Combating State-Sponsored Critical Infrastructure Cyber Intrusions

Introduction 

One of the most critical cyber security problems is that nation-level cyber operations mainly targeting the rivals’ necessary infrastructures are quickly waning. Digitally aggressive players have targeted network flaws to crack down on the system and only to place themselves where they can disturb crucial services. Assuming that the impact of these illicit actions is so great despite the perspective unveiling no clear answer, the strategic calculus leading the nations to such violent inroads is still uninvestigated. A synthesis of research on the cyber identity theft crisis is presented in this issue paper, and a proposed model for assessing factors that heighten a conflict or foes infecting the loose infrastructure is proposed. The analysis offers a spectrum of records of future predictions and defense systems based on the gloomy options of the enemy and the adversary’s decision context. The initial part of the discussion emphasizes the cyber identity theft menace and the wide damage the phenomenon imposes upon individuals, businesses, and institutions alike. It studies the cause of hindrance and the multilayered answer involving technology, public awareness, rules, and international collaboration. The subsequent paragraph referred to research design that featured evidence-based risk factor model creation to forecast state-sponsored cyber intrusions and the cognitive study of the most promising theory concerning prospect theory and its particular applicability to this field.This issue paper synthesizes research on cyber identity theft with a risk factor model for predicting state-sponsored critical infrastructure cyber intrusions.

Background: The Threat of Cyber Identity Theft 

Scope of the Issue 

Cyber identity theft has now been realized as a serious crime that has emerged in breadth and length, with global implications combined, leaving millions of people as its victims regularly. The skyrocketing increase in reported incidents directly shows that the use of connected internet for everyday purposes and technologies is a deadly threat that needs to be urgently addressed. Nonetheless, Saxby (2020) acknowledged that identity theft is not solely an individual victim’s issue but that of organizations, communities, and the entire economy on the micro-scale.

Background Information

Cybercriminals use a wide range of techniques, compared to better defense, which gets more sophisticated and is reused stealthily, like mass email compromise and malware deployment on a huge scale. Attackers attempt to steal credentials from individuals or company personnel by sending them to fake pages that impersonate trusted companies. On the other hand, trojans and different kinds of dangerous programs are concealed through phishing campaigns and then are used to deliver loads of data, also called ransomware, to the user (Chawki & Abdel-Wahab n.d). Nevertheless, another huge and deceiving mechanism uses data breaches to create backgates for hackers to get into the treasure of records containing personal data and account information. Such disclosures have become a nightmare and are daily occurrences, more evidence of which is only being reported on by the media – major retailers, healthcare systems, financial institutions, and even government databases being compromised – the data identity belonging to millions of people. More states have started actively sponsoring or tacitly allowing these criminal operations as an enabling factor for economic espionage or clandestine operations (Nadeem et al., 2023).

Consequences on Individuals and Institutions Level 

The downstream effects of being the victim of cyber identity theft can be disastrous for individuals and organizations alike. Consequently, cyber identity theft should be a significant concern for information technology security specialists. Many people are cheated using fraudulent charges, identity theft, and stolen tax refunds. On top of that, accounts are emptied. The severe credit scores and long-term credit defamation issues they face stay with them for many years, replacing loans, houses, jobs, and opportunities, all of which use reputation for credit. (Jibril et al., 2020). The psychological stress which is caused by identity denial makes people worried, affects their personal goals, and makes them lose trust in formal institutions.

For businesses, the fallout is twofold: they experience physical disruptions due to the loss of certification for job holders and data on customers. The huge expenses to strengthen the security systems, repayment of data breach loss, and administering credit monitoring programs in hasty time are the costs that often skyrocket. However, the digital reputation businesses suffer may not be as easy to recover, even if they bring these scandals under control; such tarnishing may ruin companies’ reputations on the market. Based on what Nadeem et al. (2023) have stated, identity theft is likely to cause both organizations and customers significant financial loss and a loss of consumer trust in that business.

The Challenges 

Postulating a robust system defense against the persistent cyber identity theft issue has the potential to be formidable. Uncertainty in digital literacy is an alarming factor that makes exploited vulnerabilities take hold. Besides, even small-size business firms, which normally end up using the simpler cybersecurity structure, are also not wired with the technical expertise to effectively implement robust security measures (Jibril et al., 2020). Mutational entropy is a natural force that always brings new challenges, and prevention efforts can never keep up. Not only are identity compromises quite a painful process involving a web of technical, legal, and bureaucratic proceedings, but they also usually end up with no one being punished or held responsible. The societal fragmentation resulting from elaborate credit restoration protocols that aggravate both the psychological and financial strain of troubled people is unacceptable. With their foundations in the byzantine and error-prone compliance and incident reporting standards, transparency is increased through obfuscation (Jibril et al., 2020), whereas regulatory fragmentation hamstrings the ability to respond in a unified manner. All these intensive challenges collectively bring a clear picture of why, in 2021, 5 million identity theft reports have been filed. However, we witness this number as the insatiable appetite of the rise.

Evidence-Based Analysis 

The epidemic of identity theft cases worldwide is the allure for the compulsory urgent protective measures to contain this overriding peril. According to the research by Brooks (2022), we have seen over 65% annual increase in consistent public and private sector identity exposures and data breaches that constantly erode trust but soar up their response costs. In short, mosaic containment methods regarding these crafty antagonists have been shown to fail despite their highly reinforced pack. An adequate structuring in place of healthy systems that focus on digital security and integrity requires abolishing outdated policies and establishing unique ideas and ideologies. An integrated approach covering the design of advanced security tools with strict legal constraints, continuous awareness exhibition, and upgrading of the joint cybersecurity cooperation architecture are musts that will support global cybersecurity capabilities. With this integrated strategy, we would have innovatively skewered the lord of identity theft.

Solutions to Overcome the Challenge

Enhanced Security Measures 

Deploying strong, multi-stage deterrents constituting major impediments to cyberattacks provides a superior first barrier for intruders. Using the latest encryption protocols, implementing multi-factor authentication requirements, and constant monitoring controls can easily be regulated as a deterrent to unwarranted data access and as preventing successful intrusion attempts (Chawki & Abdel-Wahab, n.d.). Technologies such as full encryption of communications, biometric logins, or SIEM systems are robust security treatments.

Nevertheless, to a certain extent, the degree of safeguard involves considerable operational cost and complexity, which a single person or smaller organizations that don’t have ample capacity may be unable to bear. The replacement of systems, staff upskilling, and integration of security frameworks already in use, at the same time, drain the budget and cause a setback in human resources. Low user friendliness and latency generated by heavy encryption impart significant performance bans to the workforce’s productivity.

Public Reform and Education Programmes

Although it will be the case that deep-rooted technical westerns will be adopted as measures of defense, it is vital to realize that fundamental cybersecurity education for the public is an equivalent preventative strategy for reducing the battlefield. Among the effective methods for citizens to arrive at the habit of security awareness is the sustained campaign on public awareness that highlights the international best practices, including safe browsing and password habits and highly preventive phishing practices (Chawki & Abdel-Wahab n.d). Psychological conditioning of the larger population to stand for security and alertness through these never-ending outreach campaigns drives every one to be a human sensor for picking up suspicious behavior. Citizens with cyber-sensibility help to build vigilance and impose cultural barricades so that exploitation techniques like phishing become most known and get blocked by people every time.

Stringent Regulatory Frameworks

Securing a progressive legislative framework that strengthens the obligation of data custodians to take preventive measures to maintain the integrity of confidential information leads to structural incentives, punishments for carelessness, and universal responsibility principles. GDPR brought such global benchmarks, as it laid down a strong framework for data management, with severe penalties against violation of the law at stake (GDPR, 2022). Legal sanctions ensure that cybersecurity obligations are enforced through legislation with penal clauses; they mandate organizations to view data protection not only as a business need but as one that deserves to be the priority of the executive committees. Therefore, they not only operate as tactical tools for disruption but also set up substantial deterrents that hike cyber-criminals’ liability by either becoming prosecuted or fining some meaningful amounts of money.

Collaborative International Efforts 

Cybercrime is global and facilitated by diverse cross-border criminal organizations, and partners through various borderless communities are essential in the struggle against surgical attacks that transcend jurisdictions. When countries can tear down barriers by having multilateral intelligence exchanges and joint operations, binding on digital norms protocols, and making them legal to prosecute cybercriminals on international waters, they will be strong and resilient enough to defend themselves (Nadeem et al., 2023). To enhance the cyber forces activities, it captures the tactical success of such disruption and its operations’ success across the country’s borders. Likewise, global partnerships also provide rapid response mechanisms for incidents that work towards swiftness in containing data attacks and creating resilient immunization systems against the second wave.

Integrated Holistic Approach 

Taken all together, an integrated, holistic approach that leverages high-level technical safeguards and maintains an informed, sustained public education campaign, alongside robust regulation and international cooperation, has the best prospects of providing the digital protection communities need in the face of the growing cyber identity theft threat. A coordinated agency culture emphasizing the security stance utilizing a wide-ranging array of deterrents and a tight legal control network would progressively diminish the operational capabilities and commercial profits behind those illegal concerns (Nadeem et al., 2023). Some regulations and technological progress allow time, while others are the only way of movement. By contrast, others are the only barrier to the further development of world processes, and global partnerships block all safe havens. Continuous improvement, an increased pool of available best practices, and public-private partnerships are essential driving forces to enhance company resilience against identity theft (Nadeem et al., 2023). Although this is an ambitious endeavor that draws in society at large, fighting cyber theft necessitates a joint effort of various social groups, states, and private-sector companies to manage the issue of trust and stability in our increasingly digital economy.

Assessing National Cyber Conflict Escalation Risks

The risks of cyber intrusions sponsored by state actors against vital infrastructures remain at the peak of national security priorities. Apart from intelligence gathering, these operations can result in attacks that cripple essential services. Increasing our predictive preparedness level to grasp that emerging crisis is an undoubtable policy goal in the post-COVID-19 era. It presents the research proposal to develop an evidence-based risk factor model assessing structural elements that lead to deploying infrastructure cyberwars. It will employ the method of prospect theory to define the agents influencing people in terms of their loss perception and probability compression bias. Such a psychological economics framework will guide the hypotheses about different contexts that enhance digital aggressions, and the structured case analysis will be used as the basis for correlational relationships between decision context and digital aggression.

The central research questions are:

RQ1: What political, economic, and military factors are most predictive of a state conducting infrastructure cyber operations against global rivals?

RQ2: How can policymakers operationalize knowledge of risk factors to predict the likelihood of attacks against their critical systems?

Theoretical Framework

That the existing scholarship does not have a model that can systematically look at the motivations that might drive the adversaries to damage infrastructure networks is noted. Smeets and Lin (2018) nowhere agree with this statement, pointing out that generally, at the time, literature had a habit-reactive nature to cyber operations, responding with post facto findings and leaving out precipitating causes. This research venture to render evidence-based intervention focusing on predictive risk assessments is thus built on the perspectives of prospect theory. The prospect theory, first developed by Kahneman and Tversky (1979), examines how rational behavior is shown when people select extreme risks versus minor rewards in decision-making under uncertainty – processes typically associated with cyber warfare. It’s a framework that accounts for risk-averse decision-making that may be distorted by loss avoidance in traditional expected utility models. As Goodall et al. (2006) underline, prospect theory is a more credible explanation for attempts by weaker states to shift the brinkmanship balance by being more aggressive in the dire confrontation with more powerful competitors due to improbability estimates distortions.

Based on the prospect theory notion, considering the loss framing availability heuristics, we arrive at a conceptual framework to explain the risks of cyber escalations. The loss aversion biases might drive states to launch intrusions as produced as a means of apprehensions against political or economic hazards and subjective distortions of probabilities to allow attack players to rationalize high-risk attacks by minimizing the threats of retaliation. Instances of social media influence that lead to cyber abuse success can make soldiers overconfident, which creates a narrowing of the subjective probabilities of war prevention costs assigned (Kahneman & Tversky, 2013). Factors such as the volatility and shrinkage of the economy coupled with the succession of leadership can also enable the loss framing effect, which increases the chances of high-risk cyber operations, which seem to be more acceptable responses to the decline of strategic position.

Prospect theory provides sound reasons why standard rational choice models under UMU (traditional model) cannot predict people’s choices; in these models, people are assumed to always make optimal decisions based on subjectively calculated costs and benefits (Kahneman & Tversky, 2013). In aggressive cyber conflict scenarios that are deprived of crucial information, expected second/third effects of threats made, and against the backdrop of a deceptionist opponent, the probability theory barely makes any sense, for it cannot psychologically model the fear and threat perceptions which can lead to dangerous digital actions of high risk.

By considering individual biases and gaining weight, the prospect theory gives a more situational perspective, providing a holistic standpoint for explaining the goals and security of cyber operations. It is one of the most useful features because it allows us to subscribe to the availability heuristics, i.e., the phenomena in which the events that are very vivid or the most recent ones get more distorted than their future likelihoods. To exemplify, an impact of success in much-visual cyber attacks by one nation is that perceptions of the probability of being caught may decrease among competitors even if being picked for the same kind of act due to media salience and availability of the prior outcome. The logic of loss aversion can lead to considering possible activities such as infrastructure hacking risky if the leaders display that restoring the status quo ante of the contested domain is a ‘waste of resources’.

The prospect theory aligns with the post-rupture intelligence theory, which strongly emphasizes the blurred reason instead of the mathematical optimum among the expected utilities. While Van (2007) suggests that people seldom apply a formal utility calculus, this can also be seen in daily living practices. In essence, assessments, in this case, closely resemble the subjective judgments accounted for in prospect theory – loans, for example, are rough estimations susceptible to framing effects and psychological biases, like overconfidence and anchoring (Kahneman & Tversky, 2013). On some of the highest intensity cyber conflict grounds where information ambiguity creates a huge problem and incomplete data may pose a threat, these types of heuristic approximations become the tuning forks of real-world deterrence perceptions.

Adding the probabilistic risk assessment curve draws pictures from real-life scenarios and offers another aspect for modeling escalation dynamics. Based on flawed mental accounts, the systematic anchoring or inflation of likelihood estimates on being caught, failed, or successful is consistent across all actors. Ultimately, such deformed threat perceptions lead to this aggression only when counter-preventive actions like sanctions are less important given the anticipated outcome (Kahneman & Tversky, 1979). As the reporter points out, inadequate air defense systems present the inverse side of a coin to the Iraqis’ bold attitude. They wrongly perceived these systems as infallible and took excess risks. Similarly, there are motives as cyber actors misjudge exploit risks and deterrent mechanisms.

The study’s apprehension of the prospect theory as the principal tenet yields behavioral lessons absent from a more formal perspective. Its framework carries existing biases and patterns that guide cyber conflict decisions, enhancing the accuracy of analytics and suggesting the most effective countermeasures based on observed norms. In the end, as there is a necessity to get into deeper details of psychological factors that motivate people to escalate critical situations and make them even more disastrous, it will give our society a robust academic foundation and policy base that will enable us to keep these incidents under a timely control.

Research Design

Hypothesis

The core hypotheses to be tested:

H1: States that have recently suffered significant economic losses or political destabilization due to a rival power are likelier to conduct infrastructure cyber operations, even when facing high risks. Loss aversion leads to asymmetrical responses.

H2: States are more likely to sponsor cyber intrusions when optimistic probability distortions falsely downplay risks of detection and retaliation. Attackers exploit uncertainty for perceived low-cost gains.

Research Design

The research procedure uses mixed methods and implements qualitative case studies. At the same time, it includes a numerical system to verify the hypotheses. According to George and Bennett (2005), such methodologies can discern valid interrelations by enhancing correlations tested in a wider research framework by providing a manifestation context. Such a robust approach increases the validity through the multiplicative merit of finding cross-verification from the various streams of evidence.

Qualitative Case Study Analysis 

The methodology incorporates sub-structured, focused case comparison as its core technique in a mixed method. There is a need to conduct an extensive examination of the key state-sponsored cyber operations led against the infrastructure systems in the rivalry over the last decade to get hold of the patterns associated with prospect theory’s explanatory variables. Three main cases will be discussed:

• Stuxnet Malware: A Cyber-Espionage Tool that Targets Iranian Nuclear Facilities.
• Novochernetsvo Black Energy Malware against Ukrayinska Power Grid.
• “Cozy Bear” E-intrusions of U.S. Governmental Networks

In these cases, diversity is manifested in the types of actors or players, their inspirations, their capabilities, and the strategic framework in which the cyber escalations occur. With this, the research focuses on the instances in which process tracing methods will be used to grid the timelines and the observable indicators of the prospect theory’s core mechanisms (George & Bennett, 2005). Principal documentary sources encompass government reports, private industry analysis, leadership communication, and paleo-websites showing methods and tools used. Qualitative coding will be employed for mapping the spewing of cognitive biases like loss framing, distorted assessments of likelihood, and any other biases linked to prospect theory that help initiate more aggressive escalation. The vital correlational directions can be determined by running cross-case analyses on the findings of various studies based on the prospect theory.

Quantitative Data Analysis 

The second part, the quantitative one, will complete the picture by building a cross-national database to track the 10-year medium-term evolution of the factors from political, economic, military, and cyber dimensions. Utilizing indicators such as the ones developed by the World Bank on development parameters, Correlates of War data, and freely available cybersecurity data will enable capturing objective measures that correspond to variables in the research domain, which are components of the theory of prospect theory that propose asymmetric escalation propensities (George & Bennett, 2005). Examples include metrics of:

• Economic Decline
• Domestic Unrest
• Leadership Changes
• Offensive Cyber Operations
• Provocations by Rivals

The regression logistic models relying on that detailed dataset will represent statistically significant support to the assumed relationship between observed patterns and selected infrastructure targets. For example, studies may ascertain whether moments of economic contraction or regime instability in Country X increased the prospects of it conducting acute cyber-attacks against the networks in the same Country Y at times to come. Such quantitative correlations are an augmentation that qualitative findings receive as they qualify distant effects by observing specific cases.

Pros of Mixed-Methods Design Approach 

In terms of methodological design, this approach, which uses a mix of different methods (i.e., quantitative and qualitative), holds several major advantages. The qualitative process tracing reveals each escalator scenario causal mechanism in depth, with evidence that response to negative frames, distorted probability, and other biases are the problem. These qualitative discoveries are then tested to determine if they are qualitative or statistical; in other words, their credits pay in a sample study (George & Bennett, 2005). Margining ideas provides a denser base for the conclusion as the results formed from the separate sources of evidence are interconnected and, therefore, valid and generalized.

Moreover, combining strategies adds the richness of the policy applications of the insights derived. Use our interactive grammar and sentence structure exercises below to strengthen your English grammar skills. Our fun and engaging sentences will help you identify common mistakes, understand grammar concepts, and improve your writing skills. The opportunity to economize concrete and abstract tenets of prospect theory with the imagination of real-world case trajectories and empirical data patterns finally gives actionable intelligence (George & Bennett, 2005). Direct experiences endow historical examples with more specificity, leading to easier articulation when dealing with policymakers. Along with this, automated data patterns help monitor the factors indicating the emergence of dangers rather than doing manual investigations periodically by relying only on them.

Limitations 

However, the designed system could be biased if its occupant only considers the main cyber operation cases. Consequently, focusing only on events of great magnitude extending far beyond the national territories leaves space for more covert undertakings, the quantitative assessments of which might not be completed successfully. Independent difficulties with objectively assessing subjective psychological phenomena, such as probability assessment, also keep the researcher from developing the most robust process tracing procedures. Data limitations will also limit other study aspects and the number of observations (George & Bennett, 2005). Due to the nature of cyber-capability disclosures being largely classified information, the foundation of evidence that underpins escalators’ motivations and deterrence theorizing may remain unseen by many. Private sector reports tend to misreport the specific attack vector that they were the ones who studied. They make sure they do it for the sake of investigative integrity.

Nonetheless, the news for reconstructing the strategic contours and operational chronologies remains largely open. Eventually, empiric and theoretical analysis are strongly required to obtain a satisfactory mixed-method system for testing prospect theory’s applicability, and policy recommendations associated with it will also be produced. The qualitative assessment upgrades and supports the quantitative assessment, which, in particular, proves the qualitative inference (George & Bennett, 2005). By combining theoretical components and historical data patterns, the traditional budgetary method is elevated, simultaneously offering a solid foresight basis for proactive actions that can thwart possibly catastrophic cyber escalations before they engulf the world.

Implications 

This study will be of utmost importance in multiple fields, uncovering behavioral economic principles and providing cybersecurity authorities and intelligence officials with practical guidelines on preventing possible cyber threats.

Academic Implications 

From the empirical standpoint, the postulation of decision-making from a perspective of threat assessment biases in computer conflict scenarios contributes to the theory of describing the underlying mechanisms for human behavior under uncertainty. Through the systematic assessment of how loss aversion, distortions in probability, and psychological heuristics are related to the indicators visible before the digital provocations, the study, therefore, gives additional evidence for existing calculations of the validity of the aggression escalation framework. The transfer of prospect theory to cyber counterintelligence involves an ever-growing component that expands the realm of the theoretical contribution. Analyzing whether non-descriptive facts like attitudes towards risk and framing biases determine nation-states’ behavior in this area brings even more to the current line of thought. The paper describes empirical findings used to pinpoint and operationalize those biases’ characteristics while supplying contextual factors that update decision calculus.

Policy and Practice Implications 

Risky conditions, namely systemic factors, can be recognized early based on historical data and precedences. Hence, these determinants will predict cyber aggression since such antecedents empower security leaders to develop proactive defensive and deterrent mechanisms rather than the indisputable knee-enacting cyber response after the fact. Suppose the hypothesized relationships between economic shocks, leadership volatility, and digital reprisals are validated. In that case, policymakers can prioritize: If the hypothesized relationships between factors like economic shocks, leadership volatility, and digital reprisals are validated, policymakers can prioritize:

• Monitoring and Protection Measures
• Compared to traditional non-iterative warfare tactics, the relatively new cyber domain requires forethought to understand adversary mindsets and mitigate attacks where opponents see contextual opportunities.
• Deterrence Signaling
• A show of force or counter-offensive measure may be spread out evenly during escalatory risk periods since it usually carries communication with higher efficacy.
•  Infrastructure Resilience
• Instead of reinforcing weak virtual architecture, a responsive model of digital vulnerability will be replaced by an evolving target system that will create new opportunities for operations.
• Collective Intelligence
• Cyber commands, intelligence agencies, technology enterprises, and cybersecurity companies gain from these research applications. An effective strategy that creates a well-structured mechanism for timely and event-based cyber threat prediction, which simultaneously facilitates coordination between public/private actors, would mitigate the effects of emerging threats.
• Bolstering Economic Stability
• Integrating the preventive actions that do away with the risk of cyber incidents that weaken existing network security mechanisms lays the foundation for a highly stable and resilient digital asset that propels economic prosperity.

Conclusion 

The phenomenon of sophisticated cyber identity theft and espionage on critical infrastructure remains great, closely associated threats that pose risks to cyber security and a nation. Systems can stand a chance to overcome defilements as forged identity by incorporating a multi-pronged approach that includes digital armoring, people engagement, enactment of tough regulations, and the use of global networks. The specific government provides space for personnel responsible for proactive cyber intelligence acts just in time for the emergence of attempts to damage the infrastructure. Using the information from prospect theory within the constructed risk assessment model will allow the user to get the necessary guidance on how different circumstances may predispose states to use aggressive tactics in cyberspace domaine. Loss-framing effects, distorted probability pipelines, and mental shortcuts molding aggressive digital methods are applied between geopolitical enemies. Such factors on a macro level are defined by behavioral economics and, therefore, derived still gives a predecessor perspective on where resources could be reallocated preventively and what measures to be taken by an adversary could be deterred by taking into account different decisional scenarios. The implication is enhanced by a mixed-methods research design involving quantitative and qualitative indicator streams that strengthen the practical relevance to policymakers at all stages of the counter-cyber threats procedures. Creating a coalition that will include governments, organizations, and individuals with common goals and an understanding of security ensures that everything will be covered and no single business or system will be vulnerable to attack. Finally, this confirms that this act of talent is only a strong task for maintaining economic values and confidence in society while increasing cyber wars.

References 

Brooks, C. (2022, June 3). Alarming cyber statistics for mid-year 2022 that you need to know. Forbes. https://www.forbes.com/sites/chuckbrooks/2022/06/03/alarming-cyber-statistics-for-mid-year-2022-that-you-need-to-know/

Chawki, M., & Abdel-Wahab, M. (n.d.). Identity theft in cyberspace: Issues and solutions. Lex Electronica. https://www.lex-electronica.org/files/sites/103/11-1_chawki-abdel-wahab.pdf

Conduit, D., & Akbarzadeh, S. (2019). Great power-middle power dynamics: The case of China and Iran. Journal of Contemporary China, 28(117), 468-481.

General Data Protection Regulation (GDPR). (2022, January 7). EUR-Lexhttps://eur-lex.europa.eu/EN/legal-content/summary/general-data-protection-regulation-gdpr.html

George, A. L., & Bennett, A. (2005). Case studies and theory development in the social sciences. mit Press.

Goodall, B., Trethewey, A., & McDonald, K. (2006). Strategic ambiguity, communication, and public diplomacy in an uncertain world: Principles and practices. Consortium for Strategic Communication, Arizona State University, 1-14.

Jibril, A. B., Kwarteng, M. A., Botchway, R. K., Bode, J., & Chovancova, M. (2020). The impact of online identity theft on customers’ willingness to engage in e-banking transaction in Ghana: A technology threat avoidance theory. Cogent Business & Management, 7(1), 1832825.

Kahneman, D. (1979). Prospect theory: An analysis of decisions under risk. Econometrica, 47, 278.

Kahneman, D., & Tversky, A. (2013). Prospect theory: An analysis of decision under risk. In Handbook of the fundamentals of financial decision making: Part I (pp. 99-127).

Nadeem, M., Zahra, S. W., Abbasi, M. N., Arshad, A., Riaz, S., & Ahmed, W. (2023). Phishing Attack, Its Detections and Prevention Techniques. International Journal of Wireless Security and Networks, 1(2), 13-25p.

Nadeem, M., Zahra, S. W., Abbasi, M. N., Arshad, A., Riaz, S., & Ahmed, W. (2023). A Security Investigation Survey of Ransomware Detection and Avoidance Strategies for IoT Networks. International Journal of Information Security Engineering, 1(2), 15-25p.

Nakashima, E., & Timberg, C. (2020, December 13). Russian government hackers are behind a broad espionage campaign that has compromised U.S. agencies, including Treasury and Commerce. The Washington Post. https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html

Saxby, G. (2020). Cybercrime – Identity theft [PDF]. ResearchGate. https://www.researchgate.net/publication/347443543_Cybercrime_-Identity_Theft

Smeets, M., & Lin, H. S. (2018, May). Offensive cyber capabilities: To what ends?. In 2018 10th International Conference on Cyber Conflict (CyCon) (pp. 55-72). IEEE.

van Rijnsoever, F. J. (2017). (I Can’t Get No) Saturation: A simulation and guidelines for sample sizes in qualitative research. PloS one, 12(7), e0181689.