Citation
Takavarasha Jr, S., Van Heerden, R., Thakur, S.C. and Jordaan, A. (2023), "Cyber-security in the era of the COVID-19 pandemic: a developing countries' perspective", International Journal of Industrial Engineering and Operations Management, Vol. 5 No. 2, pp. 77-85. https://doi.org/10.1108/IJIEOM-02-2023-0026
Publisher
:Emerald Publishing Limited
Copyright © 2023, Sam Takavarasha Jr, Renier Van Heerden, Surendra Collin Thakur and Annelie Jordaan
License
Published in International Journal of Industrial Engineering and Operations Management. Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and no commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at http://creativecommons.org/licences/by/4.0/legalcode
1. Introduction
The COVID-19 pandemic saw 661,425,454 cases and 6,722,003 fatalities worldwide between 2019 and 2022 according to John Hopkins (2023). The fast-spreading pandemic also led to the quarantining of hundreds of millions of people in several countries. It accelerated and broadened the use of information and communication technologies (ICTs) by both practitioners and academics as well as cyber-criminal activity (Lallie et al., 2021). The pandemic also exposed the intensity of various digital divides. For instance, at the onset of the pandemic, 65% of the world's population was connected to the internet worldwide. However, only 47% and less than 20% were connected in the developing world and least developed countries respectively. A gender digital divide was also found to be growing in the developing world, i.e. about 12% in developing countries compared to 1% in the developed world (ITU, 2019).
Many businesses, government departments, schools and universities in developing countries also resorted to working from home during the lockdown in compliance with COVID-19 regulations. The rapid adoption of ICTs was experienced as business, entertainment, medicine, social interaction, as well as teaching and learning went online. This came with an increase in the frequency and severity of cyber-crime as articulated by Lallie et al. (2021). The cost of cyber-crime grew from 1.16 trillion USD dollars in 2019 to 8.44 trillion USD in 2022 (Statista, 2023).
Against this background of increased online activity and ever-growing cyber-threats, many organisations and individuals became victims of cyber-crime after being caught unprepared to securely conduct business online (Okereafor and Manny, 2020). Various attacks were experienced, including hacking attacks, spam email attacks, malicious domains, phishing, malware, distributed denial-of-service (DDoS), botnets, malicious social media messaging (MSMM) and business email compromise (BEC) in descending order of frequency (Alawida et al., 2022). The unprecedented use of generative artificial intelligence (AI) for both good and bad including the spread of conspiracy theories around COVID-19 was deployed.
Many developing countries suffered from a lack of effective preventative systems against further attacks. Indiscriminate and targeted cyber-attacks were unleashed on the new technology-driven society that sought to conduct business, socialise and attend lessons online. This called for re-alignments and compliance with cyber-security in all aspects of the technology, people, process (TPP) triad as discussed below.
2. Technology-related security issues
On the technological front, challenges were exposed by the sudden need for the virtualisation of business processes, social distancing and better technological platforms. The current ICT systems were not built for the volumes of business that were now necessitated by the COVID-19 pandemic. Some of them were for complementing offline systems and experimenting with futuristic systems to catch up with international trends. These were not necessarily built with the cyber-security integrity of an entirely virtual business channel in mind.
When people were forced to telecommute, some of the organisational information security apparatus that workers enjoyed in the office were no longer available at home. The perimeter boundaries were no longer in effect while working from home yet the same user credentials were being used for accessing institutional systems. Previously protected company devices were now accessible to family members who lacked an information security culture. This weakening of the human, organisational and technological aspects of the information security chain compromised both business and personal information as articulated by Safa et al. (2016).
While human issues were mainly to blame, many companies in the developing world lacked the technological and organisational control aspects necessary for supporting working from home (Safa et al., 2016). On the technological front, resource limitations also inhibited the acquisition of the necessary devices while companies were worried about COVID-19-induced bankruptcy. The ICT infrastructure for working from home was often unplanned and unbudgeted for and sometimes unavailable on the market due to the disruption of supply chains by the COVID-19 restrictions.
3. Regulation and enforcement of cyber-security during the pandemic
The COVID pandemic was a bleak and dark period for both governments and the business community. Their endeavour to navigate this difficult time has led to various omissions to security compliance. For instance, there was no strict adherence to regulations requiring that the victims of cyber-attacks must report to their regulator or national incident reporting centres. This is despite the growing body of ethics literature re-emphasising the responsibilities of breached firms to disclose data breach cases whenever they occur (Morgan and Gordijn, 2020).
While behavioural checks, technical controls and recovery processes from security breaches are considered to be standard practice in the industrialised world, they are not universally enforced in developing countries where governance systems are weak. In some developing countries, institutions for cyber-security incidence reporting and enforcement mechanisms have not been effectively put in place. This is despite its negative effect on business, the economy and its crippling effect on infrastructure as articulated by Świątkowska (2020). Cyber breaches are often kept secret by various institutions to the detriment of stakeholders' investment and information security. Affected stakeholders can therefore not protect themselves from further exposure following the dangerous attacks. Rumours often leak that institution A or B was hacked by ransomware yet their shareholders and customers are never officially alerted.
After a data breach, investors need to be notified through a change in the company's risk factor, as articulated by Chen et al. (2022). This is not being enforced and sometimes the regulator of the financial sector helps keep this unknown to stakeholders. The regulators will need to enforce compliance with cyber-security best practices. Non-compliant actors like SMEs need to be informed about the importance of cyber-security compliance – to their business and also to the nation at large. Given the danger of non-compliance, some basic cyber-security practices will need to be enforced and compliance must be mandatory.
Best practices in information security management standards, such as Control Objectives for Information and Related Technologies (COBIT), International Electrotechnical Commission (IEC) and International Organization for Standardization (ISO), have been developed for adoption by organisations. The pandemic revealed that there is a need to consider the behavioural issues that affect the adoption of such standards.
While the financial services sector may be mandated by frameworks such as BESEL II to submit weekly retainers that reveal cyber-security status, and even employ a chief information security officer, both the bank and their regulator may avoid the effects of negative publicity. The avoidance of such a loss of customer and investor confidence while advantageous in the short-term is unethical given its negative impact on the interests of other stakeholders. This happens in developing countries where the regulatory systems are not strong enough to enforce strict compliance with information security and risk factor disclosure.
The central bank as the regulator would use its discretion on how much to publish to counterparts in the sector or members of the public. The weak systems in developing countries are also manipulated by strong actors such as businesses to the detriment of the weak customer and smaller business partners on their supply chain. These strong players could be businesses and public institutions that are too embarrassed to admit having been attacked. They are also cognisant of the negative market reaction emanating from cyber-breach disclosure. Maintaining customer confidence is their top priority because a lack of it could prove to be dangerous to their businesses. This is arguably key to their need to keep their businesses thriving since institutional investors are unlikely to invest in companies that have experienced a major public cyber-breach. This also hurts their share price and ability to raise capital (KPMG, 2015).
For instance, the publication of a cyber breach on a bank could lead to a catastrophic run on a bank. Depositors would rush to withdraw their cash to avoid losing their savings. This would also lead to a crush on the value of the bank's stock. For a financial services institution that is highly dependent on trust, this would be dangerous for both the company and the sector, and hence the economic investment climate. In such an environment, information security policy compliance (ISPC) would get compromised for businesses to survive bad publicity as well as the devastating effect of COVID-19 lockdowns.
It also makes room for compliance to be overlooked by those that have the financial and political muscle to do so, particularly, in developing countries. While these anomalies have always been in existence, the COVID-19 pandemic and its unexpected impact increased their frequency and exacerbated their impact.
4. The effect of non-disclosure of cyber-security breaches during the pandemic
Scholars cite several cyber-security concerns that took place during the COVID-19 era and how they could have been mitigated, for instance, through disclosure Gabriel et al. (2021). The pandemic saw the marginalisation of cyber-security breaches reporting that were deemed to affect business confidence. This is quite common in the developing world despite its detrimental effect on customers' personal privacy. Such opaqueness inhibits compatriots in the sector from learning from each other's experiences. It inevitably forfeits the opportunity to promote collaboration in fighting vulnerabilities that threaten the sector and to improve customer protection, as articulated by Gaglione (2019).
Notable international cases show that large numbers of customers can get affected by a single data breach. Examples include the famous Equifax breach that affected 143 million and the Marriot breach which exposed 327 million customer records. The failure of businesses to disclose the attacks that can cost them money and expose their personal privacy should arguably be viewed as an enabler to the commission of further cybercrime on other fronts.
Data breach notification laws must be strictly enforced because identity fraud can continue to feed on the customers' ignorance about the data breaches that would have happened to their banks, retailers or internet service provider. The customer would not see the need to fortify their personal information at a time when cyber-spies could be siphoning their details. They, therefore, miss the opportunity to urgently take preventative measures such as spyware removal, password changes and credit and debit card protection. This allows the cyber-criminal to attack unsuspecting victims or use them as avenues to platforms that should have otherwise been secured.
5. The people leg of the PPT framework as causer and victim of cyberthreats
People in their capacity as both employees and customers were arguably the causers and the victims of the cyber-attacks experienced during the pandemic. A greater part of the vulnerability of companies in the developing world was attributed to a lack of human resource capacity to defend their information systems. Businesses were attacked by malware, hacking, lost or stolen physical storage media, insider attacks and human error because of a lack of technical capacity. These attacks often cost them a fortune to recover from.
Some of these attacks could be traced to social engineering as working from home suddenly became the norm for unprepared businesses. Staff were also continuously searching for information about the COVID-19 pandemic and access to healthcare. They opened unsolicited emails and visited all sorts of websites in search of COVID-19 information. The pandemic has been characterised by mistrust of mainstream media and demand for conspiracy theories. This drove internet traffic to shadowy websites and extremist blogs for the information supposedly hidden from the populace. This exposed them to social engineering and malicious forms of generative artificial intelligence that were spreading fake news and conspiracy theories. Some of the malware were too sophisticated for traditional antivirus software to identify as Kadebu et al. (2023) discuss in this issue.
The informal sector, which is prevalent in developing countries, has often been characterised by inadequate skills and a lack of awareness. Due to a lack of capacity, some of them could not even deploy the free security tools that were available on the internet. Their limited resources would not allow them to hire workers who are sufficiently technically competent to cope with the required cyber-security compliance. Their workers, who often have no pensions, medical aid and vacation days, got disgruntled by the threat of business failure under the COVID-19 lockdown. This situation bred insider threats and negligence, and this arguably exacerbated the plight of the sector.
Technical staff needed to be hired and trained at a time when critical skills were inadequate in the job market. The users needed awareness as well as training to conduct activities that had been migrated to online platforms in the wake of COVID-19 restrictions. The customers were also unprepared for the need to use electronic platforms for activities they were used to conduct offline. As a result, they fell victim to cyber-attacks both as customers and as individual users.
By and large, this unplanned rapid adoption of online platforms has led to inequalities that ranged from the lack of net neutrality and marginalisation of the unconnected as well as those imperfectly connected to digital platforms. While well-being opportunities reduced for the unconnected, the partially connected suffered both adverse incorporation to life chances and COVID-19 information as well as increased vulnerability to cyber-attacks. This is because their life chances were affected by the digital divide, which translated itself into an economic divide. Adverse incorporation into the digital society meant, inter alia, low cyber-security budgets and higher exposure to cyber-attacks. Due to the foregoing, it must be argued that the people leg of the PPT framework was often found wanting in information security behavior as articulated by Ali et al. (2021).
6. The processes leg of the PPT framework and cyber-security during COVID-19
On the processes leg of the PPT triad, it is evident that companies needed to expeditiously automate various business processes for them to survive in a suddenly virtualised world. There was a need to migrate various business processes to online platforms from the physical and offline front.
Companies saw a vast increase in spam and hence social engineering while others suffered attacks that ranged from breeches that would simply cause a nuisance to catastrophic ones that affected data integrity and availability as well as loss of revenue. The mere nuisance breeches were experienced for example during video conferences when malicious content would be beamed by hackers with the effect no worse than disrupting the virtual meeting by showing some gibberish and X-rated content to participants.
For companies to cope with the new normal, a change of philosophy was necessary for processes to be more nimble. The previously hierarchical structure of command now needed to be flattened for them to enable faster decision-making and implementation. This was not an easy transition given the power culture that characterises the developing world.
Even while we discuss the exposure of businesses, we must hasten to acknowledge that business is not a monolithic group. Some businesses are large, while others are small and others are medium. Their response and exposure to the effect of cyber-security during the COVID-19 pandemic were as different as their ability to invest in cyber-security. The small to medium business sector was often found to be more vulnerable to bankruptcy and less prepared for investment in cyber-security. They suffered from a lack of knowledge as well as a lack of financial resources. This segment is over-represented in developing countries and it is largely informal.
The SMEs' thriftiness was primarily attributed to the need to keep the business alive in the early stages of its growth, and secondarily due to the need to survive the COVID-19 threats to businesses. A huge amount of them failed during the pandemic. Ethiopia alone lost 3.3 million or 22% of its working business owners during the COVID-19 pandemic (Engidaw, 2022). Such a need for survival also caused them to overlook the need to invest in corporate cyber-security compliance. According to Checkpoint (2022), 58% of small businesses are victims of cyber-attacks. Cyber-security compliance has been viewed as a luxury by businesses that have not yet been attacked. This is arguable because they had higher priorities to survive (Kayumbe and Michael, 2021) and because cybercrime was less rampant in businesses that held less personal information and transacted small amounts of money. They, however, were a potential channel for gaining access to secure platforms that are more attractive to hackers. This, arguably, makes it important for businesses to require third and fourth-party suppliers' compliance with corporate cyber-security strategies since they rely on them to fulfil contractual obligations, as articulated by Chen et al. (2022). While organisations have avoided reliance on a single third-party supplier of key services, they have often found these third parties to be reliant on a common fourth-party actor whose failure is capable of disrupting the organisation's activities in the event of a cyber-attack. The worldwide challenges caused by Zero-Day exploits such as the notorious Nobelium group on LogJ4 of the Solawinds supply chain in 2020 exemplifies the harm that can be caused by third-party components during the COVID-19 pandemic.
The fact that the COVID-19 pandemic caught the developing world unprepared also suggests that the security issues requiring time to develop were not achieved during this time. The urgent challenge was to automate the processes that could not be conducted manually due to COVID-19 restrictions. Security had to be implemented subsequently, and in rare cases, concurrently.
The users were left vulnerable because of the lack of both hard and soft skills. While hard skills can be outsourced through infrastructure as a service (IaaS) and software as a service (SaaS), soft skills would inevitably take time to develop. Of particular concern is the development of a cyber-security culture, because it determines the capacity of human actors to withstand snares such as social engineering. Many stakeholders in the developing world continue to struggle with fostering a cyber-security culture. They had not inculcated a culture of adherence to strict cyber-security strategies and compliance with risk management procedures. This has mainly been the case with owner-managed enterprises where the CEOs are often compelled to condone or even authorise the overriding of some basic cyber-security practices that seem to be inconvenient to businesses in the wake of the need to maximise profits and reduce costs.
To address the security challenges posed by the “new normal”, industry and academic players had to develop measures that could empower society (employees, partners, contractors and learners) to work remotely without compromising security or convenience (Adam, 2020). There was an urgent need to equip a telecommuting workforce, e-learners and e-educators as well as online socialites with cyber-security. This challenge was exacerbated by the need to secure a COVID-19-compliant multi-faceted terrain characterised by bring-your-own-device policies, blended cloud usage as well as on- and off-premises environments, as articulated by El-Sofany (2019).
7. The articles in this special issue
This special issue adds its voice to the crying call for solutions to cyber-security in the COVID-19 era. Having invited full papers that examine cyber-security in the era of the COVID-19 pandemic from a perspective of the developing world, five peer-reviewed papers were selected from the cyber-security track of the 2nd African International Conference on Industrial Engineering and Operations Management.
In the first article, Shimels and Lessa examine cyber-security in the Ethiopian banking sector. Under the title, “Maturity of Information Systems Security in Ethiopian Banks: Case of Selected Private Banks,” they sought to add their voice to the dearth of studies on the information systems security maturity level of banks in Ethiopia. Their endeavour to measure maturity level and examine the security gaps has led to proposing possible changes in the Ethiopian private banking industry's information system security maturity indicators, using the system security engineering capability maturity model (SSE-CMM) and a descriptive research design in a survey of 93 participants from four selected Ethiopian private banks. The maturity measurement criteria based on ISO/IEC 27001 information security control areas indicated a maturity level 2 (repeatable but intuitive). This means the private banks displayed a pattern that is repeated when completing information security operations, but its existence was not thoroughly proven, and institutional inconsistency still exists.
In the second paper, Kadebu et al. propose a hybrid machine learning approach for Analysis of Stegomalware. They entered the quest for devising innovative strategies to combat the threat of extremely sophisticated malware attacks on key infrastructures containing sensitive data. Given the challenge of detecting malware, they propose a hybrid approach for dynamic and static malware analysis that combines unsupervised and supervised machine learning algorithms. The study also shows how malware exploiting steganography can be exposed. The ability to detect dynamic malware using self-learning artificial intelligence (AI) was highlighted by the COVID-19 era attack as discussed above. The hard-to-detect Zero-day attacks such as the Sunburst that injected into SolarWinds' Orion are better handled by self-learning AI than legacy cyber-security applications. Kadebu et al.'s hybrid machine learning approach for analysis of Stegomalware is a timely intervention in a sector that is under continuous attack from increasingly harder-to-detect malware.
In a paper titled, “A Privacy-preserving Federated Learning Architecture Implementing Data Ownership and Portability on Edge End-points”, Mpofu et al. invoke the contentious issue of data privacy and data ownership in COVID-19 necessitated processes. They do so by developing a data privacy and portability layer on top of a previously developed automated aquaponics unit. Using a design science research (DSR) method and general data protection and privacy regulations (GDPR) as a yardstick, they found that “GDPR-inspired principles empowering data subjects including data minimisation, purpose limitation, storage limitation as well as integrity and confidentiality can be implemented in an FL architecture using Pinecone Matrix homeservers and edge devices”.
This paper addresses a timely and critical issue of data privacy and data portability, considering the knee-jerk reactions that the previously silent ICT regulators engaged in after the COVID-19 wake-up call. The regulatory bodies faced the debate on how to regulate the data held by the institutions that stood in the regulatory intersection between converged sectors such as mobile money. For instance, how far would the financial services regulator need to go towards controlling data privacy in mobile network operators (MNOs) without encroaching on the telecommunications regulators' jurisdiction? Mobile money is arguably a banking intervention that was introduced to the developing world by MNOs. In this case, data privacy and data portability would be of concern to the banking regulator. Similarly, e-learning data in schools and medical records in hospitals which fell under the jurisdictions of other regulators can be worrisome to its original owners. Converged technologies were arguably compelling regulatory convergence against the will of regulatory interests of the day. Mpofu et al. propose data minimisation, i.e. that storage limitation as well as integrity and confidentiality be implemented in an federated learning (FL) architecture using Pinecone Matrix home servers and edge devices. Their work solves the need for IoT applications that are hosted on edge and fog infrastructure, to apply machine learning (ML) in a decentralised manner. Decentralised or federated ML is a latency-free and cost-effective alternative to centralised, cloud-based ML which requires the sending of training datasets to the cloud to develop the ML models. Their federated learning (FL) architecture ensures that ML tasks requiring multiple training datasets can be executed without pushing all the data to the cloud. Autonomy and heterogeneity, which promote privacy and interoperability respectively, are key requirements for any FL application.
In the fourth paper titled, “Effectiveness of Banking Card Security in the Ethiopian Financial Sector: A PCI-DSS Security Standard Lens”, Daniel Gebrehawariat and Lemma Lessa focus on the electronic banking systems in the Ethiopian financial sector. They conducted the study using an international information security standard as a benchmark. They aimed to identify the gaps and recommend best security practices to help financial institutions meet the required security compliance. The unit of analysis was identified as two sub-sectors of the financial sector, purposively selected from the Ethiopian financial sector. Their study found that most of the essential security management activities in the Ethiopian financial sector do not comply with the international security standard. They also found that the level of most of the indispensable security requirements that should be in place, was below the acceptable level. Most importantly, the study revealed major security factors that impede the financial sector's compliance with the PCI-DSS security standard. Thus, recommendations for practice are forwarded to support the financial sector's efforts to withstand and mitigate cyber-attacks.
In the fifth and final paper titled, “Patient and Wearable Device Authentication Utilizing Attribute-Based Credentials and Permissioned Blockchains in Smart Homes”, Kembo, Mpofu, Jacques, Mukorera and Zvarevashe contribute to the contentious issue of privacy of medical records. Building on the COVID-19 era need for Hospital-at-Home improvisations, which include the use of wearable technology to classify patients within households before visiting health institutions. They explore the privacy-enhancing authentication schemes that are operated by multiple credential issuers and are also capable of being integrated into the Hyperledger ecosystem. Using a Design Science Research approach, they found that while the privacy-by-design architecture enhances data privacy through edge and fog computing architecture, there is a need to provide an additional privacy layer that limits the amount of data that patients disclose. Selective disclosure of credentials can limit the amount of information that patients or wearable devices can divulge. In terms of the paper's value, the authors' evaluation claims to have identified Coconut as the most suitable attribute-based credentials scheme for the Smart Homes' Patients and Health Wearables use case. Coconut's user-centric architecture supports Hyperledger integration, multi-party threshold authorities, public and private attributes, re-randomisation, as well as the unlinkability, ensuring that attackers cannot distinguish whether items of interest are related or not.
8. Concluding remarks
The papers in this special issue were selected from the second African International Conference on Industrial Engineering and Operations Management held on 7–10 December 2020 in Harare, Zimbabwe. All of the papers were subjected to a double-blind review process in keeping with the standards of the International Journal of Industrial Engineering and Operations Management (IJIEOM). The editorial team is highly grateful to the reviewers who took their time to review all the papers submitted.
The guest editors and the IJIEOM believe that the articles in this special issue will address key aspects of cyber-security needed in developing countries, namely malware, credit card fraud, data breaches and new frontiers such as AI, IoT and Cryptography. This issue attempts to foster preparedness for cyber-attacks and it provides vital tools for addressing the weaknesses that were exposed by the COVID-19 pandemic. As we are moving towards the post-COVID era, the ever-present danger of the occurrence of another disruptive event that can expose our lives to cyber-security threats calls for practitioners and academics to draw lessons from these pages with awareness and technical competence. The kaleidoscope has been shaken by COVID-19 and the cyber-security outlook has been radically changed; the developing world must approach the information society with technical competence and a mature information security culture in order for them to avoid the challenges discussed in this issue.
References
Adam, S. (2020), “Coronavirus and remote working: what you need to know”, Sophos, 12 March 2020, available at: https://news.sophos.com/en-us/2020/03/12/coronavirus-and-remote-working-what-you-need-to-know/?id=0013000001JH0eX (accessed 31 May 2020).
Alawida, M., Omolara, A.E., Abiodun, O.I. and Al-Rajab, M. (2022), “A deeper look into cybersecurity issues in the wake of COVID-19: a survey”, Journal of King Saud University – Computer and Information Sciences, Vol. 34 No. 2022, pp. 8176-8206.
Ali, R.F., Dominic, P.D.D., Ali, S.E.A., Rehman, M. and Sohail, A. (2021), “Information security behavior and information security policy compliance: a systematic literature review for identifying the transformation process from noncompliance to compliance”, Applied Sciences, Vol. 11 No. 8, pp. 13-23, doi: 10.6084/m9.figshare.12421049.
Checkpoint (2022), available at: https://checkpointpublic.litmoseu.com/course/204916?r=False&ts=638101527242857815
Chen, J., Henry, E. and Jian, X. (2022), “Is cybersecurity risk factor disclosure informative? Evidence from disclosures following a data breach”, Journal of Business Ethics, April 2022, doi: 10.1007/s10551-022-05107-z.
El-Sofany, H.F. (2019), “A new cybersecurity approach for protecting cloud services against DDoS attacks”, International Journal of Intelligent Engineering and Systems, Vol. 13 No. 2, p. 2020.
Engidaw, A.E. (2022), “Small businesses and their challenges during COVID-19 pandemic in developing countries: in the case of Ethiopia”, Journal of Innovation and Entrepreneurship (2022), Vol. 11 No. 1, doi: 10.1186/s13731-021-00191-3.
Gabriel, A.J., Darwsih, A. and Hassanien, A.E. (2021), “Cyber security in the age of COVID-19”, in Hassanien, A.E. and Darwish, A. (Eds), Digital Transformation and Emerging Technologies for Fighting COVID-19 Pandemic: Innovative Approaches, Springer, Cham, Studies in Systems, Decision and Control, Vol. 322, doi: 10.1007/978-3-030-63307-3_18.
Gaglione, G.S. (2019), “The Equifax data breach: an opportunity to improve consumer protection and cybersecurity efforts in America”, Buffalo Law Review, Vol. 67 No. 4, available at: https://digitalcommons.law.buffalo.edu/buffalolawreview/vol67/iss4/4
Hopkins, J. (2023), “Corona virus resource centre”, available at: https://coronavirus.jhu.edu/map.html
ITU (2019), “Measuring digital development facts and figures 2019”, available at: https://www.itu.int/en/ITU-D/Statistics/Documents/facts/FactsFigures2019.pdf
Kadebu, P., Shoniwa, R.T.R., Zvarevashe, K., Mukwazvure, A., Mapanga, I., Thusabantu, N.F. and Gotora, T.T. (2023), “A hybrid machine learning approach for analysis of stegomalware”, International Journal of Industrial Engineering and Operations Management, Vol. ahead-of-print No. ahead-of-print, doi: 10.1108/IJIEOM-01-2023-0011.
Kayumbe, E. and Michael, L. (2021), “Cyberthreats: can small businesses in Tanzania outsmart cybercriminals?”, International Research Journal of Advanced Engineering and Science, Vol. 6 No. 1, pp. 141-144, 2021.
KPMG (2015), “Cyber security: a failure of imagination by CEOs”, available at: https://kpmg.com/bb/en/home/insights/2015/12/cyber-security-a-failure-of-imagination-by-ceos.html
Lallie, H.S., Shepherd, L.A., Erola, A., Epiphaniou, G., Maple, C. and Bellekens, X. (2021), “Cyber security in the age of COVID-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic”, Computers and Security, Vol. 105 No. 2021, 102248.
Morgan, G. and Gordijn, B. (2020), “A care-based stakeholder approach to ethics of cybersecurity in business”, in Christen, M., Gordijn, B. and Loi, M. (Eds), The Ethics of Cybersecurity, Springer, Cham, pp. 119-138.
Okereafor, K. and Manny, P., (2020), “Understanding cybersecurity challenges of telecommuting and video conferencing applications in the COVID-19 pandemic”, International Journal in IT and Engineering (IJITE), Vol. 8 No. 6.
Safa, N.S., von Solms, R. and Futcher, L. (2016), “Human aspects of information security in organisations”, Computer Fraud Security, Vol. 2016 No. 2, pp. 15-18, doi: 10.1016/S1361-3723(16)30017-3.
Statista (2023), “Estimated cost of cybercrime worldwide from 2016 to 2027”, available at: https://www.statista.com/statistics/1280009/cost-cybercrime-worldwide/
Świątkowska, J. (2020), Tackling Cybercrime to Unleash Developing Countries' Digital Potential, Pathways for Prosperity Commission Background Paper Series; no. 33, Oxford.