Yeboah-Ofori, Abel ORCID: https://orcid.org/0000-0001-8055-9274 and Opoku-Boateng, Francisca Afua (2023) Mitigating cybercrimes in an evolving organizational landscape. Continuity & Resilience Review. ISSN 2516-7502
Preview |
PDF
Mitigate Cybercrimes in an Evolving Organizational Landscape - Emerald CRR - UWL Repo.pdf - Accepted Version Available under License Creative Commons Attribution Non-commercial. Download (465kB) | Preview |
Abstract
Purpose – Various organizational landscape has evolved to improve their business processes, increase production speed and reduce the cost of distribution, and has integrated their internet with SMEs and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels, and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft, and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks, and identifies mitigating circumstances to improve security controls in an evolving organizational landscape.
Design/methodology/approach – The approach follows two main cybercrime framework design principles that focus on existing attack detection phases and propose a cyber crime mitigation framework that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models, and validation of framework standards to improve security. The novelty contribution of this paper is threefold: First, we explore the existing threat landscapes, various cybercrimes, models, and the methods that adversaries are deploying on organizations. Secondly, we propose a threat model required for mitigating the risk factors. Finally, we recommend control mechanisms in line with security standards to improve security.
Findings – The results show that cybercrimes can be mitigated using a cyber crime mitigation framework to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape.
Research limitations/implications – The paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing, and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration, and obfuscations.
Practical implications – Attack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence gathering, inadequate attack modelling, and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes.
Social implications – There are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage.
Originality/value – The paper’s originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.
Keywords: Cybercrime, Cyberattack, Mitigations, Cyber threat Landscape, Threat Modelling, Cybercrime Mitigation Framework,
Item Type: | Article |
---|---|
Identifier: | 10.1108/crr-09-2022-0017 |
Additional Information: | Citation Yeboah-Ofori, A. and Opoku-Boateng, F.A. (2023), "Mitigating cybercrimes in an evolving organizational landscape", Continuity & Resilience Review, Vol. ahead-of-print No. ahead-of-print. https://doi.org/10.1108/CRR-09-2022-0017 |
Keywords: | Cybercrime, Cyberattack, Mitigations, Cyber threat landscape, Threat modeling, Cyber crime mitigation framework |
Subjects: | Computing > Information security |
Related URLs: | |
Depositing User: | Dr Abel Yeboah-Ofori |
Date Deposited: | 21 Mar 2023 15:52 |
Last Modified: | 04 Nov 2024 11:18 |
URI: | https://repository.uwl.ac.uk/id/eprint/9873 |
Downloads
Downloads per month over past year
Actions (login required)
View Item |