Category Archives: Cybercrime

Cybercrime

Cybercrime Trends: an Exploration of Ad-Fraudsters Communities

Leave a comment

Cybercrime Trends: an Exploration of Ad-Fraudsters Communities

Jean-Loup Richet, IAE de Paris (Sorbonne Business School)

Abstract/ highlights of the paper

• This is one of the first studies documenting the way ad-fraud communities innovate and create value for their criminal customers.
• A multimethod approach was applied for data collection, integrating qualitative and quantitative assessment of six cybercriminal communities.
• Specialized ad-fraud communities provided a wealth of knowledge and incremental innovations in ad-frauds.
• General and customer-oriented ad-fraud communities showcased the most internal interactions, as well as exhibiting better performance and growth.
• General and customer-oriented ad-fraud communities have developed specific capabilities, focusing on innovation through artificial intelligence, which fuels customer engagement and fosters (criminal) attractiveness.

Reference

Richet, J.-L. 2022. “How Cybercriminal Communities Grow and Change: An Investigation of Ad-Fraud Communities,” Technological Forecasting and Social Change (174), p. 121282.  https://doi.org/10.1016/j.techfore.2021….)

Cybercrime Trends V2

Cybercrime

Developing a cybersecurity culture to influence employee behavior

Leave a comment

Developing a cybersecurity culture to influence employee behavior

Jean-Loup Richet, IAE de Paris (Sorbonne Business School)

 

In our increasingly connected world, cybersecurity has become a critical concern for individuals, businesses, and governments alike. With the ever-growing threat of cyberattacks, it is more important than ever to raise awareness of cybersecurity risks and best practices. By promoting cybersecurity awareness, we can help protect ourselves and our data from malicious actors (Richet, 2021). Cybersecurity awareness helps to educate individuals about the dangers of cybercrime and the importance of taking steps to protect themselves online… But also to comply with organizational rules and deter them from deviant behaviors!

When it comes to deterring employee deviant behavior in information security, sanctions are one of the most commonly used methods. Organizations have long used sanctions as a way to deter employees from committing fraud. Sanctions can range from financial penalties to termination of employment.

However, research on this topic has been mixed, with some studies showing that sanctions are effective and others indicating that they are not. Trang & Brendel (2019) take a closer look at the role of sanctions in deterring employee deviant behavior and explore how contextual and methodological moderators can impact this deterrence approach. Their findings suggest that while sanctions have an overall effect on deviant behavior, their effectiveness depends on the context in which they are implemented and the methodology used to study them. In particular, they find that deterrence theory is more likely to predict deviant behavior in malicious contexts, cultures with a high degree of power distance, and cultures with high uncertainty avoidance. By understanding the moderating effect of these contextual and methodological factors, organizations can better design sanction mechanisms that are tailored to their specific needs and objectives.

There is a growing body of evidence that suggests organizations with strong cybersecurity cultures are better equipped to manage cyber risks, to protect their data and systems, but also to manage employee deviant behaviors. Practitioner research (IBM, 2021) found that organizations with a security-conscious culture are three times more likely to have comprehensive security programs in place and four times less likely to experience a data breach originating from an insider.

While the benefits of a strong cybersecurity culture are clear, developing such a culture is no easy task. Alshaikh (2020) identify and explain five key initiatives that three Australian organizations have implemented to improve their respective cyber security cultures. The five key initiatives are: identifying key cyber security behaviors, establishing a ‘cyber security champion’ network, developing a brand for the cyber team, building a cyber security hub, and aligning security awareness activities with internal and external campaigns. These key initiatives have helped organizations exceed minimal standards-compliance to create functional cyber security cultures. Organizations looking to improve their cybersecurity culture should consider implementing some or all of these five key initiatives. By doing so, they will be better positioned to manage cyber risks and protect their data and systems. It will also help them to create a culture of security within organizations, making it more likely that employees will report suspicious activity, take precautions to prevent attacks, and comply with information security policy. In addition, raising awareness of cybersecurity issues can help to better inform policymakers as they work to enact laws and regulations to promote cybersecurity and protect our interconnected world.

References:

Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003.

IBM. (2021). Cyber Resilient Organization Study 2021. Retrieved from: https://www.ibm.com/resources/guides/cyb…

Richet, J.L. (2021). Trends in Cybercrime: Cases the Banking Sector. BPI France, Jun 2021, Paris, France. 2021.

Trang, S., & Brendel, B. (2019). A meta-analysis of deterrence theory in information security policy compliance research. Information Systems Frontiers, 21(6), 1265-1284.

Developing a cybersecurity culture to influence employee behavior

Blog report, Cybercrime, Viewpoints

How is Cybercrime Evolving? (editorial)

1 Comment

How is Cybercrime Evolving? (editorial)

Jean-Loup Richet, Sorbonne Business School (IAE de Paris)

Abstract

Firms spend enormous resources on digital advertising and promoting their brand online. In the meantime, ad-fraud undertaken by cybercriminals cost $42 billion in 2019 and could reach $100 billion by 2023. However, while digital advertisers continue to wrestle with how to effectively counteract ad-fraud, the topic of advertising fraud itself has received little academic attention. Here, we investigate this gap between practice and research through an exploration of ad-fraud communities. Our research implemented a multimethod approach for data collection in a longitudinal (18 months, October 2017 to April 2019) online investigation of this phenomenon. Integrating qualitative and quantitative analysis, we examined (1) internal interactions within ad-fraud communities and (2) ad-fraud communities’ performance and growth. Our online investigation extends our conceptual understanding of ad-fraud and explains how ad-fraud communities innovate. Our findings indicate that capabilities enacted by some communities foster requisite variety and enable the coordination of complex, iterative, and incremental dynamics (cocreation of artificial intelligence-based bots, customer involvement, and reinforcing capabilities). This research has both theoretical and practical implications for innovation in cybercriminal communities. Furthermore, we provide practical guidance for policy-makers and advertisers regarding how to improve their response to business threats. Indeed, a better understanding of how ad-fraud communities innovate enables organizations to develop countermeasures and intelligence capabilities.

Highlights

• This is one of the first studies documenting the way ad-fraud communities innovate and create value for their criminal customers.
• A multimethod approach was applied for data collection, integrating qualitative and quantitative assessment of six cybercriminal communities.
• Specialized ad-fraud communities provided a wealth of knowledge and incremental innovations in ad-frauds.
• General and customer-oriented ad-fraud communities showcased the most internal interactions, as well as exhibiting better performance and growth.
• General and customer-oriented ad-fraud communities have developed specific capabilities, focusing on innovation through artificial intelligence, which fuels customer engagement and fosters (criminal) attractiveness.

Reference

Richet, J.-L. 2022. “How Cybercriminal Communities Grow and Change: An Investigation of Ad-Fraud Communities,” Technological Forecasting and Social Change (174), p. 121282.  https://doi.org/10.1016/j.techfore.2021….)

How is Cybercrime Evolving