Cybercrime and You: How Criminals Attack and the Human Factors That They Seek to Exploit

Nurse, Jason R. C.

doi:10.1093/oxfordhb/9780198812746.013.35

Cited by 56 publications

(56 citation statements)

References 26 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We will also include cybersecurity training on the areas of cyber-risk identified from the SME's assessments; this would increase applicability and potentially effectiveness [49,25]. In the interest of keeping updated, there could also be activities pertaining to current cybercrimes and the factors that criminals seek to exploit [38]. Any risks discovered through assessments or based on current attacks could be addressed through the development of plans with a special emphasis on cybersecurity education, awareness and training (e.g., support via internal programme and third-party resources and services) and for the SME's specific mission, user and organisational context.…”

Section: Towards a Cybersecurity Awareness Programme For Smes/smbsmentioning

confidence: 99%

Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs)

Bada

Nurse

2019

ICS

View full text Add to dashboard Cite

Purpose -An essential component of an organisation's cybersecurity strategy is building awareness and education of online threats, and how to protect corporate data and services. This research article focuses on this topic and proposes a high-level programme for cybersecurity education and awareness to be used when targeting Small-to-Medium-sized Enterprises/Businesses (SMEs/SMBs) at a city-level. We ground this programme in existing research as well as unique insight into an ongoing city-based project with similar aims. Design/methodology/approach -To structure our work, we begin by conducting a scoping review of the literature in cybersecurity education and awareness, particularly for SMEs/SMBs. This theoretical analysis is then complemented by using a case study and reflecting on an ongoing, innovative programme that seeks to work with these businesses to significantly enhance their security posture. From these analyses, we extract best practice and important lessons/recommendations to produce a high-level programme for cybersecurity education and awareness. Findings -We find that whilst literature can be informative at guiding education and awareness programmes, it may not always reach real-world programmes. On the other hand, existing programmes, such as the one we explored, have great potential but there can also be room for improvement. Knowledge from each of these areas can, and should, be combined to the benefit of the academic and practitioner communities. Originality/value -The study contributes to current research through the outline of a high-level programme for cybersecurity education and awareness targeting SMEs/SMBs. Through this research, we engage in a reflection of literature in this space, and present insights into the advances and challenges faced by an on-going programme. These analyses allow us to craft a proposal for a core programme that can assist in improving the security education, awareness and training that targets SMEs/SMBs.

show abstract

Section: Towards a Cybersecurity Awareness Programme For Smes/smbsmentioning

confidence: 99%

Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs)

Bada

Nurse

2019

ICS

View full text Add to dashboard Cite

show abstract

“…This factor affects our discussions on impacts as the consequence of some online actions or activities may not be fully tangible to people in the offline world. This has also been discussed in other areas as it relates to cybercrime (Nurse, 2018).…”

Section: The Online Disinhibition Effectmentioning

confidence: 99%

“…In January 2017, the Lloyds Banking Group and other banks in the UK fell victim to a denial-of-service (DoS) attack that persisted over a two-day period. DoS describes an attack where systems are bombarded with illegitimate data or requests, and therefore become unable to respond to legitimate requests (e.g., for a webpage or service access) in a timely manner (Nurse, 2018). In this instance, the financial institutions were attacked by a distributed DoS (DDoS) in which the illegitimate requests originated from multiple, dynamically changing locations.…”

Section: Lloyds Banking Group Denial-of-service (Dos) Attack In 2017mentioning

confidence: 99%

“…Cyberattacks are defined here as events which aim to compromise the integrity, confidentiality or availability of a system (technical or socio-technical). These attacks range from hacking and denial-of-services (DoS), to ransomware and spyware infections, and can affect everyone from the public to the critical national infrastructure of a country (Nurse, 2018). In this article, we will examine this topic of cyber-attacks from more of a social To be published in: Benson & McAlaney (2019/20) Emerging Cyber Threats and Cognitive Vulnerabilities, Academic Press and behavioral science perspective, with the aim of exploring the social and psychological factors and impacts associated with these attacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

The social and psychological impact of cyberattacks

Bada¹,

Nurse²

2020

Emerging Cyber Threats and Cognitive Vulnerabilities

View full text Add to dashboard Cite

Cyber-attacks have become as commonplace as the Internet itself. Each year, industry reports, media outlets and academic articles highlight this increased prevalence, spanning both the amount and variety of attacks and cybercrimes. In this article, we seek to further advance discussions on cyber threats, cognitive vulnerabilities and cyberpsychology through a critical reflection on the social and psychological aspects related to cyberattacks. In particular, we are interested in understanding how members of the public perceive and engage with risk and how they are impacted during and after a cyber-attack has occurred. This research focuses on key cognitive issues relevant to comprehending public reactions to malicious cyber events including risk perception, protection motivation, culture, and attacker characteristics (e.g., attacker identity, target identity and scale of attack). To consider the applicability of our findings, we investigate two significant cyber-attacks over the last few years, namely the WannaCry attack of 2017 and the Lloyds Banking Group attack in the same year.

show abstract

“…In cases of mistrust, members of groups can be doxxed, such as the true identities of the members of the LulzSec gang that were made public, which ultimately led to the FBI arresting LulzSec leader Hector "Sabu" Monsegur [2]. The interested reader is referred to the previous chapter for further information on doxxing and other common cybercrimes [64]. The Darkode forum, which had between 250-300 members, is another interesting case that operated very carefully and was very exclusive.…”

Section: Trust As a Factor For Cybercriminal Group Formationmentioning

confidence: 99%

The Group Element of Cybercrime: Types, Dynamics, and Criminal Operations

Nurse¹,

Bada²

2018

The Oxford Handbook of Cyberpsychology

Self Cite

View full text Add to dashboard Cite

While cybercrime can often be an individual activity pursued by lone hackers, it has increasingly grown into a group activity, with networks across the world. This chapter critically examines the group element of cybercrime from several perspectives. It identifies the platforms that online groupscybercriminal and otherwiseuse to interact, and considers groups as both perpetrators and victims of cybercrime. A key novelty is the discovery of new types of online groups whose collective actions border on criminality. The chapter also analyzes how online cybercrime groups form, organize, and operate. It explores issues such as trust, motives, and means, and draws on several poignant examples, from Anonymous to LulzSec, to illustrate the arguments.

show abstract

Cybercrime and You: How Criminals Attack and the Human Factors That They Seek to Exploit

Cited by 56 publications

References 26 publications

Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs)

Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs)

The social and psychological impact of cyberattacks

The Group Element of Cybercrime: Types, Dynamics, and Criminal Operations

Contact Info

Product

Resources

About