Search results
1 – 10 of 133
INT: LockBit disruption to unsettle ransomware market
Details
DOI: 10.1108/OXAN-ES285353
ISSN: 2633-304X
Keywords
Geographic
Topical
These trends include the rise in ‘double extortion’ ransomware attacks and supply chain attacks to obtain sensitive data and infiltrate computer networks through widely used…
Details
DOI: 10.1108/OXAN-DB286990
ISSN: 2633-304X
Keywords
Geographic
Topical
Shreya Sangal, Gaurav Duggal and Achint Nigam
The purpose of this research paper is to review and synthesize the role of blockchain technology (BCT) in various types of illegal activities, including but not limited to fraud…
Abstract
Purpose
The purpose of this research paper is to review and synthesize the role of blockchain technology (BCT) in various types of illegal activities, including but not limited to fraud, money laundering, ransomware attacks, firearms, drug tracking, cyberattacks, identity theft and scams.
Design/methodology/approach
The authors conducted a review of studies related to illegal activities using blockchain from 2015 to 2023. Next, a thematic review of the literature was performed to see how these illegal activities were conducted using BCT.
Findings
Through this study, the authors identify the relevant themes that highlight the major illegal activities performed using BCT, its possible steps for prevention and the opportunities for future developments. Finally, the authors provide suggestions for future research using the theory, context and method framework.
Originality/value
No other research has synthesized the illegal activities using BCT through a thematic approach to the best of the authors’ knowledge. Hence, this study will act as a starting point for future research for academic and technical practitioners in this area.
Details
Keywords
Fabian Maximilian Johannes Teichmann and Chiara Wittmann
The threat of cybercrime is pervasive. Corporations cannot be convinced, out of sheer luck or naïve conviction, that they will remain unaffected. When targeted, the stark reality…
Abstract
Purpose
The threat of cybercrime is pervasive. Corporations cannot be convinced, out of sheer luck or naïve conviction, that they will remain unaffected. When targeted, the stark reality is that a company also incurs a liability risk. This paper aims to explore the boundaries of liability resulting from a data breach and privacy concerns according to the emerging regulations on cybersecurity.
Design/methodology/approach
The nature of cybercrime and its constant evolution is analysed as a threat of liability. Its distinctly modern developments require consideration. In response to the threat of hackers, the protection that a corporation can invoke is also considered as a mitigating factor in ascribing liability.
Findings
Preventative steps to protect a corporation from cyberthreats must remain a consistent priority in the running of a company. The influence of human behaviour has become a foreseeable element in cybersecurity and as such the management of unreliable user behaviour is a key determining factor in ascribing liability in hindsight.
Originality/value
Foresight is everything in the prevention of cyberattacks. Cyberattacks can no longer be dismissed as an unlikely eventuality. Legislation on data security and data privacy is demanding higher standards of preventative action, under the duty of care to stakeholders. There is a substantial literature deficit on data security and data liability regulations in light of the liability risk incurred by cyberattacks.
Details
Keywords
The study provides a comprehensive understanding of the issues and illegal activities related to cryptocurrencies and their negative repercussions. This study aims to identify and…
Abstract
Purpose
The study provides a comprehensive understanding of the issues and illegal activities related to cryptocurrencies and their negative repercussions. This study aims to identify and classify cryptocurrency downsides using grounded theory and in-depth interviews. The study also analysed investors’ reluctance to invest in cryptocurrency. This pioneering qualitative study illuminates a deep and multifaceted criminal aspect of cryptocurrency.
Design/methodology/approach
The study conducted in-depth interviews with respondents who have experience and knowledge of cryptocurrency investments. The interviews were recorded and transcribed. The analysis was performed using the NVivo 14 software in the study.
Findings
The study specified two major types of cryptocurrency’s negative aspects: barriers and illegal usage. Barriers to cryptocurrency investment include technological, security, trust, market-related and regulatory reasons. Terrorist funding, money laundering, fraud and ransom payments are all examples of illegal usage. The results of the word cloud analysis are consistent with the overall findings of the survey, which highlighted illegal usage as a prominent negative element of cryptocurrencies. It is a key reason why cryptocurrency is not included in investing portfolios by investors.
Originality/value
The study’s findings provide useful insights for policymakers to develop better methods for successfully mitigating risks and ensuring responsible and sustainable usage of cryptocurrencies. In addition, the study could serve as a stepping stone for more cryptocurrency-related studies, contributing to the development of a more complete and nuanced comprehension of this emergent technology and its societal effects.
Details
Keywords
The attack exposed significant vulnerabilities in the global market for US Treasuries. It also signals that Chinese organisations, especially those that do business in the United…
Details
DOI: 10.1108/OXAN-DB283591
ISSN: 2633-304X
Keywords
Geographic
Topical
Derek L. Nazareth, Jae Choi and Thomas Ngo-Ye
This paper aims to examine the conditions under which small and medium enterprises (SMEs) invest in security services when they migrate their e-commerce applications to the cloud…
Abstract
Purpose
This paper aims to examine the conditions under which small and medium enterprises (SMEs) invest in security services when they migrate their e-commerce applications to the cloud environment. Using a risk management perspective, the paper assesses the impact of security service pricing, security incident prevalence and virulence to estimate SME security spending at the market level and draw out implications for SMEs and security service providers.
Design/methodology/approach
Security risks are inherently characterized by uncertainty. This study uses a Monte Carlo approach to understand the role of uncertainty in the decision to adopt security services. A model relating key security constructs is assembled based on key constructs from the domain. By manipulating security service costs and security incident types, the model estimates the market-level adoption of services, security incidents and damages incurred, along with measures of their relative dispersion.
Findings
Three key findings emerge from this study. First, adoption of services and protection is higher when tiered security services are provided, indicating that SMEs prefer to choose their security services rather than accept uniformly priced products. Second, SMEs are considered price-sensitive, resulting in a maximum level of spending in the market. Third, results indicate that security incidents and damages can be much higher than the mean in some cases, and this should serve as a cautionary note to SMEs.
Originality/value
Security spending has been modeled at the firm level. Adopting a market-level perspective represents a novel contribution. Additionally, the Monte Carlo approach provides managers with tangible measures of uncertainty, affording additional information and insight when making security service adoption decisions.
Details
Keywords
Giddeon Njamngang Angafor, Iryna Yevseyeva and Leandros Maglaras
This paper aims to discuss the experiences designing and conducting an experiential learning virtual incident response tabletop exercise (VIRTTX) to review a business's security…
Abstract
Purpose
This paper aims to discuss the experiences designing and conducting an experiential learning virtual incident response tabletop exercise (VIRTTX) to review a business's security posture as it adapts to remote working because of the Coronavirus 2019 (COVID-19). The pandemic forced businesses to move operations from offices to remote working. Given that this happened quickly for many, some firms had little time to factor in appropriate cyber-hygiene and incident prevention measures, thereby exposing themselves to vulnerabilities such as phishing and other scams.
Design/methodology/approach
The exercise was designed and facilitated through Microsoft Teams. The approach used included a literature review and an experiential learning method that used scenario-based, active pedagogical strategies such as case studies, simulations, role-playing and discussion-focused techniques to develop and evaluate processes and procedures used in preventing, detecting, mitigating, responding and recovering from cyber incidents.
Findings
The exercise highlighted the value of using scenario-based exercises in cyber security training. It elaborated that scenario-based incident response (IR) exercises are beneficial because well-crafted and well-executed exercises raise cyber security awareness among managers and IT professionals. Such activities with integrated operational and decision-making components enable businesses to evaluate IR and disaster recovery (DR) procedures, including communication flows, to improve decision-making at strategic levels and enhance the technical skills of cyber security personnel.
Practical implications
It maintained that the primary implication for practice is that they enhance security awareness through practical experiential, hands-on exercises such as this VIRTTX. These exercises bring together staff from across a business to evaluate existing IR/DR processes to determine if they are fit for purpose, establish existing gaps and identify strategies to prevent future threats, including during challenging circumstances such as the COVID-19 outbreak. Furthermore, the use of TTXs or TTEs for scenario-based incident response exercises was extremely useful for cyber security practice because well-crafted and well-executed exercises have been found to serve as valuable and effective tools for raising cyber security awareness among senior leadership, managers and IT professionals (Ulmanová, 2020).
Originality/value
This paper underlines the importance of practical, scenario-based cyber-IR training and reports on the experience of conducting a virtual IR/DR tabletop exercise within a large organisation.
Details
Keywords
INT: Cybersecurity risks and costs of hospitals rise
Details
DOI: 10.1108/OXAN-ES285541
ISSN: 2633-304X
Keywords
Geographic
Topical
INT: Clop hackers are adapting to US law enforcement