Article

Determinants of Cybercrime Originating within a Nation: A Cross-country Study

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

8 Cybercrimes have an adverse impact on the reputation and economy of a nation. This paper investigates the factors that affect the frequency of cybercrime originating within a country. These factors were grouped into three categories, namely, economic capital, technological capital, and cybersecurity preparedness. On analyzing the data from 124 countries, it emerges that the economic capital and technological capital of a country are the primary factors that influence the frequency of cybercrime originating within it. Technological capital also partially mediates the relationship between economic capital and the frequency of cybercrime originating within the nation. Furthermore, the cybersecurity preparedness of a nation negatively moderates the relationship between technological capital and frequency of cybercrime originating within it. The findings have significant implications for policymakers at the national level and managers at the organizational level concerning cybersecurity preparedness. They should focus on both hard (legal, technical, organizational) and soft (training and co-operational) aspects of cybersecurity preparation to minimize the incidence of cybercrime within a nation.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... This theory suggests that criminals assess the potential rewards of a criminal act against the risks involved; this decision-making process is influenced by the individual's goals, available information, and situational factors-making RCT a critical tool for understanding the motivations behind criminal behaviors. It implies that altering the perceived costs or rewards can influence criminal behavior, thus providing a strategic foundation for crime prevention and security measures- Srivastava et al. (2020) detail how RCT can be used to understand how cybercriminals make decisions. Current research, for example, shows that cybercriminals, much like those committing crimes in the physical domain, assess the accessibility of the target and the robustness of the existing security apparatus to calculate the potential payoff from a successful attack (Baker & 29 Shortland, 2023). ...
... In cybersecurity, RCT has been adapted to analyze and predict cybercriminal behavior by examining attackers' choices when targeting systems, selecting tools, and exploiting vulnerabilities (Plachkinova & Vо, 2023;Srivastava et al., 2020). This theoretical framework is vital for understanding cyberattack decision-making processes and developing strategies to deter potential cyber criminals. ...
... This multidisciplinary approach leverages 45 insights from various fields to create a more comprehensive understanding of cybercriminal behavior and enhance the effectiveness of cybersecurity measures. Srivastava et al. (2020) notes that incorporating Rational Choice Theory into cyber threat analysis offers a nuanced perspective that highlights the importance of understanding and influencing the decision-making processes of potential attackers. As cyber threats continue to evolve, the application of RCT remains vital in the ongoing effort to protect critical digital infrastructure and sensitive information from increasingly sophisticated cyberattacks. ...
Thesis
Full-text available
This dissertation explores the application of the Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI) framework, a tool designed to systematically evaluate cybersecurity threats against critical infrastructure. TRACI integrates principles from Routine Activity and Rational Choice Theories to provide a detailed and comprehensive understanding of cybersecurity risks. This integration facilitates an in-depth analysis not only of how cyberattacks occur but also of the underlying reasons they are initiated, by categorizing and assessing risks based on factors such as attacker motivations and systemic vulnerabilities. By employing ANOVA to assess variations in risk assessment scores across TRACI's designated categories—Assets, Risk Management, and Attacker Motivation— the study investigates how these categories are effectively operationalized within the framework to enhance understanding of cyber threats. This analysis creates an understanding for developing predictive models and response strategies in critical infrastructure protection, offering insights not only into how attacks occur but also why they are initiated. The research operationalizes TRACI's risk categories using specific, measurable criteria derived from publicly available information and academic case studies, thus ensuring a comprehensive evaluation of the framework's application to real-world scenarios. This approach addresses the need for a theoretical foundation in risk assessment practices and potentially enhancing cybersecurity measures within critical infrastructures.
... However, as business activities migrated online, criminals joined, creating a surge in cybercrime (Savić, 2020). Cybercrime refers to illegal computer-mediated activities that often occur through a network of computers (Srivastava et al., 2020), typically the internet. Recent reports in cybercrime indicate growth in severity, with the prediction of loss of $6 trillion by end of 2021, an increase of $3 trillion from 2015 (Herjavic Group, 2020). ...
... Recent reports in cybercrime indicate growth in severity, with the prediction of loss of $6 trillion by end of 2021, an increase of $3 trillion from 2015 (Herjavic Group, 2020). Yet a recent survey revealed that only 30% of business organisations surveyed have clearly defined cybersecurity policies (Srivastava et al., 2020). There is, therefore, the need for researchers and businesses to give more attention to cybercrime, especially under COVID-19 conditions, with evidence showing that cybercrime threats have increased five-folds (Williams et al., 2020). ...
... The upsurge in cybercrime in recent times, and the loss of many businesses and investments, can be attributed to increase in internet traffic (Wiggen, 2020). With the increasing use of digital technologies, many socio-economic activities and, inappropriately, crime have shifted online (Hiscox, 2021;Srivastava et al., 2020). Analysis and research show that cybercrime is here to stay due to its lucrative and low-risk level (McGuire, 2018). ...
Article
Full-text available
The scare of the COVID-19 pandemic in the early stages and subsequent lockdowns by countries worldwide caused many business organisations to shut down their operations. To mitigate the effects of the ensuing socioeconomic hardships, businesses resorted to work-from-home and online digital interactions. However, as economic activities migrated online, criminals followed suit. This study employs qualitative research methodology and the combined theories of rational choice and general deterrence to explore the relationship between online activities during COVID-19 and cybercrime. The findings from this study show that COVID-19 norms increased and deepened the social circumstances that cybercriminals exploit to engage in their nefarious acts. These circumstances include stay-at-home, charity, global attention, known authorities, urgency, system vulnerabilities, lack of cybersecurity awareness training, and lack of qualified cybersecurity professionals. The study has implications for cybersecurity practices for business organisations and research.
... Literatur kuantitatif mengenai cybercrime di ASEAN juga masih terbatas. Srivastava et al. (2020) melakukan penelitian kualitatif tentang faktor-faktor yang memengaruhi cybercrime. Penelitian ini menunjukkan bahwa kejahatan siber dipengaruhi oleh faktor kapabilitas teknologi, kapabilitas ekonomi, dan kesiapan yang mencakup hukum, kerjasama, teknis, pengembangan kapabilitas, dan organisasi dalam bidang siber. ...
... Setiap kenaikan 1% pertumbuhan ekonomi dapat menurunkan GCI sebesar 1,050 dengan asumsi variabel bebas lainnya konstan. Hal tersebut sejalan dengan penelitian Srivastava et al. (2020) yang menyatakan bahwa negara-negara yang memiliki standar ekonomi yang lebih baik mungkin memiliki teknologi yang lebih baik, komputer siap pakai, dan internet lebih canggih. Hal tersebut memberikan fasilitas untuk melakukan kejahatan lebih mudah dan membuat keamanan lebih rentan. ...
... Indeks persepsi korupsi menunjukkan hasil yang tidak signifikan berpengaruh terhadap GCI di ASEAN. Hal tersebut sejalan dengan temuan Srivastava et al. (2020) yang menyatakan bahwa CPI tidak memengaruhi cybercrime. Begitu juga dengan pengguna mobile cellular, tidak berpengaruh signifikan terhadap GCI. ...
Article
The use of information and communication technology in ASEAN is massive and growing. This development not only has a positive impact, but also a negative one. In addition to advancements in various fields, criminality is also increasing. ASEAN is the fastest growing digital market in the world. As digital technology becomes more integrated into our lives, cybercrime will increase exponentially. This study aims to determine the overview and variables that affect cybercrime in ASEAN in 2015-2020. This research uses secondary data from ITU, World Bank, UNDP, and Transparency International the Global Coalition Against Corruption. Through descriptive analysis, it is found that the value of the Global Cybersecurity Index (GCI) in ASEAN has increased, but there is still a cybersecurity gap between countries in ASEAN. Through the panel data regression equation formed, it is found that economic growth, mobile broadband users, and average years of schooling significantly affect the GCI in ASEAN in 2015-2020. Meanwhile, the variables of mobile cellular users, technology exports, and corruption perception index do not have a significant effect. Therefore, governments in ASEAN countries are also expected to continue to increase economic growth and allocate budgets for technical implementation of cybersecurity. In addition, the government should maintain the stability of the number of mobile broadband users, and increase the average number of mobile broadband users.
... Often using technical data, cybersecurity firms, law enforcement agencies and international organisations regularly publish reports that identify the major sources of cyber attacks (see for example [21][22][23][24]). Some of these sources have been aggregated by scholars (see [20,[25][26][27][28][29]). But the kind of technical data contained in these reports cannot accurately measure offender location. ...
... .] phenomenon that other measurement instruments pick up." (p. 359) Most studies of the global cybercrime geography are, as noted in the introduction, based on technical measures that cannot accurately establish the true physical location of offenders (for example [1,4,28,33,45]). Comparing our results to these studies would therefore be of little value, as the phenomena being measured differs: they are measuring attack infrastructure, whereas the WCI measures offender location. ...
Article
Full-text available
Cybercrime is a major challenge facing the world, with estimated costs ranging from the hundreds of millions to the trillions. Despite the threat it poses, cybercrime is somewhat an invisible phenomenon. In carrying out their virtual attacks, offenders often mask their physical locations by hiding behind online nicknames and technical protections. This means technical data are not well suited to establishing the true location of offenders and scholarly knowledge of cybercrime geography is limited. This paper proposes a solution: an expert survey. From March to October 2021 we invited leading experts in cybercrime intelligence/investigations from across the world to participate in an anonymized online survey on the geographical location of cybercrime offenders. The survey asked participants to consider five major categories of cybercrime, nominate the countries that they consider to be the most significant sources of each of these types of cybercrimes, and then rank each nominated country according to the impact, professionalism, and technical skill of its offenders. The outcome of the survey is the World Cybercrime Index, a global metric of cybercriminality organised around five types of cybercrime. The results indicate that a relatively small number of countries house the greatest cybercriminal threats. These findings partially remove the veil of anonymity around cybercriminal offenders, may aid law enforcement and policymakers in fighting this threat, and contribute to the study of cybercrime as a local phenomenon.
... They also noted that countries with the greater gross domestic product (GDP) per capita and better ICT infrastructure were targeted more frequently. Meanwhile, Srivastava et al. (2020) pointed out that countries with better technology and economic capital were more likely to become the origins of cybercrime, but countries with better cybersecurity preparedness may reduce the frequency of the cybercrime originating within them. Moreover, Holt, Burruss, and Bossler (2018) suggested that nations with better technological infrastructure, greater political freedom, and fewer organised crime were more likely to report malware infections, while Overvest and Straathof (2015) suggested that the number of internet users, bandwidth, and economic ties were significantly related to cyberattack origin. ...
... This has prompted some researchers to use alternative data sources to measure cybercrime, including social media, online forums, emails, and cybersecurity companies (Holt and Bossler, 2015). Among these data sources, technical data such as spam emails, honeypots, IDS/ IPS or firewall logs, malicious domains/URLs, and IP addresses are often used as proxies for different aspects of cybercrime (Amin et al., 2021;Garg et al., 2013;Kigerl, 2012;Kigerl, 2016;Kigerl, 2021;Mezzour et al., 2014;Srivastava et al., 2020;Kshetri, 2010), accounting for a large proportion in the literature of macro-level cybercrime research. However, due to the anonymity and virtuality of cyberspace, cybercriminals are not restrained by national boundaries and could utilise compromised computers distributed around the world as a platform to commit cybercrime. ...
Article
Full-text available
Cybercrime is wreaking havoc on the global economy, national security, social stability, and individual interests. The current efforts to mitigate cybercrime threats are primarily focused on technical measures. This study considers cybercrime as a social phenomenon and constructs a theoretical framework that integrates the social, economic, political, technological, and cybersecurity factors that influence cybercrime. The FireHOL IP blocklist, a novel cybersecurity data set, is used to map worldwide subnational cybercrimes. Generalised linear models (GLMs) are used to identify the primary factors influencing cybercrime, whereas structural equation modelling (SEM) is used to estimate the direct and indirect effects of various factors on cybercrime. The GLM results suggest that the inclusion of a broad set of socioeconomic factors can significantly improve the model’s explanatory power, and cybercrime is closely associated with socioeconomic development, while their effects on cybercrime differ by income level. Additionally, results from SEM further reveals the causal relationships between cybercrime and numerous contextual factors, demonstrating that technological factors serve as a mediator between socioeconomic conditions and cybercrime.
... Theoretically, it is important to understand international perspectives to validate the applicability of any ethnocentric findings to global stakeholders and to make necessary refinements in existing research models. Several studies exist, albeit at a micro level, which examine several IS phenomena across countries (e.g., [6,19,33,34,42,56]). While they make important contributions, they are limited in the consideration of contextual factors and their ability to explain macro level phenomena. ...
... More recently, Khan et al., [33] have examined IT diffusion across multiple countries and consider legal and national culture factors in their analysis, and Krishnan and AlSudiary [34] have examined social network diffusion through the lens of national culture. The 2020 study by Srivastava et al., [56] investigates cybercrime across multiple countries and considers technological and economic factors to explain their findings. The study by Chen and Zahedi [6] does a two-country comparison of security perceptions and behaviors through the lens of national culture. ...
Article
In this research, we report the information technologies rated as important by IT professionals in thirty-seven countries of the world, thus enhancing our understanding of the global technology landscape. Past research has focused primarily on the U.S. technology issues, which although useful in the U.S. context, may not generalize to all other countries. Globally, four core technologies have been ranked high for most of the countries: networks/telecommunications, business intelligence/analytics, enterprise application integration, and mobile and wireless applications. There were also differences among countries. Statistical analyses were performed to analyze the nature of these differences based on the economic level of the country and its IT infrastructure capability. Further insights were generated by performing cluster analysis; grouping the countries into three clusters (optimizers, pragmatists, and progressives), and examining their characteristics and technology priorities. These results are useful for multinational companies, governments, and international agencies as they forge their technology strategies and make investment decisions. We also lay the foundation for ongoing research to better understand the contextual factors that explain the differences in technology priorities among nations.
... Often using technical data, cybersecurity firms, law enforcement agencies and international organisations regularly publish reports that identify the major sources of cyber attacks (see for example [21][22][23][24]). Some of these sources have been aggregated by scholars (see [20,[25][26][27][28][29]). But the kind of technical data contained in these reports cannot accurately measure offender location. ...
... .] phenomenon that other measurement instruments pick up." (p. 359) Most studies of the global cybercrime geography are, as noted in the introduction, based on technical measures that cannot accurately establish the true physical location of offenders (for example [1,4,28,33,45]). Comparing our results to these studies would therefore be of little value, as the phenomena being measured differs: they are measuring attack infrastructure, whereas the WCI measures offender location. ...
... On the one hand, regions with high levels of economic and technological development typically have more advanced network infrastructures and better communication conditions. From the perspective of rational choice theory, these regions could provide convenient and low-cost conditions for the implementation and spread of cybercrime, reducing opportunity costs while increasing potential criminal gains (Kumar and Carley, 2016;Srivastava et al., 2020). On the other hand, the relative contribution of R&D expenditure to cyber-dependent crime is higher than that to fraud, whereas GDP contributes more to fraud than to cyber-dependent crime. ...
Article
Full-text available
Cybercrime is a complex human behavior and social phenomenon. The COVID-19 pandemic has significantly altered socioeconomic activities, potentially causing changes in crime patterns. However, there has been limited research on how the interaction between the pandemic and socioeconomic factors affects cybercrime. Here we explore the spatiotemporal patterns of police-recorded cybercrime, including fraud and cyber-dependent crime, and employ a machine learning approach to assess the correlation of various factors on cybercrimes at the level of internal regions and police areas within the United Kingdom. Our results show that fraud and cyber-dependent crime are mainly concentrated in London and the southeast region of England. Moreover, following the implementation of the third national lockdown, these areas experienced a noticeable increase, while changes in other regions were not as pronounced. The spatial autocorrelation analysis further suggests that there are significant spatial heterogeneities among regions, with spatiotemporal hotspots centered around London and cold spots mainly concentrated in the northeast of England. Additionally, we found that the identified patterns of fraud and cyber-dependent crime are primarily associated with socioeconomic factors, followed by government containment measures and mobility factors. These findings can help law enforcement and regulatory agencies better understand the social-environmental factors contributing to the prevalence of cybercrime within those areas.
... El incremento de la tecnología asimismo ha transportado nuevas formas delictivas que tienen por medio los sistemas informáticos e internet (Leyva, 2021). El deterioro de las dimensiones de seguridad de la información y los delincuentes más inteligentes amenazan a las personas, las organizaciones y las naciones con delitos cibernéticos más nuevos, innovadores y más enfocados (Shashi et al., 2020). La ciberseguridad, ha sido regulada en cierta medida por normas administrativas y penales, pero algunas intervenciones constitucionales resultan de especial importancia (Fernandez, 2021). ...
Article
La cibedelincuencia ha registrado durante los últimos años un alto índice de daños a personas naturales como jurídicas en sus diferentes modalidades, siendo la falta de cultura digital el factor por el cual los ciberdelincuentes se valen para perpetrar sus ilícitos, el objetivo de la investigación fue identificar los factores que propician el accionar cibercriminal por la falta de cultura digital entendiéndose como tal las prácticas, costumbres y formas comunicación social que se realizan mediante el empleo de las tecnologías de la información y la comunicación y el Internet. Metodología se efectuó la metodología de revisión sistemática a través de la revisión teórica de fuentes secundarias, disponible en la base de datos Scopus, Ebscohost, Dialnet, Scielo y Redalyc. Se utilizó la búsqueda y revisión de producción científica filtrando los términos de: “cultura digital” y “ciberdelincuencia”. Los resultados refieren que la comunicación digital transforma la cultura y la producción, pero los ciberdelitos requieren medidas preventivas internacionales. Los jóvenes son los principales usuarios de las TIC y las redes sociales pueden promover contravalores. La falta de definición de la ciberdelincuencia dificulta su prevención. La transformación digital afecta nuestra forma de vida y se necesita más investigación sobre problemas sociales relacionados con las TIC. Medidas de prevención individualizadas pueden evitar delitos cibernéticos. Se concluye la importancia para las personas de cultivar una conciencia de seguridad en el buen empleo y manejo de las TIC e Internet, estableciéndose una cultura digital con medidas acertadas para precaver la incidencia de la ciberdelincuencia.
... However, whenever that potential incident actually takes place, it will transform from a threat to an attack or a cyberattack. Several researchers [14]- [16] have studied the impact of cyberattacks in terms of both physical damage and economic consequences. Many have categorized these cyber threats based on how they could occur, such as unintentional and intentional threats, natural disasters, software and hardware failure as well as internal and external threats. ...
Article
A cyberattack can be defined as an action aiming to cause damages and losses to computer networks, information systems, and even personal devices and data. Many professionals and organizations have put a lot of effort and resources into preventing cyberattacks based on how they occur, their targets, and what damages they can cause. However, one of the aspects that are often overlooked and one of the reasons that cyberattacks are successfully carried out is the fact that the nature of attackers' motivations is not fully understood. Therefore, this research examines the main reasons for cyberattacks to be carried out by adversaries and the motives behind cyberattacks. Specifically, we studied over 7,700 cyber records and events between 2006 and 2018, including data breaches, privacy violations, and cyber incidents, to learn how attack motives have evolved over the years. The analyses of the data were mainly carried out using descriptive analysis. Our study found that the early cyberattacks were mainly financially motivated. However, in the later years, the cyberattack motives included espionage, ideology, and skill and knowledge testing. This implies that the motives behind cyberattacks became more varied in terms of types, proportions, and correlations between them. It is hoped and expected that the results of the analyses will be helpful to various stakeholders in such a way that they will better understand the reasons and motivations for cyberattacks.
... [29] [1] According to Basuchoudhary & Searle [58] adware is annoying because it usually appears on all devices, especially smartphones and tablets, particularly when free software (freeware) or evaluation software (shareware) is installed. Authors that address the crime of Theft: [3], [17], [19], [5], [28], [29], [42], [62], [63], [65], [66], [67], [68], [70], [71], [73]; Terrorism: [3], [22], [50], [61]; Espionage: [3], [22], [24], [29], [42], [56], [58]; Usurpation: [15], [25], [29], [40], [42], [70], [72; Sabotage: [16], [18], [20]; Cyber harassment [21], [49], [57]; Fraud: [23], [24], [27], [39], [48], [51], [53], [9], [64]; Scam: [23], [26], [28], [46], [52], [64]; Identity theft: [25], [37], [55], [56], [58]; Money laundering: [30], [31]; Cybercrime: [18], [30], [31], [33], [34], [35], [38], [44], [72]; Child Pornography: [32], [36], [41], [43], [45], [57], [60]; Harassment: [46], [64]; Sexual violence: [54], [59]; Extortion: [5], [55], [56]. ...
Conference Paper
Full-text available
These days, technology facilitates the lives of many people. However, it has also assisted crime, which presents severe threats to the assets and tranquility of those who are victims. Therefore, it is necessary to know the types and forms of cybercrime that occur in various countries of Latin America, through a systematic analysis of the literature. Sixty-two articles obtained from the Scopus, Dialnet, and Scielo databases published between 2009 and 2021 were reviewed and analyzed following the classification proposed by Miró Linares. Among the results, it was found that the highest rate corresponds to economic cybercrimes with 43% , followed by social cybercrimes with 41% , and, fina lly, political cybercrimes with 16% , being the malware tool the m o st used. It is concluded that most studies on cybercrime come fro m European and American countries; and that theft, the use of malware (Booter, Spyware, Trojan, Adware, Ransomware) are the main tools for committing cybercrimes, being the most recurrent: theft, cybercrime, and fraud.
... Cybercrime negatively affects the country's economy and reputation. Srivastava et al. have grouped the frequency of cybercrime originating in a country into three categories, namely: economic capital, technological capital and cybersecurity [34]. According to their research, economic and technological capitals are the main factors influencing the frequency of cybercrime in the country. ...
Article
Full-text available
Cybercrime threatens the national security of different countries around the world. The growth of cyberattacks destabilizes the international order and disrupts the normal functioning of international relations. The purpose of the academic paper is to analyze the causes and economic consequences of the level of cybercrime in the world and to identify modern legal arrangements to combat cybercrime. In order to achieve the purpose outlined, the following methods have been used, namely: the method of comparison, analysis, element-theoretical method, method of generalization and analogy. It has been established that the level of cybercrime in the world and the economic consequences of its impact tend to increase. It is estimated that in 2020 the total cost of cybercrime and cybersecurity will exceed one trillion US dollars, which is more than 1% of world gross domestic product. The reasons have been determined why the number of cybercrimes are increasing (electronization and computerization of most industries, public sector; low level of operational cooperation; inconsistency of legal policy with the realities of cybercrime; development of cyber-attack mechanism; modernization of cybercrime; obstacles to international cooperation and so forth). The cause and effect interrelationship between the level of cybercrime, cybersecurity and legal methods of counteraction in different countries of the world has been proven. Three interrelated ways of the legal mechanism of counteraction to cybercrime have been offered, namely: the general, organizational and preventive ones. The expediency of international cooperation in the development of global strategies and other measures to combat cybercrime has been emphasized.
... Cybercrime negatively affects the country's economy and reputation. Srivastava et al. have grouped the frequency of cybercrime originating in a country into three categories, namely: economic capital, technological capital and cybersecurity [34]. According to their research, economic and technological capitals are the main factors influencing the frequency of cybercrime in the country. ...
Article
Full-text available
Cybercrime threatens the national security of different countries around the world. The growth of cyberattacks destabilizes the international order and disrupts the normal functioning of international relations. The purpose of the academic paper is to analyze the causes and economic consequences of the level of cybercrime in the world and to identify modern legal arrangements to combat cybercrime. In order to achieve the purpose outlined, the following methods have been used, namely: the method of comparison, analysis, element-theoretical method, method of generalization and analogy. It has been established that the level of cybercrime in the world and the economic consequences of its impact tend to increase. It is estimated that in 2020 the total cost of cybercrime and cybersecurity will exceed one trillion US dollars, which is more than 1% of world gross domestic product. The reasons have been determined why the number of cybercrimes are increasing (electronization and computerization of most industries, public sector; low level of operational cooperation; inconsistency of legal policy with the realities of cybercrime; development of cyber-attack mechanism; modernization of cybercrime; obstacles to international cooperation and so forth). The cause and effect interrelationship between the level of cybercrime, cybersecurity and legal methods of counteraction in different countries of the world has been proven. Three interrelated ways of the legal mechanism of counteraction to cybercrime have been offered, namely: the general, organizational and preventive ones. The expediency of international cooperation in the development of global strategies and other measures to combat cybercrime has been emphasized.
Article
The rapid expansion of internet activities in daily life has elevated cyberattacks to a significant global threat. As a result, protecting the networks and systems of industries, organizations, and individuals against cybercrimes has become an increasingly critical challenge. This monograph provides a comprehensive review and analysis of national, international, and industry regulations on cybercrimes. It presents empirical evidence of the effectiveness of these regulatory measures and their impacts at the national, organizational, and individual levels. We also examine the challenges posed by emerging technologies to these regulations. Finally, the monograph identifies limitations in the current regulatory framework and proposes future directions to enhance the cybersecurity ecosystem.
Article
Full-text available
Background: As the worldwide community becomes increasingly linked via digital platforms, the rise in social media crimes brings unprecedented problems to the global legal environment. Traditional international law frameworks were often based on physical limits and tangible contacts, rendering them less able to manage the virtual and borderless character of these new types of wrongdoing. Objective: This article aims to identify places where present legal conceptions may need to be revised or misaligned by illuminating the gaps and conflicts between social media-related crimes and international law principles. Methods: Using a qualitative review of landmark cases, international treaties, and conventions, this study examines the compatibility of international legal instruments with the distinctive features of crimes committed via social media platforms. Results: The results show that the complexities of social media crimes regularly call into question numerous significant concepts of international law, such as jurisdiction, sovereignty, and non-interference. Furthermore, the need for a global definition and identification of some cybercrimes exacerbates discrepancies and uncertainty in international legal responses. Conclusion: International legal frameworks must be reassessed and restructured to address social media crimes. This might lead to more effective and coordinated global cybersecurity solutions in the digital age.
Chapter
Many consider the internet a safe environment for sharing information and performing online transactions. However, they are unaware of the cyberattacks that occur in the cyber environment. People are vulnerable to cyberattacks such as stealing of data and identity theft that cause financial loss and mental distress. Thus, cybersecurity that protects computer systems is considered vital to combat cyberattacks. This chapter aims to review strategies that can combat cyberattacks systematically. The results of this chapter showed an overview of the reviewed literature about authorship, geographical distribution of the studies, applied methods, types of respondents involved, types of strategies used to combat cyberattacks, and main study findings. Twenty-one studies met the authors' inclusion criteria. The findings highlighted that good governance, strategic partnership, perceived threat, coping appraisal, perceived cultural values, attitude, and technology efficacy are the strategies adopted by organisations and individuals to combat cyberattacks.
Chapter
Contemporary cyberdefense is too slow, it lacks foresight, and it is often ineffective. This introductory chapter explains these problems and proposes how the contributions in this volume can help to overcome them.
Article
Full-text available
p>The cybercrime cases across the country are remaining high. It caused the government decided to create the cybercrime law, including the Indonesian government. The first cybercrime law that created by Indonesian government is the Electronic and Transactions Law (EIT Law) of 2008, and revised in 2016. This paper then provides more comprehensive explanation regarding EIT Law, starting from its creation, substances, enforcement, and even its strengths and weaknesses. By using literature review method, the authors have been conducted research from the previous studies on related topic. Before entering the main discussions, this paper also explains the cybercrime law and policy in Indonesia’s neighboring countries. After that, EIT Law is explained comprehensively. The result shows that background of the creation of EIT Law is the technology and the Internet development that can threaten the Indonesia’s national interests. This law then categorize the types of cybercrime that prohibited in Indonesia. The jurisdiction, the investigation process, and the punishment to cyber criminals also regulated in that law. Furthermore, this paper also explains the strengths and weaknesses of EIT Law. The strengths of EIT Law can be seen in the complexity of the articles that contain within it. Nevertheless, the implementation of this law is still not effective. This is because there are several issues that have to corrected, such as the ambiguity of article contents, lack of cybercrime awareness among the law enforcement officers, difficulties to provide electronic devices, and lack of cyber facilities or infrastructure. Keywords: Cybercrime, Cyberspace, EIT Law, National interest, Technology and internet development</p
Article
Full-text available
The development and progress of science and technology lead to the emergence of cybercrime. One form of cybercrime is carding. Carding is a crime of using or stealing other people's credit cards through cyberspace. This paper discusses the process of criminal law enforcement against carding crimes based on current positive law and future carding crime prevention policies in terms of the political perspective of criminal law. The method used was a normative juridical research method. The discussion shows that criminal law enforcement efforts against carding crimes have been regulated through the Law on Information and Electronic Transactions, but these arrangements cannot overcome carding crimes in Indonesia, so there is a need for a formulation policy that specifically regulates carding crimes. The policy of dealing with carding crime in the future is reviewed from the perspective of criminal law politics, namely through penal and non-penal efforts. Efforts should be made to socialize cyber law for the people of Indonesia that can support the use of credit cards as a means of payment in online transactions in a responsible manner and have a strong legal basis.
Article
This paper deals with the issue of IT productivity paradox and examines the influence of IT capital and IT institution on the national innovation productivity. Applying North’s neo-institutional economics, Hayek’s model of the mind, and Bandura’s explanation of learning we try to understand this relationship through the cognitive path dependence model. We perform our analysis using a data set of 137 countries and apply Partial Least Square (PLS) technique of Structural Equation Modeling (SEM); our finding suggests existence of strong IT institutions as an essential step to capitalize IT investments to national innovation productivity. The IT institutions of the nation fully mediate the relationship between IT capital and national innovation productivity. The study demonstrates a cognitive perspective to the subject of IT & development and brings about policy recommendation for diverse national scenarios.
Article
Full-text available
Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated 'Chief Information Security Officer' to coordinate the operational aspects of the organization’s information security. Part of this role is in planning investment responses to information security threats against the firm's corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm's information system over the period January 2003 – February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.
Chapter
Full-text available
This chapter illustrates the understanding of cybercrime, recent trends in cybercrime, and the measures by which these cybercrimes can be eliminated to a considerable extent. The authors discuss various emerging cybercrime techniques, including steganography, next-generation malwares, next-generation ransom wares, social engineering attacks, and attacks using machine learning and IoT devices. Chapter 11 concludes that lack of regulations dealing specifically with e-waste is
Article
Full-text available
Firms should disclose information on material cyber-attacks. However, because managers have incentives to withhold negative information, and investors cannot discover most cyber-attacks independently, firms may underreport them. Using data on cyber-attacks that firms voluntarily disclosed, and those that were withheld and later discovered by sources outside the firm, we estimate the extent to which firms withhold information on cyber-attacks. We find withheld cyber-attacks are associated with a decline of approximately 3.6% in equity values in the month the attack is discovered, and disclosed attacks with a substantially lower decline of 0.7%. The evidence is consistent with managers not disclosing negative information below a certain threshold and withholding information on the more severe attacks. Using the market reactions to withheld and disclosed attacks, we estimate that managers disclose information on cyber-attacks when investors already suspect a high likelihood (40%) of an attack.
Article
Full-text available
Cybersecurity is one of the most important concepts of cyberworld which provides protection to the cyberspace from various types of cybercrimes. This paper provides an updated survey of cybersecurity. We conduct the survey of security of recent prominent researches and categorize the recent incidents in context to various fundamental principles of cybersecurity. We have proposed a new taxonomy of cybercrime which can cover all types of cyberattacks. We have analyzed various cyberattacks as per the updated cybercrime taxonomy to identify the challenges in the field of cybersecurity and highlight various research directions as future work in this field.
Article
Full-text available
The article outlines the need to identify appropriate explanations for various acts of deviant behaviour, mental illness and violent reactions in Romanian contemporary society which is facing a crisis of values and character. The objective of the article is to provide empirical evidence and raise awareness regarding the relationship between crime and socioeconomic factors in Romania over the period 1990–2014, based on statistics for testing co-integration theory and causal relationships. Specifically, the proposed analysis intends to capture the complexity of socioeconomic pressures on individuals and to clarify the ways in which the vitiation of modern society represents a manifestation of implemented economic mechanisms. By using data related to income, unemployment, inflation, inequality, development, education and population density as socioeconomic factors and also data on crime divided by region and type, the article supports the hypothesis of significant causality between socioeconomic factors and crime. Two directions can be considered for revealing the general result of the proposed analysis: one is that an increase in income inequality has a strong and robust effect regarding crime rates rising, and the second reveals that the place of residence is essential, the urban agglomeration being a generating factor for crime.
Article
Full-text available
An important role carried out by cyber-security experts is the assessment of proposed computer systems, during their design stage. This task is fraught with difficulties and uncertainty, making the knowledge provided by human experts essential for successful assessment. Today, the increasing number of progressively complex systems has led to an urgent need to produce tools that support the expert-led process of system-security assessment. In this research, we use Weighted Averages (WAs) and Ordered Weighted Averages (OWAs) with Evolutionary Algorithms (EAs) to create aggregation operators that model parts of the assessment process. We show how individual overall ratings for security components can be produced from ratings of their characteristics, and how these individual overall ratings can be aggregated to produce overall rankings of potential attacks on a system. As well as the identification of salient attacks and weak points in a prospective system, the proposed method also highlights which factors and security components contribute most to a component's difficulty and attack ranking respectively. A real world scenario is used in which experts were asked to rank a set of technical attacks, and to answer a series of questions about the security components that are the subject of the attacks. The work shows how finding good aggregation operators, and identifying important components and factors of a cyber-security problem can be automated. The resulting operators have the potential for use as decision aids for systems designers and cyber-security experts, increasing the amount of assessment that can be achieved with the limited resources available.
Article
Full-text available
This article aims to establish the particularities of cybercrime in Nigeria and whether these suggest problems with prevailing taxonomies of cybercrime. Nigeria is representative of the Sub-Saharan region, and an exemplary cultural context to illustrate the importance of incorporating social and contextual factors into cybercrime classifications. This paper anchors upon a basic principle of categorisation alongside motivational theories, to offer a tripartite conceptual framework for grouping cybercrime nexus. It argues that cybercrimes are motivated by three possible factors: socioeconomic, psychosocial and geopolitical. Whilst this contribution challenges the statistics relied on to inform the prevalence of cybercrime perpetrators across nations, it provides new ways of making sense of the voluminous variances of cybercrime. Concomitantly, it enables a clearer conceptualisation of cybercrime in Nigeria and elsewhere, because jurisdictional cultures and nuances apply online as they do offline.
Article
Full-text available
Given the limited resources and capabilities of states to maintain cyber security, a variety of co-production efforts have been made by individuals, or by collectives of varying degrees of organization and coordination. This article identifies different forms of citizen coproduction of cyber security and notes the risk of unintended consequences. Safeguards and principles are proposed in order to facilitate constructive citizen/netizen co-production of cyber security. Although co-production of security can contribute to social control, only those activities within the bounds of the law should be encouraged. Activities of private citizens/netizens that test the limits of legality should be closely circumscribed.
Article
Full-text available
This study presents a modified Unified Theory of Acceptance and Use of Technology (UTAUT) to examine keyfactors that affect the intention to accept and the subsequent use of mobile commerce (M-commerce) amongJordanian consumers. A survey questionnaire was used to collect data from 447 undergraduate universitystudents using a stratified random sample, and analyzed by using a structural equation modeling (SEM); byusing the WarpPLS 3.0 software. Results show that user acceptance and use of Mobile commerce services canbe predicted from the users’ behavioral intentions, which are affected significantly by Performance Expectancy,Effort Expectancy, and Social Influence. From among these variables, Social Influence is the most significantdeterminant that directly affects behavioral intention to use M-commerce services in Jordan followed by EffortExpectancy then Performance Expectancy. Facilitating Conditions and moderating variables (gender, age,monthly expense, and experience) have no significant effect on Behavioral Intention to use M-commerceservices in Jordan.Ultimately, this study finds that there is a direct effect between behavioral intention and the eventual use ofM-commerce services in Jordan. This research should help merchandisers avoid spending thousands or evenmillions of dollars that may on investments that will have little effect on whether or not the consumer willactually accept and use M-commerce. The study also gives quantified indicators and presents a model that mighthelp in understanding the M-commerce environment in Jordan. It concludes with an examination of theimplications of the research findings and offers suggestions for future research.
Article
Full-text available
Information technology has dramatically increased online business opportunities; however these opportunities have also created serious risks in relation to information security. Previously, information security issues were studied in a technological context, but growing security needs have extended researchers' attention to explore the management role in information security management. Various studies have explored different management roles and activities, but none has given a comprehensive picture of these roles and activities to manage information security effectively. So it is necessary to accumulate knowledge about various managerial roles and activities from literature to enable managers to adopt these for a more holistic approach to information security management. In this paper, using a systematic literature review approach, we synthesised literature related to management's roles in information security to explore specific managerial activities to enhance information security management. We found that numerous activities of management, particularly development and execution of information security policy, awareness, compliance training, development of effective enterprise information architecture, IT infrastructure management, business and IT alignment and human resources management, had a significant impact on the quality of management of information security. Thus, this research makes a novel contribution by arguing that a more holistic approach to information security is needed and we suggest the ways in which managers can play an effective role in information security. This research also opens up many new avenues for further research in this area.
Article
Full-text available
The fight against botnets has been going on for more than a decade, but they still impose significant costs. ISPs have become increasingly central to the effort, as they can undertake mitigation more economically and efficiently than end users. A study evaluates the role and performance of ISPs in botnet mitigation across 60 countries.
Article
Full-text available
Our case analysis presents and identifies significant and systemic shortcomings of the incident response practices of an Australian financial organization. Organizational Incident Response Teams accumulate considerable experience in addressing information security failures and attacks. Their first-hand experiences provide organizations with a unique opportunity to draw security lessons and insights towards improving enterprise-wide security management processes. However, previous research shows a distinct lack of communication and collaboration between the functions of incident response and security management, suggesting organizations are not learning from their incident experiences. We subsequently propose a number of lessons learned and a novel security-learning model.
Article
Full-text available
Spam is a vector for cybercrime and commonly legally prohibited. Why do certain national jurisdictions produce a higher percentage of spam than others despite its prohibition? Why do some countries have a higher percentage of systems acting as spambots compared to other countries? We begin to answer there questions by conducting a cross-country empirical analysis of economic factors that correlate with the prevalence of spam and associated botnets. The economic factors under consideration are grounded in traditional theories of crime offline, as well as prior research in security economics. We found that more than 50% of spam can be attributed to having originated from merely seven countries, indicating that deterrence through policy is both feasible and economically rational. As expected, higher Internet adoption is correlated with higher percentage of spam from a country. Counterintuitively, Internet adoption is also positively correlated with the percentage of infected machines.
Article
Full-text available
Using a sample of college students, we apply the general theory of crime and the lifestyle/routine activities framework to assess the effects of individual and situational factors on seven types of cybercrime victimization. The results indicate that neither individual nor situational characteristics consistently impacted the likelihood of being victimized in cyberspace. Self-control was significantly related to only two of the seven types of cybercrime victimizations and although five of the coefficients in the routine activity models were significant, all but one of these significant effects were in the opposite direction to that expected from the theory. At the very least, it would appear that other theoretical frameworks should be appealed to in order to explain victimization in cyberspace.
Article
Full-text available
We discuss approaches to the assessment of vulnerability to climate variability and change and attempt to clarify the relationship between the concepts of vulnerability and adaptation. In search of a robust, policy-relevant framework, we define vulnerability in terms of the capacity of individuals and social groups to respond to, that is, to cope with, recover from or adapt to, any external stress placed on their livelihoods and well-being. The approach that we develop places the social and economic well-being of society at the centre of the analysis, focussing on the socio-economic and institutional constraints that limit the capacity to respond. From this perspective, the vulnerability or security of any group is determined by resource availability and by the entitlement of individuals and groups to call on these resources. We illustrate the application of this approach through the results of field research in coastal Vietnam, highlighting shifting patterns of vulnerability to tropical storm impacts at the household- and community-level in response to the current process of economic renovation and drawing conclusions concerning means of supporting the adaptive response to climate stress. Four priorities for action are identified that would improve the situation of the most exposed members of many communities: poverty reduction; risk-spreading through income diversification; respecting common property management rights; and promoting collective security. A sustainable response, we argue, must also address the underlying causes of social vulnerability, including the inequitable distribution of resources.
Article
Full-text available
This paper puts forward a multi-level model, based on system dynamics methodology, to understand the impact of cyber crime on the financial sector. Consistent with recent findings, our results show that strong dynamic relationships, amongst tangible and intangible factors, affect cyber crime cost and occur at different levels of society and value network. Specifically, shifts in financial companies’ strategic priorities, having the protection of customer trust and loyalty as a key objective, together with considerations related to market positioning vis-à-vis competitors are important factors in determining the cost of cyber crime. Most of these costs are not driven by the number of cyber crime incidents experienced by financial companies but rather by the way financial companies choose to go about in protecting their business interests and market positioning in the presence of cyber crime. Financial companies’ strategic behaviour as response to cyber crime, especially in regard to over-spending on defence measures and chronic under-reporting, has also an important consequence at overall sector and society levels, potentially driving the cost of cyber crime even further upwards. Unwanted consequences, such as weak policing, weak international frameworks for tackling cyber attacks and increases in the jurisdictional arbitrage opportunities for cyber criminals can all increase the cost of cyber crime, while inhibiting integrated and effective measures to address the problem.
Article
Full-text available
oblem: Partial Least Squares (PLS), a form of structural equation modeling (SEM), can provide much value for causal inquiry in communication-related and behavioral research fields. Despite the wide availability of technical information on PLS, many behavioral and communication researchers often do not use PLS in situations in which it could provide unique theoretical insights. Moreover, complex models comprising formative (causal) and reflective (consequent) constructs are now common in behavioral research, but they are often mis-specified in statistical models, resulting in erroneous tests. Key concepts: First-generation techniques, such as correlations, regressions, or difference of means tests (e.g., ANOVA or t-tests), offer limited modeling capabilities, particularly in terms of causal modeling. In contrast, second-generation techniques (i.e., covariance-based SEM or PLS) offer extensive, scalable, and flexible causal-modeling capabilities. Second-generation techniques do not invalidate the need for first-generation techniques, however. The key point of second-generation techniques is that they are superior for the complex causal modeling that dominates recent communication and behavioral research. Key lessons: For exploratory work, or for studies that include formative constructs, PLS should be selected. For confirmatory work, either covariance-based SEM or PLS may be used. Despite claims that lower sampling requirements exist for PLS, inadequate sample sizes result in the same problems for either technique. Implications: SEM’s strength is in modeling. In particular, SEM allows for complex models that include latent (unobserved) variables, formative variables, chains of effects (mediation), and multiple group comparisons of these more complex relationships.
Article
It is a popular belief that humans are the weakest link in cyber-security. However, there has been little research devoted to why people do (or do not) protect themselves and what explains their behaviors. Instead, more attention has been paid to victimization and prevalence of cybercrime. Therefore, we investigate and compare the motivations to protect oneself against scams, malware and cybercrime in general using an adjusted model of the protection motivation theory (PMT), which includes subjective norm, threat and coping awareness. To test this model, different structural equation models (SEM) were used and compared, with each focusing on a specific cybercrime. Our non-random (convenience) sample (n = 1181) is representative for age, residence and gender for the [omitted for review] population. The results show the extended PMT model is a good predictive model to explain people's protection against cybercrime. The findings suggest significant differences when protecting oneself against ‘technical’ cybercrimes (malware), compared to more ‘social’ cybercrimes (scams). The differences are situated on the predictive role of coping, threat awareness and perceived vulnerability. Furthermore, we found subjective norm to be an important predictor in the intention toward protecting against all cybercrimes. Recommendations for further research and awareness campaigns are provided in the discussion.
Chapter
Several criminological and psychological theories and their empirical support for explaining cybercrime are reviewed. Social learning theory, self-control theory, and subcultural theories have garnered much empirical attention and support. Lack of moral qualms, association with deviant peers and neutralizations have consistently been associated with a wide range of cyber-offending. From routine activities theory, increased visibility is associated with higher cyber-victimization and cyber-offending across many offenses. Integrating social learning and self-control concepts, research has found that effects of low self-control on cybercrime are mediated through association with deviant peers and beliefs that the behaviors are not morally wrong. Research in the tradition of subcultural theories have discovered the norms underlying memberships in deviant groups of persistent digital pirates, hackers, and regular participants in the online illicit sex trade. Limited research has examined deterrence theory, general strain theory, or differential reinforcements in social learning theory. Future research is needed to integrate the perceived characteristics of cyberspace with the formation of attitudes and beliefs supportive of perpetration of cybercrimes, and to address the dearth of knowledge about the nature of social interactions in cyberspace and how such interactions shape real world interactions.
Article
In recent years there has been an increase in cybercrimes and its negative impacts on the lives of individuals, organizations, and governments. It has been argued that a better understanding of cybercrime is a necessary condition to develop appropriate legal and policy responses to cybercrime. While a universally agreed-upon classification scheme would facilitate the development of such understanding and also collaborations, current classification schemes are insufficient, fragmented and often incompatible since each focuses on different perspectives (e.g., role of the computer, attack, attacker's or defender's viewpoint), or uses varying terminologies to refer to the same thing, making consistent cybercrime classifications improbable. In this paper we present and illustrate a new cybercrime ontology that incorporates multiple perspectives and offers a more holistic viewpoint for cybercrime classification than prior works. It should therefore prove to be a more useful tool for cybercrime stakeholders.
Article
Purpose Cybercrime is a prevalent and serious threat to publicly traded companies. Defending company information systems from cybercrime is one of the most important aspects of technology management. Cybercrime often not only results in stolen assets and lost business but also damages a company’s reputation, which in turn may affect the company’s stock market value. This is a serious concern to company managers, financial analysts, investors and creditors. This paper aims to examine the impact of cybercrime on stock prices of a sample of publicly traded companies. Design/methodology/approach Financial data were gathered on companies that were reported in news stories as victims of cybercrime. The market price of the company’s stock was recorded for several days before the news report and several days after. The percentage change in the stock price was compared to the change in the Dow Jones Industrial average to determine whether the stock price increased or decreased along with the rest of the market. Findings Stock prices were negatively affected in all time periods examined, significantly so in one period. Practical implications This paper describes cases concerning cybercrime, thereby bringing attention to the value of cybersecurity in protecting computers, identity and transactions. Cyber security is necessary to avoid becoming a victim of cybercrime. Specific security improvements and preventive measures are provided within the paper. Preventive measures are generally less costly than repairs after a cybercrime. Originality/value This is an original manuscript that adds to the literature regarding cybercrime and preventive measures.
Article
Over the past several decades, criminological scholarship has increasingly focused on the problem of cybercrime including technology-enabled offending. Theoretical developments that account for these offences have not grown in tandem, leading to questions as to the nature of cybercriminality relative to traditional forms of offending. Recently, Goldsmith and Brewer proposed the conceptual framework of digital drift, extending elements of Matza’s original theories to the virtual environment. While making a useful contribution to the theorization of cybercrime, we argue that further elements of Matza’s original work also warrant consideration. In particular, we acknowledge the role of policing and the criminal justice system in affecting offender perceptions and decision-making. As such, this article extends the theorizing around digital drift to incorporate the ways that offender views are shaped in reaction to the law enforcement and industry responses to cybercrime. The implications of this extension are discussed in depth.
Article
Although the prevalence of cybercrime has increased rapidly, most victims do not report these offenses to the police. This is the first study that compares associations between victim characteristics and crime reporting behavior for traditional crimes versus cybercrimes. Data from four waves of a Dutch cross-sectional population survey are used (N = 97,186 victims). Results show that cybercrimes are among the least reported types of crime. Moreover, the determinants of crime reporting differ between traditional crimes and cybercrimes, between different types of cybercrime (that is, identity theft, consumer fraud, hacking), and between reporting cybercrimes to the police and to other organizations. Implications for future research and practice are discussed.
Article
1. Cybercrime and Cybersecurity in the Global South: Status, Drivers and Trends 2. Technological and Global Forces Shaping Cybercrime and Cybersecurity in the Global South 3. Cybercrime and Cybersecurity in the Former Second World Economies 4. Cybercrime and Cybersecurity in China 5. Cybercrime and Cybersecurity in India 6. Cybercrime and Cybersecurity in the Middle East and North African Economies 7. Cybercrime and Cybersecurity in Latin American and Caribbean Economies 8. Cybercrime and Cybersecurity in Sub-Saharan African Economies 9. Cybercrime and Cybersecurity in the Developing Pacific Island Economies 10. Discussion, Implications and Concluding Remarks
Article
In this paper, we estimate the impact of enforcing the Convention on Cybercrime (COC) on deterring distributed denial of service (DDOS) attacks. Our data set comprises a sample of real, random spoof-source DDOS attacks recorded in 106 countries in 177 days in the period 2004-2008. We find that enforcing the COC decreases DDOS attacks by at least 11.8 percent, but a similar deterrence effect does not exist if the enforcing countries make a reservation on international cooperation. We also find evidence of network and displacement effects in COC enforcement. Our findings imply attackers in cyberspace are rational, motivated by economic incentives, and strategic in choosing attack targets. We draw related implications.
Article
To explore the relationship of information capital and company performance as mediated by business processes, we sought to establish an analytical framework based on knowledge based view for international trade companies to better develop the innovative capacity of holistic thinking processes of domestic trade enterprises. Using structural equation modeling as part of an analytical research framework, we found that information capital can indirectly affect company performance when mediated by business processes, and that information capital is more critical to the trade industry. This finding reveals that adopting and assimilating information systems form an important channel for companies to provide strategic information and use information capital. We highlighted that the improvement of information capital can significantly enhance a company’s competitiveness and that, since business processes play key mediating roles, the timely adjustment of such processes can allow information capital to enhance company performance of the international trade industry.
Article
The statistical tests used in the analysis of structural equation models with unobservable variables and measurement error are examined. A drawback of the commonly applied chi square test, in addition to the known problems related to sample size and power, is that it may indicate an increasing correspondence between the hypothesized model and the observed data as both the measurement properties and the relationship between constructs decline. Further, and contrary to common assertion, the risk of making a Type II error can be substantial even when the sample size is large. Moreover, the present testing methods are unable to assess a model's explanatory power. To overcome these problems, the authors develop and apply a testing system based on measures of shared variance within the structural model, measurement model, and overall model.
Article
The ability to gain unauthorized access to computer systems to engage in espionage and data theft poses a massive threat to individuals worldwide. There has been minimal focus, however, on the role of malicious software, or malware, which can automate this process. This study examined the macro-correlates of malware infection at the national level by using an open repository of known malware infections and utilizing a routine activities framework. Negative inflated binomial models for counts indicated that nations with greater technological infrastructure, more political freedoms, and with less organized crime financial impact were more likely to report malware infections. The number of Computer Emergency Response Teams (CERTs) in a nation was not significantly related with reported malware infection. The implications of the study for the understanding of malware infection, routine activity theory, and target-hardening strategies are discussed.
Article
An important task, the government, particularly law enforcement officers and scientists, faces in the rapid development of information technologies, is to prevent crimes committed with their application. Comprehensive analysis of the criminological characteristics of computer crimes, which is the aim of this study, provides an opportunity to identify the motives of these crimes to determine the most effective ways to eliminate them, as well as to work out the best ways and investigation means of criminal cases in this category. One of the fundamental structural elements of the national security of any state in the period of cyberspace development is to protect all information resources and communication networks against criminal assault. A complete analysis of computer crimes requires the understanding of motivation of illegal intrusion into information systems in order to obtain the information, stored in them, as well as using the opportunities provided by these systems or disabling the whole system or its components. The statement above is confirmed by the global use of computer technologies, information and communication networks.
Article
The purpose of this study is to determine levels of technological proficiency among university students to see if they should be characterized as “digital natives.” For this purpose, rather than using types and frequency of technology use to characterize a digital native, the Digital Native Assessment Scale (DNAS) developed by Teo (2013) was employed. This scale has an established reliability and validity measure. It measures several factors (e.g., grew up with technology, comfortable with multi-tasking, reliant on graphics for communication, thrive on instant gratifications and rewards, etc.) relating to accepted characteristics of a digital native. The participants in the study were 560 university students, 278 of whom were from Turkey and 282 from Kyrgyzstan. The findings indicate that these university students actively used computers and the Internet. The statistical results show that digital natives can be characterized by including their academic year (Freshman, Sophomore, etc.), national culture, and experiences with technology (computers, tablet PCs, and the Internet). The results also indicate that there are no significant differences in the participants' perceptions of themselves as digital natives due to their gender or academic disciplines.
Article
In the last few decades, rational choice theory has emerged as a bedrock theory in the fields of economics, sociology, psychology, and political science. Although rational choice theory has been available to criminologists for many years now, the field has not embraced it as other disciplines have. Moreover, rational choice scholars have fueled this skepticism of the theory's generality by modeling offender decision making that is one-sided—large on the costs of crime (sanction threats), short on the benefits of crime. In this article, we directly assess the generality of rational choice theory by examining a fully specified model in a population that is often presumed to be less rational—adolescents from lower socioeconomic families who commit both instrumental (property) and expressive crimes (violence/drugs). By using a panel of N = 1,354 individuals, we find that offending behavior is consistent with rational responses to changes in the perceived costs and benefits of crime even after eliminating fixed unobserved heterogeneity and other time-varying confounders, and these results are robust across different subgroups. The findings support our argument that rational choice theory is a general theory of crime.
Article
Cybercrime and cybersecurity issues in the BRICS countries have important global implications, both politically and economically. All of the fast-growing BRICS economies are members of the Group of Twenty. These economies' cybersecurity frameworks have strong similarities and striking differences. This editorial provides a comparison of BRICS economies' approaches to cybersecurity.
Article
Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of protection for a company's information assets and for the company as a whole. One of the best ways to address information security problems in the corporate world is through a risk-based approach. In this paper, we present a taxonomy of security risk assessment drawn from 125 papers published from 1995 to May 2014. Organizations with different size may face problems in selecting suitable risk assessment methods that satisfy their needs. Although many risk-based approaches have been proposed, most of them are based on the old taxonomy, avoiding the need for considering and applying the important criteria in assessing risk raised by rapidly changing technologies and the attackers knowledge level. In this paper, we discuss the key features of risk assessment that should be included in an information security management system. We believe that our new risk assessment taxonomy helps organizations to not only understand the risk assessment better by comparing different new concepts but also select a suitable way to conduct the risk assessment properly. Moreover, this taxonomy will open up interesting avenues for future research in the growing field of security risk assessment.
Article
Cybercrime has been the focus of public attention during the last decade. However, within the criminological field, no prior research initiatives have been launched in an effort to better understand this phenomenon using computer network data. Addressing this challenge, we employ the classical routine-activities and lifestyle perspective to raise hypotheses regarding the trends and origin of computer-focused crime incidents (i.e. computer exploits, port scans, and Denial of Service (DoS) attacks) against a large university computer network. We first propose that computer-focused crimes against a university network are determined by the university users’ daily activity patterns. In addition, we hypothesize that the social composition of the network users determines the origin of computer attacks against the university network. We use data recorded between the years 2007 and 2009 by an Intrusion Prevention System (IPS) to test these claims. Consistently with our theoretical expectations, two important findings emerge. First, computer attacks are more likely to occur during university official business hours. Second, an increase in the number of foreign network users substantially increases the number of computer-focused crimes originating from Internet Protocol (IP) addresses linked with these users’ countries of origin. Future directions for subsequent studies are discussed.
Article
The purpose of this study was to determine whether proactive criminal thinking mediated the relationship between peer delinquency and future serious offending better than peer delinquency mediated the relationship between proactive criminal thinking and future serious offending. Participants in this study were 1,027 ten- to eighteen-year-old British youth (458 boys, 569 girls) from the four-wave Offending, Crime and Justice Survey (OCJS). Prior delinquency was controlled by confining the sample to individuals who denied pre-existing delinquency involvement. In line with the main hypothesis, the peer delinquency → proactive criminal thinking → serious offending path achieved a significantly stronger effect than the proactive criminal thinking → peer delinquency → serious offending path. These findings provide support for a synthesis of social learning and criminal thinking theories in which peer delinquency helps shape proactive criminal thinking, and proactive criminal thinking effectively mediates the relationship between peer delinquency and serious offending.
Article
The world increasingly depends on archives to store digital documents, such as land registers and medical records, for long periods of time. For stored documents to remain trustworthy, archives must provide proofs that a document existed on a certain date and has not been changed since. In addition, in many cases, the origin of the document must be verifiable and the originator must not be able to repudiate that she is the originator. In this paper, we survey the solutions that provide the above protection goals in the long term. We analyze and compare the solutions with respect to their functionalities (which protection goals do they achieve?), the trust assumptions they require, and their performance. From this analysis and comparison, we deduce deficiencies of the current solutions and important research problems that must be solved in order to come up with protection solutions that are even more satisfactory.
Article
We develop and estimate a vector equation system of threats to ten important IP services, using SANS-reported data over the period January 2003 to February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the un-derlying risk to their systems' defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.
Article
Whether carried out by individuals or states, cyberattacks are both growing in number and becoming more sophisticated. Since the attack on Estonian cyber infrastructure in 2007, many other examples of massive attacks have been reported. The use of spyware and malware—such as with Stuxnet, DuQu or Flames—to disrupt critical infrastructure has made headlines, questioning the ability of governments and private actors to respond to cyber threats. A broad array of potential threats poses a substantial challenge to existing governance structures, which are often behind the curve in comparison with the dynamically evolving cyberspace. Using existing literature and recent foresight studies, the article analyses the trends in the governance of cyberspace and their implications for governments and global regulatory regimes.
Article
Piracy adversely affects online music sales. This article aims to investigate the factors that affect global music piracy directly and electronic business indirectly. These factors can be grouped into three categories: economic, legal/regulatory, and technological. On analyzing data from 68 countries, a country’s economic status and regulatory status emerge as the primary factors affecting music piracy. Technology indirectly affects music piracy by acting as a mediator between a nation’s economic status and the music piracy rate. Hence, a nation can reduce its music piracy rate and enhance e-business by devising stricter laws to safeguard intellectual property, punishing violations of information and communication technology related laws more strictly, allowing more free trade with other countries, inspiring attitudinal changes about inappropriate copying behavior through awareness campaigns, and encouraging increased and secure broadband usage.