Tag Archives: Cybercriminals

Cybercrime in Eswatini: The deterrence theory approach

Title: Cybercrime in Eswatini: The deterrence theory approach

Mr Emmanuel Lungile Howe, First Author: lungile.howe@gmail.com

ORCID: 0000-0002-3142-9585

Senior lecturer, Faculty of Computing at Botho University Eswatini, PhD student, NWU, Mahikeng campus — Business School.

MTech in Information Systems (Tshwane University of Technology (TUT)), Bachelor’s Degree in Information Technology.

Co-author: Professor Anna-Marie (AMF) Pelser – anna.pelser@hotmail.com

iD orcid.org/0000-0001-8401-3893

Research Professor, North-West University, Faculty of Economic and Financial Sciences — Entity Director — GIFT, Mafikeng Campus.

HED (Home Economics, PU for CHE), B Com (UNISA), B Com Hons (PU for CHE), M Com (Industrial Psychology, NWU), PhD (Education Management, NWU)

Corresponding author Prof A.M.F. Pelser – ampelser@hotmail.com

Ensovoort, volume 41 (2020), number 11: 1

Abstract

Cybercrime is a growing threat and the rise in access and usage of the Internet has resulted in of all the elements of criminal activity migrating into cyberspace. Cybercrime activities have become so serious that many developing countries have adopted various preventative and defensive approaches such as Internet regulation and establishment of organisations that address cybercrime issues. In order for cybercrime to be committed, there must be the existence of cyberspace which is the globally interconnected information infrastructure that includes the Internet and telecommunications networks. The banking sector has become one of the most affected industries due to the concentration of financial wealth. To address this issue, various mechanisms and approaches have been implemented such as putting up deterrent measures against cybercrime. To prevent cybercrime, organisations and individuals need to understand the cybercrime trends. With the increase of cybercrime activities in the banks, various strategies have been used. However, there has been a growing interest in applying the concept of deterrence to cybercrime.

In simple terms, deterrence is all about convincing an opponent that the potential value gained in orchestrating an attack is not worth the potential cost to be expended. One of the strengths of the deterrence theory is that it involves a degree of threat from both sides whereby each entity holds enough capability to harm one another. Cybercriminals are constantly looking for ways to attack vulnerable organizations and the recent COVID-19 pandemic has provided such an opportunity. Hence this concept paper seeks to propose a model which can be used to gain understanding of how cybercrime can be prevented through the application of the deterrence theory.

Keywords: Cybercrime, Deterrence theory, Cybercriminals, Cyberspace, Internet Banking, Cyberattack, Cyberscam, Fraud

1. Introduction

Cybercrime is not a new phenomenon and it is one of the fastest growing criminal activities on the planet covering a large range of illegal activities including everything from financial scams to virus attacks Erhabor (2008). Cybercrime according to the ITU (2012), is used to describe a range of offences, ranging from computer crimes to network crimes. Such crimes are normally committed using online technologies to illegally remove or transfer money to different accounts (Wall, 2007). These cybercrime attacks are getting more frequent, malicious and sophisticated on a daily basis (Smith, 2017).

Cybercrime is a growing threat, since people and organizations rely more on the Internet on a daily basis, and because of its global nature it differs from other transnational crime problems (Bande, 2018). In financial institutions, especially banks, customers are able to access different services without the need of visiting the physical bank premises. However, this convenience comes with the risk of cyberattacks. With a high number of cybercrime incidents such as phishing, viruses, hacking, there is a need to explore and analyse the cybercrime scenario in the banking industry.

Developing countries are normally a vulnerable target for cybercrime, due to the structural and institutional imbalances (Antonescu & Birau, 2015). Furthermore the increased penetration of broadband in developing countries is another factor that has made these countries a fertile ground for hackers (Kshetri, 2010). Cybercrime has become a tremendous threat in today’s digital age and the estimated cost of cybercrime will grow from $3 trillion in 2015 to $6 trillion by the year 2025 as estimated by Morgan (2017). Banking is the business activity of accepting and safeguarding money owned by other individuals and entities, and then lending out this money to earn a profit. However, this activity over time has been exploited by cyber criminals resulting in major disruptions including financial losses and trust issues in their operations.

Cybercrime is a global problem that affects all industries and it is progressing at a fast pace, with new criminal trends that are constantly emerging. Cybercriminals are demonstrating a growing knowledge of the banks’ financial systems and the potential weaknesses that exist (KPMG, 2018). The increased adoption of technology by financial institutions especially banks has elevated countries’ cyber-attack risk, further exposing them to financial customer loss (Munda, 2019). According to Interpol (2020) cybercriminals are developing and strategically boosting their attacks at an alarming rate, by taking advantage of the unstable social and economic situation caused by COVID-19. Various authors have conducted academic studies in cybercrime particularly in the financial sector. (Lagazio, Sherif and Cushman (2014) investigated the effects of cybercrimes on the financial sector, and findings revealed that inflated expenses on cybercrime defense and underreporting of cyber-crime incidents are the major behaviours of financial companies. Lubua (2014) concludes that the lack of cyber laws in Tanzania has resulted in the violation of clients’ rights in maintaining the clients’ information.

The problems associated with cybercrime are normally revealed by a research-based approach, therefore to address the cybercrime phenomenon in the Kingdom of Eswatini it is suggested to follow a similar approach. The main reason for following this kind of approach is to identify the research gap for this study.

2. Problem Statement

Cybercrime is a growing threat, since people and organizations rely more on the Internet on a daily basis, and because of its global nature it differs from other transnational crime problems (Bande, 2018:11). In financial institutions, especially banks, customers are able to access different services without the need of visiting the physical bank premises. However, this convenience comes with the risk of cyber-attacks. With a high number of cybercrime incidents such as phishing, viruses, hacking, there is a need to explore and analyse the cybercrime scenario in the banking industry. Developing countries are normally a vulnerable target for cybercrime, due to the structural and institutional imbalances (Antonescu & Birau, 2015). Cybercrime has become a tremendous threat in today’s digital age and the estimated cost of cybercrime will grow from $3 trillion in 2015 to $6 trillion by the year 2025 (Morgan, 2017). Banking is the business activity of accepting and safeguarding money owned by other individuals and entities, and then lending out this money to earn a profit. However, this activity over time has been exploited by cyber criminals resulting in major disruptions including financial losses and trust issues in their operations. While banking entities have initiated various means to address this issue with limited outcomes, the problem persists. Law enforcement agencies and bodies over the years have not been able to deal with cybercrime effectively, particularly in developing countries, due to the slow technology adaptation (Sussmann, 1999). Low technological literacy of users and the exposure of technical security system loops are other factors that contribute towards the rise of cybercrime (Lubua, 2014). This is because there is no known framework that may help address these issues for banking in the context of a developing country.

Cybercrime costs have quadrupled from the years 2013 to 2015 and there are predictions that from 2015 to 2019, there will be another quadrupling and the trend is that such activities end up undetected (Arcuri, Brogi & Gandolfi, 2017:175). There is insufficient literature that addresses the cybercriminal activities particularly in the context of Eswatini banks. This study aims to bridge the gap by providing an in-depth and detailed understanding of cybercrime activities in Eswatini banks. A gap that has been identified is that there is limited research conducted that relates to the cybercrime phenomenon specifically in Eswatini banks, which makes this case study a unique one. The main research problem is the lack of literature in addressing the cybercrime activities in Eswatini Banks. In this regard, the key research question is:

How can the deterrence theory assist in combatting cybercrime activities in banking?

3. Need for this study

Cybercrime is a global problem that affects all industries and is progressing at a fast pace, with new criminal trends that are constantly emerging. Cybercriminals are demonstrating a growing knowledge of the banks’ financial systems and the potential weaknesses that exist (KPMG, 2018). The increased adoption of technology by financial institutions, especially banks, has elevated countries’ cyber-attack risk, further exposing them to financial customer loss (Munda, 2019). This has also made it harder for the criminals to be identified and captured.

3. Methodology

The study is descriptive in nature, including a systematic literature review. Secondary data were used, which consisted of research journals, online journals and books. This type of literature review ensures that all related literature in the field of study is identified, evaluated and synthesized. In conducting a systematic literature review for this study, the research objectives were identified, searched for and compared in relevant studies to further address the objective of this study.

4. Conceptual-theoretical framework

The basis of deterrence theory is to discourage a potential attacker from carrying out an action or event by instilling fear and doubt as to the consequences of that action.

Figure 1: Conceptual deterrence theory on cybercrime

5. Cybercrime in banks

A major characteristic of cybercrime is that it is borderless, cross-territorial in nature and the impact it has is much wider when compared to traditional crimes (Johnson & Post, 1996). Boni and Kovacich (1999) define cybercrime in three different ways:

  1. Cybercrime is a new form of crimes that are performed by using a computer
  2. Cybercrimes are the adoption of existing crimes on the Internet
  3. Cybercrimes are criminal activities that are performed with the use of the Internet

Banks classify banking financial transactions in two cagegories. The first category is a physical structure that offers banking services using traditional delivery channels, while the other approach involves the establishment of a virtual or branchless bank (Olowokere & Adedeji, 2018), providing customers increased convenience and access to financial services. However this has opened the door to increased online risks, especially from hackers and criminals that have migrated to committing cybercrime activities. Criminals target financial institutions since it is a low-risk and high-reward area, and chances of being caught or prosecuted are uncommonly low (Thompsonreuters, 2014).

5.1 Causes of cybercrime

Hsiang Wei (2015) mentions that there are various reasons why cybercrime occurs at an alarming rate. This includes:

  1. Identifying a cyber-attacker is challenging because anyone could be a culprit
  2. Equipment to conduct a cybercrime attack is easily accessible and inexpensive
  3. Cybercrime activities can be launched ubiquitously

The major cybercrimes affecting the financial sector include virus attacks, DOS attacks, unauthorized access, hacking and website defacement (Gordon et al., 2003). Malware and other techniques engaged in by cybercriminals are continuously evolving and they range from phishing to man-in-the-middle attacks, interception of telephone lines during verification processes and mobile device utilization to gain access to corporate enterprise systems (Scanio & Ludwig, 2013). The impact of the COVID-19 pandemic has created a perfect opportunity for cybercriminals to further exploit the situation (Olson, 2020).

5.2 Types of cybercrime

5.2.1 Hacking

Liao et al., (2017) define hacking as the illegal breaking into a computer system by deliberately passing through security measures with the intention of stealing information normally stored in computers and network systems. Bawane and Stelke (2014) mention denial of services, spoofing, sniffing, viruses, key loggers as some of the hacking techniques used by cybercriminals.

5.2.2 Phishing

Anderson et al., (2008) defines phishing as a scam that seeks to lure targeted victims to unintentionally disclose certain information, especially usernames and passwords in order for the cybercriminal to gain access to the individual’s account. Phishing activities are mostly common on websites whereby individuals are required to enter their credentials to gain access to the banking system (Hughes, 2008).

5.2.3 Insider Threat

This is a malicious threat that happens inside the organization, whereby the employee misuses the systems through authorized access (Devi & Mohankumar, 2019).

5.2.4 Malware

Malware is when an unauthorized program is installed secretly in a computer system with the intention of stealing data and information (Uppal et al., 2014).

5.2.5 Eavesdropping

This technique involves the use of software to monitor packets or telecommunications links to read through transmitted data. Tools often used include radio receivers, microphone receivers, tape recorders, network sniffers (Ibikunle, 2005).

5.2.6 Identify theft

This is the method of using someone else’s identity such as the name, and date of birth to conduct fraudulent activities (Ali et al., 2017.)

5.2.7 ATM Skimming

This technique involves trading of the ATM machine by introducing a skimming gadget on the machine keypad to resemble the original ATM keypad (Rao, 2019).

5.2.8 Cyberscams

This is also known as Internet fraud and is defined as crimes involving the use of one or more Internet components to deprive an individual of property by providing false or misleading information (Huang, 2011).

5.2.9 Pharming

This is a type of fraud whereby the client’s internet connection is diverted to a counterfeit website operated by the cybercriminal (Vrincianu & Popa, 2010).

5.2.10 Vishing

This is an electronic fraud technique using fraudulent emails where customers are tricked into revealing sensitive and personal information to unauthorized entities (Gandhi, 2012). Normally an email will be sent to unsuspecting customers citing a problem with their bank accounts.

5.3 Categories of cybercrime

Arora (2016) categorizes cybercrimes as follows:

  1. Cybercrime against individuals: In this category individuals are affected, because the goal is to exploit human weakness particularly greed and naivety.
  2. Cybercrime against property: the most popular types are cyber vandalism, malware     transmission, and cyber trespassing and internet time thefts.
  3. Cybercrime against government, organizations and society: This includes unauthorized access to computers, password sniffing, denial of service attacks, network intrusions.

The OCED report (2007) categorises the types of cybercrimes particular in the banking sector as follows:

  • Innovators — those who seek to find security holes in the system to overcome protection measures adopted by the banks
  • Amateur — these are beginners with limited computer skill
  • Insiders — employees within the bank that leak out information for revenge purposes
  • Copy cats — these are interested in recreating simple tasks
  • Criminals — these are highly organized and knowledgeable individuals

5.4 Cyberspace

Cyberspace refers to an online environment where individuals engage and communicate with one another (Kremling & Parker, 2018), and has enabled a new world where crime is becoming more common due to the accessibility and anonymity (Ossip, 2017). Anonymity in cyberspace has transformed the outlook of internet users through the decrease of a sense of personal accountability and direct association, which contributes to an increased tendency to commit cybercrime (Norden, 2013). The irregularities of cyberspace have caused confusion not only for Internet users but also for all industries and organisations (Kremling & Parker, 2018). This unique characteristic has created an environment where terrorists and criminals interact and share information with each other (Maghaireh, 2009). The infrastructure in cyberspace involves public and private entities, and for institutions such as governments, this means the level of control is not the same as compared to the physical space (Gross, 2016).

Cyberspace organizes the global, virtual and computer-based networked environment that consists of open air-gapped internet, directly or indirectly connecting systems and other infrastructure necessary to meet society’s needs (European Commission, 2013). In less developed countries where information security policies and laws exist, cybercriminal activities continue to be conducted at a lower risk, however it still has an impact on targeted developed countries (Choo, Smith 8& McCusker, 2007).The increase in cybercrime activities in cyberspace is directly linked with the awareness of loopholes, gaps and opportunities that cybercriminals exploit. Brantly (2018) categories cyberspace into three broad categories, which are cyberattacks, cyber espionage and cyber theft. Cyberattacks are actions that degrade, deny or destroy, cyber espionage is the act of the stealing of information or corporate intelligence from an organization and cyber theft is the act of stealing information specifically for financial gain.

Bremer (2007) argues that most cybercrime activities are merely a migration from the physical space into cyberspace. This migration has opened up and propelled the activities of cybercriminals to reach a level that has become difficult to manage and control. Furthermore, (Chimuka & Mashumba-Paki, 2016) affirm that this rapid rise of targets and techniques has occurred against a background of awareness by cybercriminals of the loopholes in organisations and the lack of security measures implemented.

5.5 The role of the Internet and cybercrime activities

The internet over the years has changed the way human beings interact and view life, and the impact it has on our daily lives is influenced by the cyberspace that surrounds us. Cybercrime and traditional crimes are similar but cybercriminals are more involved in cybercrime because of the availability of the internet. The internet was never designed with security in mind and that opens up opportunities for hackers and cybercriminals to take advantage of (Van Ommeren, Borrett & Kuivenhoven, 2014). The increase in ICT usage has also fomented the rise of cybercrimes, using the Internet as a platform (Saini, 2012). This has also raised concerns for security elements mainly in the areas of online banking services and financial information (Ali, Ali, Surendran & Thomas, 2017). A contributing factor is that cybercriminals have become versatile and specialized in executing crimes in cyberspace (Kirgel, 2012).

The role of the internet has enabled the transformation of cybercrime activities in generational stages. The first generation of cybercrime occurred within discrete computing systems and was characterized by exploitation activities. It paved the way for departure from conventional criminal activity. The second generation of cybercrime occurred across networks, and involved acts such as hacking and cracking. The third generation is characterized by its dispersed and automated nature of computer systems interaction (Wall, 2007). Compared with crimes committed in the physical world, crimes committed virtually are less constrained by monetary and physical resources, resulting in significant damages (Hui, Kim & Wang, 2017).

5.6 Factors contributing towards cybercrime

Cybercrimes refer to offenses in the digital space through the Internet and the rise in cybercrimes is a result of many factors. The anonymity offered by the Internet is one of the factors that allows cybercriminals free exchange of critical, unpopular criminal activities without punishment from the organization or authority (Nijoboer, 2004). A majority of Internet users in developing countries are inexperienced and not technically savvy, which results in the adoption of new technologies without the consideration of security. The existence of dysfunctional institutions and a lack of resources are among the biggest hurdles for combating cybercrime in developing countries (Kshetri, 2010). The slow development and response in current legislation for cybercrime is another example of the ineffective or insufficient efforts to address crimes committed in cyberspace (Barclay, 2014). In the past few years, cybercriminals have become experts in utilizing modern technology and the advanced capacity available (Antonescu & Birau, 2015).

5.7 Mitigating Cybercrime

Banks use various methods to tackle cybercrime and these are defined as an action, process, technology, device or system that prevents or mitigate the effects of a cyber-attack (Newman, 2006). Banks use various countermeasures such as firewalls and antiviruses as the first line of defense (Walter & Northup, 2006). Cryptography techniques are used to ensure data security during transmission and network vulnerability testing is conducted regularly to calibrate banking systems (Todd, 2009). Protection against physical access to a banking system is through devices such as locks, card access keys and biometric devices, while sharing of potential threat information is often shared with financial intelligence partners for analysis (Quentin et al., 2009). Boer & Vazquez (2017) further mention other measures which include a good understanding of cyber-resilience, adopting a comprehensive and forward looking approach to manage a risk, implementing the right controls and responsive actions and engaging in swift cyber-threat information sharing. Common security measures often used by bank customers when conducting banking transactions range from protecting personal data, using strong passwords, constant system software upgrading and setting and enforcing strong security measures on mobile devices (Ali, et al, 2017).

5.8 Efforts in fighting cybercrime in Eswatini

The banking sector is one industry that is most at risk from cybercriminals due to the nature of the data it holds (Wall Street, 2019). Africa Cyber Security Report (2016) states that most African organizations are not fully equipped to respond to information security threats. The banking world has advanced with online banking through technology, becoming a more convenient way of conducting banking activities. The impact of cybercrimes in banks often leads to the failure to complete business and financial contracts created to deliver goods and services as well as intellectual property rights abuse. Banks are the most targeted due to the cybercriminal’s intention to damage the reputation of such firms (Onchomba, 2018). The awareness of cybercrime and the sensitivity of cyber threats in the financial sector has resulted in the drafting of different pieces of legislation with the objective to provide a secure environment for banking transactions. The Government of Eswatini has instituted some legislation, policies, acts and regulation measures to help combat the surge of cybercrime. These include;

  • Financial Institutions Act No.6 of 2005
  • The Money Laundering and Financing of Terrorism (Prevention) Act of 2011,
  • Prevention of Organized Crime Bill and Draft Computer Crime and Cybercrime Bill, 2013 and
  • the Electronic Communications and Transactions Bill of 2017 (Government of Eswatini, 2019).

The United Nations Conference on Trade and Development warns that cybercriminals are increasingly targeting developing countries as a result of limited enforcement in legislation (Shiloh & Fassassi, 2016). Moreover, there are various factors identified that are regarded as contributing factors to the spreading of cybercrime which are mostly focused on more developed countries. Africa has limited research done on cybercrime and Quarshie and Odoom (2012:98) further state that a lot of cybercrime emanates from the African continent accompanied by threats that are easily spread due to poorly protected computer systems, hence there is a need to address this problem. This is further hindered by the lack of cybercrime knowledge (Akuta, Ong’oa & Jones, 2011:219). The literature identified a trend that most of the studies especially in the African context, applied only a few criminology theories in their research in order to obtain an in-depth understanding of cybercrime activities in varied sectors.

Banks, ever since the rise in cybercrime activities, have used various basic protection and defensive methods to minimize their risks. These methods vary from implementing a risk-assessment plan, adopting technological tools such as firewalls, intrusion detection systems and anti-virus software, a sound business recovery plan that is backed up by policies and procedures and lastly an incident-response plan (Singleton, Singleton & Gottlieb, 2006).

5.9 Applying the deterrence theory to cybercrime

Deterrence theory was first postulated in the late 1700s by Cesare Beccaria and Jeremy Bentham, and stated that the rate of a particular crime varies inversely with the certainty, celerity and severity of punishment associated with that crime (Beccaria, 1963; Bpwring, 1962). The concept of deterrence is about keeping an opponent from doing something that you do not want him to do by making a threat of unacceptable consequences (Mazanec et al., 2015). Deterrence theory is based on the idea that if state-imposed sanction costs are sufficiently severe, criminal activity will be discouraged (Nagin, 2013). Deterrence theory suggests that individuals can be dissuaded from committing antisocial activities through the use of countermeasures, ranging from strong disincentives to sanctions that are relative to the activity (Straub & Welke, 1998). The various deterrence activities also assist to facilitate prevention activities through the establishment of necessary awareness for the users of the system (Alanezi & Brooks, 2014). Deterrence theory states that the capability and communication alone are insufficient, because the threatened party must believe that the threat of retaliation, or of a preemptive strike is real (Geers, 2010.) There are two basic types of deterrence, specific and general. Specific deterrence is designed to deter only the individual offender and general deterrence is designed to deter the general population from engaging in crime. Overall the deterrence effect is often publicized to make potential offenders aware of the futility of participating in crime (Nagin, 1998). General deterrence is concerned with deterring the general community through the threat of sanctions (Homel, 1986).

For deterrence to work, potential attackers must be satisfactorily concerned that their identity would be exposed and retaliation carried out on them (Hsiang Wei, 2015). Furthermore, punishment for cybercrime should be conducted transparently to achieve a deterrent effect on cybercriminals Tan, 2018). Normally this requires a combination of certainty, severity and celerity to work properly, and to generate an expected cost of committing a crime (Mendes & McDonald, 2001). Certainty is defined as the risk of getting caught after engaging in a prohibited act, severity is the degree of severity applied in penalties for violation of certain laws or rules and celerity is the swiftness of sanctions after violation of certain laws or rules (Abed & Weistroffer, 2016).

Figure 2 below shows the four (4) components for the deterrence theory which comprises of deterrence, prevention, detection and remedy. Straub & Welke (1998) emphasise that individuals who commit crimes can be discouraged from engaging in such crimes through the use of these countermeasures.

Figure 2 Elements of the deterrence theory (Alanezi & Brooks, 2014.)

Deterrence proactively discourages potential violators from implementing a threat by warning them about logging policies and warning of remedial actions. Prevention seeks to protect information systems by reinforcing potential targets through the use of authentication methods. Detection uses a reactive approach that assist in the identification of perpetrators should a threat be attempted. Remedy seeks to assist in future deterrence efforts by providing precise means of doling out punishment for various infringements of the system (Schuessler, 2009).

The achievement of deterrence as an alternative to conventional preventive measures is particularly appropriate because of the rapid development of hacking tools available to cybercriminals (Forrester Consulting, 2009). Maimo (2020) affirms that the effectiveness of deterrence-based strategies in preventing and mitigating the occurrence of cybercrime is a result of the prevalence of cyber deterrence policies and strategies.

5.10 Deterrence in cybercrime

According to Chun (2011) there has been research conducted focusing on deterrence of cyberattacks, however the focus was more on cyberwarfare rather than cybercrime. Png and Wang (2007) conducted a study that addressed the prosecution and law-enforcement activity against cybercriminals and the findings showed a reduction in hacking incidents. Guitton (2012) conducted a study on cyberattacks on businesses while Hui, Kim and Wang (2013) focused on distributed denial of service attacks. Kesan & Hayes (2012) further state that the biggest barrier in guarding against these type of attacks is the lack of a legal method to respond, which also has dependable effects on potential attackers. The implementation of deterrence-based strategies in cyberspace is prone to failure due to the inherently anonymous nature of the cyberspace, complicating the task of attack attribution (Nye, 2017).

6. Conclusion

The internet has created and opened up a world where individuals and organisations are constantly in fear of keeping up with the rapid developments in technology. The slow progress of implementing and adopting legislation that will address cybercrime has been a major challenge. One of those factors is the lack of understanding of how cybercrime activities can be prevented and mitigated. The evolving rate of technology has also given rise to cybercrime activities, making banks a high-profile target for cybercriminals. The ability of financial institutions especially banks to fight against cybercrime has become a crucial requirement to enable an environment where a cybercrime framework is properly implemented and utilized. The deterrence theory in this instance posits that by maintaining a credible reactive capacity potential cybercriminals can be discouraged from committing cybercrime.

Deterrence does not only focus on threatening with punishment, but by properly constructing a significant deterrence model that will address cybercrime. Such a model must be able to clearly outline the elements that need to be deterred. It is also crucial to ensure that a range of alternative strategies to be utilized for cybercrime prevention are utilized for a robust deterrence model. In order for deterrence-theory principles to work for the benefit of financial institutions, it is important that the entities involved understand the concept and the level of punishment linked with each cybercrime activity.

References

Abed, J. & Weistroffer, H.R. 2016. Understanding Deterrence Theory in Security Compliance Behavior: A Quantitiative Meta-Analysis Approach. SAIS 2016 Proceedings, 28. Assessed on: 12 July 2020 at http://aisel.aisnet.org/sais2016/28

Ali, L., Ali, F., Surendran, P & Thomas, B. 2017. The Effects of Cyber Threats on Customer’s Behaviour in e-Banking services. International Journal of e-Education, e-Management and e-Learning, 7(1), pp.70 – 78

Antonescu, M. & Birau, R. 2015. Financial and non-financial implications of cybercrimes in emerging countries. Procedia Economics and Finance, 32, pp.618-621

Alanezi, F. & Brooks, L. 2014. Combatting Online Fraud in Saudi Arabia using General Deterrence Theory (GDT). Twentieth Americans Conference on Information Systems, Savannah.

Anderson, K.B., Durbin, E. & Salinger, M.A. 2008. Identity theft. Journal of Economic Perspectives, 22(2), 171-192.

Bande, L.C. 2018. Legislating against Cyber Crime in Southern African Development Community: Balancing International Standards with Country-Specific Specificities. International Journal of Cyber Criminology, 12 (1)

Barclay, C. 2014. Using Frugal Innovations to support Cybercrime Legislations in Small developing states: Introducing the Cyber-legislation Development and Implementation process Model (CyberLeg-DPM). Information Technology for Development, Routledge Taylor & Francis Group.

Beccaria, C. 1963. On crimes and punishments. Indianapolis, IN: Bobbs-Merrill.

Bawane, M.S. & Shelke, C.J. 2014. Analysis of increasing hacking and cracking techniques. International Journal of Application or Innovation in Engineering & Management, Volume 3(2), February 2014

Boateng, R., Longe, O.B., Mbarika, V., Avevor, I., & Isabalija, S.R. 2010. Cybercrime and criminality in Ghana: Its forms and implications. Paper presented at the Americas Conference on Information Systems.

Boer, M & Vazques, J. 2017. Cyber Security & Financial Stability: How cyber-attacks could materially impact the global financial system. Institute of International Finance.

Boni, W.C. & Kovacich, G.L. 1999. I-way Robbery: Crime on the Internet, Butterworth-Heinemann.

Bowring, J. 1962. The works of Jeremy Bentham published under the superintendence of his executor John Bowring 1833-1844. New York, NY: Russell & Russell Inc.

Chimuka, T.A & Paki, L.M. 2016. Understanding cyber scams: An assessment of the challenges of law enforcement in Botswana. Journal of Sustainable Development in Africa, 18 (2), pp.111 – 126

Choo, K.R.R., Smith, R.G. & McCusker, R. 2007. Future Directions in Technology-Enabled Crime: 2007-09. Research and public policy series no. 78. Canberra: Australian Institute of Criminology. Assessed on: 26 Nov. 2019 at http://www.aic.gov.au/publications/current%20series/rpp/61-80/rpp78.aspx

Devi, R.S. & Mohankumar, M. 2019. An empirical study on cyber security threats and attacks. International Journal of Scientific Research and Review, Vol 07, No 3, pp.2271-2276

Erhabor, I.M. 2008. Cybercrime and the Youths (PGDE Thesis), Department of Education, Ambrose Alli University, Ekpoma, Nigeria, (1) p.37.

European Commission. 2013. Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace, JOIN 1 Final, European Commission, Brussels. Assessed on: 2 Feb. 2020 at: https://eeas.europa.eu/ archives/docs/policies/eu-cyber-security/cybsec_comm_en.pdf

Forrester Consulting. 2009. DDoS: A Threat You Can’t Afford to Ignore. Assessed on: 5 Sept. 2019 at https://www.nl-ix.net/docs/verisign/whitepaper-ddos-threat-forrester.pdf.

Geers, K. 2010. The challenge of cyber-attack deterrence. Computer law & security review. Assessed on: 13 July 2020 at www.sciencedirect.com

Ghandi, V.K. 2012. An overview study on cybercrimes in Internet. Journal of Information Engineering and Applications, 2 (10), pp. 1-5

Gordon, L.A., Loeb, M.P. & Sohail, T. 2003 .A framework for using insurance for cyber-risk management, Communications of the ACM, Vol. 46 No. 3, pp. 81-85.

Government of Eswatini. 2019. Status of proposed legislation. [Online] http://www.gov.sz/index.php/component/content/article/141-test/2002-bills#

Gross, J.R. 2016. Hack and Be Hacked: a framework for the United States to respond to non-state actors in cyberspace. California Western International Law Journal, 46 (2)

Guitton, C. 2012. Criminals and cyber-attacks: The missing link between attribution and deterrence. International Journal of Cyber Criminology, 6, 1030–1043.

Hsiang Wei, M.L. 2015. The challenges of cyber deterrence. Journal of the Singapore armed forces, Vol 41, No. 1, pp 12 – 22

Homel, R. 1986. Policing the drinking driver: random breath testing and the process of deterrence. Canberra: Federal Office of Road Safety.

Hughes, T.F. 2008. A report on safe use of the Internet: Some of the most common risks. Hispania, 91(2), 408-411.

Huang, S.Y.K. 2011. The Evolutional View of the Types of Identity Thefts and Online Frauds in the Era of the Internet. Internet Journal of Criminology, 1-21.

Hui, K.L., Kim, S.H., & Wang, Q.H. 2013. Marginal deterrence in the enforcement of law: Evidence from Distributed denial of service attack. Assessed on: 2 Feb. 2020 at http://home.ust.hk/~davcook/marginal%20deterrence.pdf

Hui, K. L., Kim, S.H., & Wang, Q.H. 2017. Cybercrime deterrence and international legislation: Evidence from distributed denial of service attacks. MIS Quarterly. 41, (2), 497-523. Research Collection School of Information Systems. Assessed on: 14 Dec. 2020 at https://ink.library.smu.edu.sg/sis_research/3420

Ibikunle, A. 2005. Investigation of Computer Crime in Information Technology Industry, Unpublished Master‟s Degree Thesis, Ladoke Akintola University of Technology.

Interpol, 2020. Cybercrime: COVID-19 Impact. Assessed on: 11 Nov. 2010 at http//www.interpot.int

Kesan, J.P. & Hayes, C.M. 2012. Mitigstive counterstriking: Self-defense and deterrence cyberspace. Harvard Journal of Law & Technology, 25 (2), pp. 430 – 54

Kshetri, N. 2010. Diffusion and effects of cyber-crime in developing economies, Routledge Taylot Francis Group, Third World Quartely, 31 (7), pp. 1057-1079.

Kremling, J. & Parker, A.M.S. 2018. Cyberspace, Cybersecurity and Cybercrime. SAGE Publications

Johnson, D.R., & Post, D. 1996. Law and Borders – The Rise of Law in Cyberspace, Stanford Law Review, Vol.48, No 5, pp. 1367-1376.

Liao, R., Balasinorwala, S. & Rao, H.R. 2017. Computer assisted frauds: An examination of offender and offense characteristics in relation to arrests. Information Systems Frontiers, 19, 443-455.

Maghaireh, A.M.S. 2009. Jordanian cybercrime investigations: a comparative analysis of search for and seizure of digital evidence, Doctor of Philosophy thesis, Faculty of Law, University of Wollongong.

Mazanec, Brian, M. & Bradley, A.T. 2015. Deterring Cyber Warfare: Bolstering Strategic Stability in Cyberspace. Basingstoke. Palgrave Macmillan.

Mendes, S.M. & Michael, D.M. 2001. Putting severity of punishment back in the deterrence package. Policy Studies Journal, Vol. 29, pp. 558–610.

Morgan, S. 2017. Cybercrime damages $6 Trillion by 2021. Cybersecurity Ventures. Assessed on: 15 July 2020 at https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

Nagin, D.S. 2013. Deterrence in the Twenty-first century: A review of the evidence. Heinz College Research.

Newman, R. 2006. Cybercrime, Identity Theft, and Fraud: Practicing Safe Internet – Network Security Threats and Vulnerabilities. Proceedings of the 3rd Annual conference on Information Security Curriculum Development. Kennesaw, GA: ACM. p. 69.

Norden, S. 2013. How the Internet has changed the face of crime. Master of Science, Florida Gulf Coast University.

Nye, (Jr) J.S. 2017. Deterrence and dissuasion in cyberspace. International Security, 41(3), 44-71.

OECD Report. 2007. Cyber security policy making at a turning point. Assessed on: 16 July 2020 from www.oecd.org/sti/ieconomy/cybersecuirity.%20policy%20making.pdf.

Olson, R. 2020. COVID-19: The cybercrime gold rush of 2020. Assessed on: 18 July 2020 at https://blog.paloaltonetworks.com/2020/07/unit-42-cybercrime-gold-rush/

Olowokere, E.N & Adedeji, A.O. 2018. Bank-Customer Relationship and Provision of Quality Electronic Banking Services in Nigeria, Journal of Law, Policy and Golbalization, 80.

Rao, H.S. 2019. Cybercrime in banking sector. International Journal of Research – Granthaalayah, 7(1), pp. 148 – 161. https://doi.org/10.5281/zenodo.2550185.

Ossip, S.M. 2017. Cyber threats and cybercrime – a disruption of human security? Master Thesis, Leiden University.

Png, I.P.L. & Wang, C.Y. 2007. The deterrent effect of enforcement against computer hackers: Crosscountry evidence. Paper presented at the Workshop on the Economics of Information Security, Pittsburgh, PA.

Quentin, D., Dulaney, E. & Skandie, T. 2009. CompTIA A+. Indianapolis, Indiana: Wiley Publishing Inc.

Saini, H. 2012. Cyber-Crimes and their Impacts: A Review. International Journal of Engineering Research and Applications (IJERA), 202-209.

Scanio, S. & Ludwig, R.W. Surging. 2017. Swift and Liable? Cybercrime and Electronic Payments Fraud Involving Commercial Bank Accounts. Who Bears the Loss? Journal of Internet Law.

Schuessler, J.H. 2013. General Deterrence Theory: Assessing Information Systems Security Effectiveness in large versus small businesses. University of North Texas

Shiloh, J. & Fassassi, A. 2016. Cybercrime in Africa: Facts and Figures. Assessed on: 13 July 2020 at https://www.scidev.net/sub-saharan-africa/icts/feature/cybercrime-africa-facts-figures.html

Singleton, T., Singleton, A. & Gottlied, G. 2006. Bank Accounting & Finance. pp. 26 – 32

Smith, S. 2017. 2016 Internet Crime Report. Federal Bureau of Investigation – Internet Crime Complaint Center, 1-26.

Straub, D.W. & Welke, R.J. 1998. Coping with systems risk: Security planning models for management decision making. Management Information Systems Quarterly, 22(4), 441.

Tan, E.E. 2018. Cyber deterrence in Singapore, Framework and recommendations.

Thomson Reuters. 2014. Cyber Crime – The Fastest Moving Menace. Assessed on: 21 August 2020 at https://www.thomsonreuters.com/content/dam/openweb/documents/pdf/governance-risk-compliance/report/cyber-crime-special-report.pdf

Todd, L. 2009. CompTIA Network+. Indiapolis, Indiana: Wiley Publishing, Inc.

Uppal, D., Mehra, V. & Verma, V. 2014. Basic survey on Malware Analysis, Tools and Techniques. International Journal on Computational Sciences & Applications (IJCSA) Vol.4.

Vrincianu, M. & Popa, L.A. 2010. Considerations regarding the security and protection of e-banking services consumers interests. Amfiteatru Economic, 12(28) pp. 388 – 403.

Wall, D. 2007. Cybercrimes and the Internet. Cambridge, UK. Polity Press

Wall Street. 2019. The impact of Cyber attacks on the banking industry. Assessed on: 5 Sept. 2020 at: https://wall-street.com/major-impact-cyber-attacks-banking-industry/

Walter, G. & Northrup. T. 2006. MCDST self-paced training kit (exam 70-271): supporting users and troubleshooting a Microsoft Windows XP operating system. 2nd ed. Redmond, Wash.: Microsoft Press.