Shah and Anuja Agarwal

For a good number of Indians, their smartphone is their first digital computing device. They have less experience in dealing with the Internet-enabled device and hence…

Abstract

Purpose

For a good number of Indians, their smartphone is their first digital computing device. They have less experience in dealing with the Internet-enabled device and hence less experience in handling security threats like malware as compared to users of other countries who have gone through the learning curve of handling such security threats using other Internet-enabled devices such as laptop and desktop. Because of this, the inexperienced Indian smartphone user may be vulnerable to Internet-related security breaches, as compared to the citizens of developed economies. Hence, it is essential to understand the attitude, behaviour and security practices of smartphone users in India. Limited research is available about the security behaviour of smartphone users in India as the majority of research in this domain is done outside India.

Design/methodology/approach

In this empirical study, the researchers identified 28 cybersecurity behaviours and practices through a survey of relevant literature. An online survey of identified cybersecurity behaviours and practices was administered to 300 smartphone users. Frequency analysis of the respondent data was done to understand the adoption of recommended cybersecurity behaviours and practices. Pearson’s chi-square with 5% level of significance has been used to test the hypotheses. Post hoc analysis with Bonferroni correction was conducted for statistically significant associations.

Findings

Overall, the respondents did not exhibit good cybersecurity behaviour. Respondents have adopted some of the most popular security features of the smartphone such as the use of screen lock. However, respondents have not adopted or are not aware of the technical security controls such as encryption and remote wipe. Statistically significant differences were found between the cybersecurity behaviour and practices and independent variables such as gender, age, mobile operating system (OS) and mother tongue. Respondents reported high level of motivation to protect their device and data, whereas they reported moderate level of threat awareness and the ability to protect to their device and data. Results of the comparative analysis with a similar study in China and the USA are also reported in this study.

Research limitations/implications

The main limitations of this study are as follows: the respondents' perceptions about their cybersecurity behaviours and practices were measured as opposed to their actual behaviours and practices and the generalizability of the study is limited because the sample size is small as compared to the total number of smartphone users in India.

Practical implications

The findings of this study may be useful for the design of effective cybersecurity prevention and intervention programs for general smartphone users of India.

Originality/value

This study provides an insight about cybersecurity behaviour of smartphone users in India. To the knowledge of the researchers, this is the first study to collect such quantitative data of smartphone users in India for a better understanding of the cybersecurity behaviours and practices. This study identified 28 cybersecurity behaviours and practices, which smartphone users should follow to improve cybersecurity.

Details

Information & Computer Security, vol. 28 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article

Deepa Mani, Kim-Kwang Raymond Choo and Sameera Mubarak

Opportunities for malicious cyber activities have expanded with the globalisation and advancements in information and communication technology. Such activities will…

Abstract

Purpose

Opportunities for malicious cyber activities have expanded with the globalisation and advancements in information and communication technology. Such activities will increasingly affect the security of businesses with online presence and/or connected to the internet. Although the real estate sector is a potential attack vector for and target of malicious cyber activities, it is an understudied industry. This paper aims to contribute to a better understanding of the information security threats, awareness, and risk management standards currently employed by the real estate sector in South Australia.

Design/methodology/approach

The current study comprises both quantitative and qualitative methodologies, which include 20 survey questionnaires and 20 face-to-face interviews conducted in South Australia.

Findings

There is a lack of understanding about the true magnitude of malicious cyber activities and its impact on the real estate sector, as illustrated in the findings of 40 real estate organisations in South Australia. The findings and the escalating complexities of the online environment underscore the need for regular ongoing training programs for basic online security (including new cybercrime trends) and the promotion of a culture of information security (e.g. when using smart mobile devices to store and access sensitive data) among staff. Such initiatives will enable staff employed in the (South Australian) real estate sector to maintain the current knowledge of the latest cybercrime activities and the best cyber security protection measures available.

Originality/value

This is the first academic study focusing on the real estate organisations in South Australia. The findings will contribute to the evidence on the information security threats faced by the sector as well as in develop sector-specific information security risk management guidelines.

Details

Information Management & Computer Security, vol. 22 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article

Ramaraj Palanisamy and Yang Wu

This study/ paper aims to empirically examine the user attitude on perceived security of enterprise systems (ES) mobility. Organizations are adopting mobile technologies…

Abstract

Purpose

This study/ paper aims to empirically examine the user attitude on perceived security of enterprise systems (ES) mobility. Organizations are adopting mobile technologies for various business applications including ES to increase the flexibility and to gain sustainable competitive advantage. At the same time, end-users are exposed to security issues when using mobile technologies. The ES have seen breaches and malicious intrusions thereby more sophisticated recreational and commercial cybercrimes have been witnessed. ES have seen data breaches and malicious intrusions leading to more sophisticated cybercrimes. Considering the significance of security in ES mobility, the research questions in this study are: What are the security issues of ES mobility? What are the influences of users’ attitude towards those security issues? What is the impact of users’ attitude towards security issues on perceived security of ES mobility?

Design/methodology/approach

These questions are addressed by empirically testing a security model of mobile ES by collecting data from users of ES mobile systems. Hypotheses were evolved and tested by data collected through a survey questionnaire. The questionnaire survey was administered to 331 users from Chinese small and medium-sized enterprises (SME). The data was statistically analysed by tools such as correlation, factor analysis, regression and the study built a structural equation model (SEM) to examine the interactions between the variables.

Findings

The study results have identified the following security issues: users’ attitude towards mobile device security issues; users’ attitude towards wireless network security issues; users’ attitude towards cloud computing security issues; users’ attitude towards application-level security issues; users’ attitude towards data (access) level security issues; and users’ attitude towards enterprise-level security issues.

Research limitations/implications

The study results are based on a sample of users from Chinese SMEs. The findings may lack generalizability. Therefore, researchers are encouraged to examine the model in a different context. The issues requiring further investigation are the role of gender and type of device on perceived security of ES mobile systems.

Practical implications

The results show that the key security issues are related to a mobile device, wireless network, cloud computing, applications, data and enterprise. By understanding these issues and the best practices, organizations can maintain a high level of security of their mobile ES.

Social implications

Apart from understanding the best practices and the key issues, the authors suggest management and end-users to work collaboratively to achieve a high level of security of the mobile ES.

Originality/value

This is an empirical study conducted from the users’ perspective for validating the set of research hypotheses related to key security issues on the perceived security of mobile ES.

Details

Information & Computer Security, vol. 29 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article

Adam B. Turner, Stephen McCombie and Allon J. Uhlmann

This paper aims to demonstrate the utility of a target-centric approach to intelligence collection and analysis in the prevention and investigation of ransomware attacks

Abstract

Purpose

This paper aims to demonstrate the utility of a target-centric approach to intelligence collection and analysis in the prevention and investigation of ransomware attacks that involve cryptocurrencies. The paper uses the May 2017 WannaCry ransomware usage of the Bitcoin ecosystem as a case study. The approach proves particularly beneficial in facilitating information sharing and an integrated analysis across intelligence domains.

Design/methodology/approach

This study conducted data collection and analysis of the component Bitcoin elements of the WannaCry ransomware attack. A note of both technicalities of Bitcoin operations and current models for sharing cyber intelligence was made. Our analysis builds on and further develops current definitions and strategies for sharing cyber threat intelligence. It uses the problem definition model (PDM) and generic target network model (TNM) to create an analytic framework for the WannaCry ransomware attack scenario, allowing analysts the ability to test their hypotheses and integrate and share data for collaborative investigation.

Findings

Using a target-centric intelligence approach to WannaCry 2.0 shows that it is possible to model the intelligence problem of collecting and analysing data related to inflows and outflows of Bitcoin-related ransomware transactions. Bitcoin transactions form graph networks and allow to build a target network model for collecting, analysing and sharing intelligence with multiple stakeholders. Although attribution and anonymity prevail under cryptocurrency usage, there is a means for developing transaction walks using this method to target nefarious cryptocurrency exchanges where criminals are inclined to cash out their proceeds of crime.

Originality/value

The application of a target-centric intelligence approach to the cryptocurrency components of a ransomware attack provides a framework for intelligence units to break down the problem in the financial domain and model the network behaviour of illicit Bitcoin transactions relating to ransomware.

Details

Journal of Money Laundering Control, vol. 22 no. 4
Type: Research Article
ISSN: 1368-5201

Keywords

To view the access options for this content please click here
Expert briefing

This campaign is part of a broader escalation of cyberattacks that aim to generate financial and non-financial rewards for the state.

Details

DOI: 10.1108/OXAN-DB256768

ISSN: 2633-304X

Keywords

Geographic
Topical
1 – 10 of 467