Search results

The purpose of this research paper is to review and synthesize the role of blockchain technology (BCT) in various types of illegal activities, including but not limited to fraud, money laundering, ransomware attacks, firearms, drug tracking, cyberattacks, identity theft and scams.

The authors conducted a review of studies related to illegal activities using blockchain from 2015 to 2023. Next, a thematic review of the literature was performed to see how these illegal activities were conducted using BCT.

Through this study, the authors identify the relevant themes that highlight the major illegal activities performed using BCT, its possible steps for prevention and the opportunities for future developments. Finally, the authors provide suggestions for future research using the theory, context and method framework.

No other research has synthesized the illegal activities using BCT through a thematic approach to the best of the authors’ knowledge. Hence, this study will act as a starting point for future research for academic and technical practitioners in this area.

The threat of cybercrime is pervasive. Corporations cannot be convinced, out of sheer luck or naïve conviction, that they will remain unaffected. When targeted, the stark reality is that a company also incurs a liability risk. This paper aims to explore the boundaries of liability resulting from a data breach and privacy concerns according to the emerging regulations on cybersecurity.

The nature of cybercrime and its constant evolution is analysed as a threat of liability. Its distinctly modern developments require consideration. In response to the threat of hackers, the protection that a corporation can invoke is also considered as a mitigating factor in ascribing liability.

Preventative steps to protect a corporation from cyberthreats must remain a consistent priority in the running of a company. The influence of human behaviour has become a foreseeable element in cybersecurity and as such the management of unreliable user behaviour is a key determining factor in ascribing liability in hindsight.

Foresight is everything in the prevention of cyberattacks. Cyberattacks can no longer be dismissed as an unlikely eventuality. Legislation on data security and data privacy is demanding higher standards of preventative action, under the duty of care to stakeholders. There is a substantial literature deficit on data security and data liability regulations in light of the liability risk incurred by cyberattacks.

The study provides a comprehensive understanding of the issues and illegal activities related to cryptocurrencies and their negative repercussions. This study aims to identify and classify cryptocurrency downsides using grounded theory and in-depth interviews. The study also analysed investors’ reluctance to invest in cryptocurrency. This pioneering qualitative study illuminates a deep and multifaceted criminal aspect of cryptocurrency.

The study conducted in-depth interviews with respondents who have experience and knowledge of cryptocurrency investments. The interviews were recorded and transcribed. The analysis was performed using the NVivo 14 software in the study.

The study specified two major types of cryptocurrency’s negative aspects: barriers and illegal usage. Barriers to cryptocurrency investment include technological, security, trust, market-related and regulatory reasons. Terrorist funding, money laundering, fraud and ransom payments are all examples of illegal usage. The results of the word cloud analysis are consistent with the overall findings of the survey, which highlighted illegal usage as a prominent negative element of cryptocurrencies. It is a key reason why cryptocurrency is not included in investing portfolios by investors.

The study’s findings provide useful insights for policymakers to develop better methods for successfully mitigating risks and ensuring responsible and sustainable usage of cryptocurrencies. In addition, the study could serve as a stepping stone for more cryptocurrency-related studies, contributing to the development of a more complete and nuanced comprehension of this emergent technology and its societal effects.

This paper aims to examine the conditions under which small and medium enterprises (SMEs) invest in security services when they migrate their e-commerce applications to the cloud environment. Using a risk management perspective, the paper assesses the impact of security service pricing, security incident prevalence and virulence to estimate SME security spending at the market level and draw out implications for SMEs and security service providers.

Security risks are inherently characterized by uncertainty. This study uses a Monte Carlo approach to understand the role of uncertainty in the decision to adopt security services. A model relating key security constructs is assembled based on key constructs from the domain. By manipulating security service costs and security incident types, the model estimates the market-level adoption of services, security incidents and damages incurred, along with measures of their relative dispersion.

Three key findings emerge from this study. First, adoption of services and protection is higher when tiered security services are provided, indicating that SMEs prefer to choose their security services rather than accept uniformly priced products. Second, SMEs are considered price-sensitive, resulting in a maximum level of spending in the market. Third, results indicate that security incidents and damages can be much higher than the mean in some cases, and this should serve as a cautionary note to SMEs.

Security spending has been modeled at the firm level. Adopting a market-level perspective represents a novel contribution. Additionally, the Monte Carlo approach provides managers with tangible measures of uncertainty, affording additional information and insight when making security service adoption decisions.

This paper aims to discuss the experiences designing and conducting an experiential learning virtual incident response tabletop exercise (VIRTTX) to review a business's security posture as it adapts to remote working because of the Coronavirus 2019 (COVID-19). The pandemic forced businesses to move operations from offices to remote working. Given that this happened quickly for many, some firms had little time to factor in appropriate cyber-hygiene and incident prevention measures, thereby exposing themselves to vulnerabilities such as phishing and other scams.

The exercise was designed and facilitated through Microsoft Teams. The approach used included a literature review and an experiential learning method that used scenario-based, active pedagogical strategies such as case studies, simulations, role-playing and discussion-focused techniques to develop and evaluate processes and procedures used in preventing, detecting, mitigating, responding and recovering from cyber incidents.

The exercise highlighted the value of using scenario-based exercises in cyber security training. It elaborated that scenario-based incident response (IR) exercises are beneficial because well-crafted and well-executed exercises raise cyber security awareness among managers and IT professionals. Such activities with integrated operational and decision-making components enable businesses to evaluate IR and disaster recovery (DR) procedures, including communication flows, to improve decision-making at strategic levels and enhance the technical skills of cyber security personnel.

It maintained that the primary implication for practice is that they enhance security awareness through practical experiential, hands-on exercises such as this VIRTTX. These exercises bring together staff from across a business to evaluate existing IR/DR processes to determine if they are fit for purpose, establish existing gaps and identify strategies to prevent future threats, including during challenging circumstances such as the COVID-19 outbreak. Furthermore, the use of TTXs or TTEs for scenario-based incident response exercises was extremely useful for cyber security practice because well-crafted and well-executed exercises have been found to serve as valuable and effective tools for raising cyber security awareness among senior leadership, managers and IT professionals (Ulmanová, 2020).

This paper underlines the importance of practical, scenario-based cyber-IR training and reports on the experience of conducting a virtual IR/DR tabletop exercise within a large organisation.