Search results

Cybersecurity has received growing attention from academic researchers and industry practitioners as a strategy to accelerate performance gains and social sustainability. Meanwhile, firms are usually prone to cyber-risks that emanate from their supply chain partners especially third-party logistics providers (3PLs). Thus, it is crucial to implement cyber-risks management in 3PLs to achieve social sustainability in supply chains. However, these 3PLs are faced with critical difficulties which tend to hamper the consistent growth of cybersecurity. This paper aims to analyze these critical difficulties.

Data were sourced from 40 managers in Nigerian 3PLs with the aid of questionnaires. A novel quantitative methodology based on the synergetic combination of interval-valued neutrosophic analytic hierarchy process (IVN-AHP) and multi-objective optimization on the basis of a ratio analysis plus the full multiplicative form (MULTIMOORA) is applied. Sensitivity analysis and comparative analysis with other decision models were conducted.

Barriers were identified from published literature, finalized using experts’ inputs and classified under organizational, institutional and human (cultural values) dimensions. The results highlight the most critical dimension as human followed by organizational and institutional. Also, the results pinpointed indigenous beliefs (e.g. cyber-crime spiritualism), poor humane orientation, unavailable specific tools for managing cyber-risks and skilled workforce shortage as the most critical barriers that show the highest potential to elicit other barriers.

By illustrating the most significant barriers, this study will assist policy makers and industry practitioners in developing strategies in a coordinated and sequential manner to overcome these barriers and thus, achieve socially sustainable supply chains.

This research pioneers the use of IVN-AHP-MULTIMOORA to analyze cyber-risks management barriers in 3PLs for supply chain social sustainability in a developing nation.

The purpose of this paper is to present the educational computer emergency response team (EduCERT) framework, an integrated response mechanism to bolster national cybersecurity through collaborative efforts in the higher education sector. The EduCERT framework addresses this gap by enhancing cyber security and mitigating cybercrime through collaborative incident management, knowledge sharing and university awareness campaigns.

The authors propose an EduCERT framework following the design science methodology. The framework is developed based on literature and input from focus group experts. Moreover, it is grounded in the principles of the technology-organization-environment framework, organizational learning and diffusion of innovations theory.

The EduCERT has eight components: infrastructure, governance, knowledge development, awareness, incident management, evaluation and continuous improvement. The framework reinforces national cybersecurity through cooperation between universities and the National Computer Emergency Response Team. The framework has been implemented in Jordan to generate a cybersecurity foundation for higher education. Evaluating the EduCERT framework’s influence on national cybersecurity highlights the importance of adopting comprehensive cyber-security policies and controls. The framework application shows its relevance, effectiveness, adaptability and alignment with best practices.

Despite the impact of applying the framework in the Jordanian context, it is essential to acknowledge that the proposed EduCERT framework’s practical implementation may encounter challenges specific to diverse international educational environment sectors. However, framework customization for global applicability could address varied educational institutions in other countries.

Furthermore, the proposed EduCERT framework is designed with universal applicability that extends beyond the specific country’s context. The principles and components presented in the framework can serve as valuable design advice for establishing collaborative and resilient cybersecurity frameworks in educational settings worldwide. Therefore, the research enhances the proposed framework’s practical utility and positions it as an invaluable contribution to the broader discourse on global cybersecurity in academia.

This paper enhances national cybersecurity in the higher education sector, addressing the need for a more integrated response mechanism. The EduCERT framework demonstrates its effectiveness, adaptability and alignment with best practices, offering valuable guidance for global educational institutions.

This study aims to examine how the Bank of Ghana’s (BoG’s) directive on establishing a Cyber and Information Security Governance Committee (CISGC) affects banks’ financial performance (FP) and efficiency. The FP of banks is measured by return on assets (ROA) and return on equity (ROE), while efficiency is measured by operational costs to operating revenue (CIR). The study examines the CISGC’s cyber and IT expertise, committee size, meetings and female representation features.

Data from 20 universal banks in Ghana between 2019 and 2022 was used to examine the impact of the CISGC features on Bank FP and efficiency using generalized least squares regression and robustness test.

CISGC’s cyber and IT expertise has a positive impact on ROA, but no impact on ROE or CIR. Their size, meetings and female representation do not affect performance. This highlights the need for key measures to be instituted for effective cyber and information security governance.

This study has several limitations. First, the scope was initially limited to universal banks in Ghana. Future studies should cover all banks operating in Ghana.

When forming the CISGC, banks should ensure that cybersecurity expertise is represented, and that female representation is considered. Additionally, given the ongoing evolution of cybersecurity threats, banks should ensure comprehensive digitization and robust cybersecurity safeguards.

To the best of the author’s knowledge, this study is the first to investigate how CISGC impacts bank performance in Ghana following the BoG’s Cyber and Information Security directive.

Intellectual property (IP) theft is an increasing threat that can lead to large financial losses and reputational harm. These attacks are typically noticed only after the IP is stolen, which is usually too late. This paper aims to investigate the psychological profile and the socio-technical events that statistically predict the likelihood of an IP threat.

This paper analyses 86 IP theft cases found in court documents. Two novel analyses are conducted. The research uses LLMs to analyse the personality of these insiders, which is followed by an investigation of the pathways to the attack using behaviour sequence analysis (BSA).

These IP theft insiders scored significantly higher on measures of Machiavellianism compared to the normal population. Socio-technical variables, including IP theft via photographs, travelling overseas, approaching multiple organisations and delivering presentations, were identified. Contrary to previous assumptions that there is a single pathway to an attack, the authors found that multiple, complex pathways lead to an attack (sometimes multiple attacks). This work, therefore, provides a new framework for considering critical pathways to insider attacks.

These findings reveal that IP theft insiders may come across as charming, star employees rather than the stereotype of disgruntled employees. Moreover, organisations’ policies may need to consider that IP theft occurs via non-linear and multiple pathways. This means that sequences of events need to be considered in detecting these attacks instead of anomalies outright. The authors also argue that there may be a case for “continuous evaluation” to detect insider activity.

This paper offers a new framework for understanding and studying insider threats. Instead of a single critical pathway, this work demonstrates the need to consider multiple interconnected pathways. It elucidates the importance of a multidisciplinary approach and provides opportunities to reconsider current practices in detection and prevention.