Faculty of Commerce, Law and Management (ETDs)
Permanent URI for this communityhttps://hdl.handle.net/10539/37778
Browse
11 results
Search Results
Item The Impact of Demographic Indicators on Cybersecurity Behaviour of E-Commerce Users in South Africa(University of the Witwatersrand, Johannesburg, 2024) Mberikwazvo, Weston ZorodzaiThis study aims to explore the cybersecurity behaviour of e-commerce users in South Africa, utilising a conceptual framework derived from some elements of both the Health Belief Model (HBM) and the Protection Motivation Theory (PMT). The study investigates the impact of demographic indicators specifically age, gender, and educational level impact the cybersecurity behaviour seeking to understand and contribute to the understanding of cybersecurity practices in response to perceived cyberthreats. A sample of 316 participants was used for the study which varied across different genders, age groups and educational levels. An online survey making use of a questionnaire was used to gather responses to the different dimensions making up cybersecurity behaviour guided by the established conceptual framework. The responses were statistically analysed to establish any patterns and trends using techniques such as correlation analysis and factor analysis. Analysis of the dataset concluded that there was significant difference to the cybersecurity behaviour of e-commerce users in South Africa for each of the demographic indicators of educational level, gender, and age and thus the null hypothesis was rejected for all three factors. Also, the null hypothesis was rejected for a combination of all three demographic indicators and cybersecurity behaviour indicating that a significant difference exists. The results showed that participants in the 36 to 40 years age group showed the highest cybersecurity behaviour level, with the 18 to 20 years and the over 60 years age group showing the lowest. Females showed a lower cybersecurity level in comparison to males with the non-binary participants scoring the lowest. The cybersecurity level increased in general with the educational level of the participants. In a nutshell, the results show that in the context of South African e-commerce users customised interventions based on the educational level, gender, and age need to be consideredItem Investigating cyber resilience in Small, Medium, and Micro Enterprises (SMME’s) in Gauteng(University of the Witwatersrand, Johannesburg, 2022) Kamanga, Edna Clara; Pillay, KiruCyber resilience is becoming increasingly vital for Small, Medium, and Micro Enterprises (SMMEs) to withstand and quickly recover from cyber threats. This qualitative study investigates the cyber resilience strategies, critical success factors, and best practices within SMMEs in Gauteng, South Africa. The research aims to understand SMMEs approach to cyber resilience and whether they incorporate all dimensions of the Cyber Resilience-Self Assessment Tool (CR- SAT), a framework specifically recommended for enhancing the cyber resilience of SMMEs. The study identifies key critical success factors that are prevalent among Gauteng’s SMMEs. The methodology involves semi-structured interviews with business owners, IT Managers, and cybersecurity experts within a variety of SMMEs in Gauteng. The selection of participants ensures representation across different industries to allow for comprehensive insights into the cyber resilience landscape within this economic sector. Thematic analysis of the interview data provides an in-depth understanding of the experiences, practices, and perceptions of cyber resilience among participants. Preliminary findings reveal that while some SMMEs demonstrate awareness and implementation of cyber resilience best practices, there is a varied degree of adoption concerning the CR-SAT framework. Several critical success factors emerge, these include adoption of best practices in implementation of training and awareness, risk management, business continuity, the implementation of incident response plans, outsourcing, dealing with credible vendors. However, the research also identifies significant gaps in knowledge and resource constraints, which impede full-scale implementation of recommended cyber resilience measuresItem Cybersecurity Perspectives on Protecting Intangible Commodities in the South African Financial Sector(University of the Witwatersrand, Johannesburg, 2024) Naidoo, Trevor; Ochara, NixonThe reliance on digital technologies in the financial industry has surged, elevating the value of intangible commodities like data and intellectual property. South Africa's financial sector faces escalating cyber threats, necessitating robust cybersecurity measures. This quantitative research aims to explore cybersecurity perspectives in safeguarding intangible assets within South African financial institutions. The importance of cybersecurity in safeguarding individuals and organisations from cyber threats is underscored, considering the significant financial losses and reputational damage that can result from breaches. However, challenges such as workforce shortages, skills gaps, and a lack of cybersecurity awareness persist, particularly among SMEs. The theoretical framework provides insights into individual and organisational behaviour regarding cybersecurity practices. The dissertation aimed to gather insights from technology professionals and influential leaders in cybersecurity within the financial sector of South Africa. Valuable insights into the factors influencing cybersecurity attitudes and behaviours in the South African financial sector, emphasising the importance of enforceability, subjective norms, and violation coupling in shaping attitudes towards behaviour. The study delves into key controls, monitoring effectiveness, and the feasibility of adopting global standards. By providing insights and recommendations, this research contributes to enhancing cybersecurity in South Africa's financial sector, crucial for maintaining trust, compliance, and stability in an increasingly digital worldItem Trust in E-commerce and its impact on the purchase intention of consumers in south africa(University of the Witwatersrand, Johannesburg, 2024) Esther, Mufhadi Thilimbilu; Pillay, KiruThe COVID-19 pandemic brought many challenges to companies. With the restrictions that were imposed, companies were forced to look at their digital transformation strategy to first overcome the challenges they were facing and second to determine what digital technologies could be leveraged to fast-track services and service delivery to their consumers. This research study seeks to understand the role of online trust in stimulating the purchase intention of e-commerce consumers in the South African market. The study applied an experimental research design to address the research questions. Data was collected using a structured questionnaire collected through an online survey. Data was analysed using descriptive statistics and inferential statistics (chi- squared test). Furthermore, to investigate the relationship between privacy concerns and online trust in e-commerce consumers in South Africa, regression analysis was applied, and a p-value of 0.05 was used. The SPSS Version 28 was used to analyse the data. Results show that online shopping occurs predominantly amongst youth between 18 and 39 years old with an honours degree education. Most of the participants purchase online for convenience (27.9%), and 2.6% of participants mentioned fear of cybercrime as the reason for not using online shopping. Perceived risk influences consumers’ decision-making processes for buying products on e-commerce platforms. Most of the participants learned about online shopping from social media platforms (32.5%) and 11.3% from word of mouth. Most of the participants trust the e-commerce (75%). The majority of participants mentioned that website safety and ease of navigation (95%) encourage them to purchase online. Also, 90% of participants believe that familiarity with the website before making an actual purchase reduces the risk of shopping online. This study recommended providing more online shopping platforms to youth and educated consumers since this group is more aware of the risk factors associated with online shopping.Item Angler phishing attacks on social media users in South Africa(University of the Witwatersrand, Johannesburg, 2024) Mogashoa, Kemisetso; Ochara,NixonSince its founding, the term ‘phishing’ has expanded significantly as new dynamics and paradigms keep shifting the technology space. New technology platforms have increased individuals’ use of the internet and changed the way in which we communicate forever. Social media has steadily taken over traditional communication mediums, and the adoption is not slowing down anytime soon. What would have previously been sent as an email has now become a five-second WhatsApp message or Facebook post, and businesses are not lagging in this trend. Unfortunately, this has also led to a plethora of increased cybercrimes and has left the ecosphere of cybersecurity perturbed, as organisations scramble to find suitable solutions to combat phishing attacks internally and externally. Seminal works have covered the impact of phishing attacks on organisations and have provided practical solutions as intervention strategies. However, the same cannot be said about individuals and consumers. As businesses start to transform digitally, social media has become an imperative mediator between businesses and consumers, and phishers have taken notice. This has birthed a new form of phishing called angler phishing. This research focused predominately on the experiences of social media users who have been victims of this type of phishing. The study followed an interpretivist paradigm to understand victims’ realities and lived individual experiences. The snowball sampling method was executed to acquire participants, and social media was used to recruit 11 participants. Furthermore, an additional 7 participants consisting of a team of technical experts were interviewed in a focus group to evaluate the conceptual framework. The study incorporated theoretical frameworks such as the Big Five Personality Traits model and the Heuristic-systematic model (HSM) to understand personality types’ role in user behaviour and how users process information can lead to phishing susceptibility. Key findings revealed that whilst angler phishing is a growing trend, South Africa and organisations continue to neglect documenting the severity of these crimes which subsequently contributes to increased cybercriminal attacks. Additionally, the findings revealed cybercriminals continue to evolve and adapt their strategies and techniques alongside the evolution of new technologies. As a result, findings revealed a gap in digital literacy and other factors, such as the environment and cybersecurity training, play a pivotal role in a phishing lifecycle. Furthermore, having reviewed the key theoretical frameworks and the findings from the study, an adapted conceptual framework was presented to include these additional constructs such as the environment and training. v Moreover, recommendations have been presented for both social media users and organisations on what effective interventions can be followed to prevent future attacks. Lastly, the study concludes by providing an all-encompassing view of the background of angler phishing, seminal works from the literature, a research methodology, presentation of key findings and recommendations. Ultimately, organisations and other institutions have a responsibility to ensure consumers are cyber-educated and protected. Noting the limitations of the study, suggestions for future research were providedItem The perceived impact of Emerging Technologies on Cybersecurity in the South African financial sector(University of the Witwatersrand, Johannesburg, 2022) Philips, Denzil; Pillay, KiluThis study is based on the investigation of what is the perceived impact of emerging technologies on cybersecurity in South African financial institutions. New and emerging technologies have made significant advancements in many industries that can be very disruptive in nature, and the majority of these technologies have changed the cyber threat landscape as well. These include, among other things, cloud computing, artificial intelligence, and machine learning. The study offers insight into how these emerging technologies affect the cybersecurity of financial institutions in South Africa. The study consisted of Information technology risk and cybersecurity individuals. The sample size of 11 individuals was seen as sufficient based on the spread across the financial sector and the experience within the various industries. The individuals were from banks, insurers and market infrastructures within the South African financial sector. The sample focused on key financial institutions specifically banks, insurers, and market infrastructures, based in different provinces in South Africa such as Johannesburg and Cape Town where the impact could be systemic in the country. A qualitative study was adopted by the researcher based on systems theory to determine the relationship between the adoption of emerging or new technologies and the impact it has on cybersecurity. There were various responses from the different institutions, focusing on the adoption of emerging technologies, the effects of this adoption on the cybersecurity environment, the risk and vulnerability management processes, and the ability to adapt and respond to new cybersecurity risks introduced by emerging technologies. The results of the study found that there is a clear link between the adoption of emerging technologies and the increase in cybersecurity requirements with emerging technologies significantly impacting the cybersecurity domain/functioItem The effectiveness of detection and prosecution of cybercrime threats against companies in South Africa(niversity of the Witwatersrand, Johannesburg, 2023) Naidoo, Shanine; Starosta, AlinaThe rise of digital technology has brought about many benefits to modern society. However, this advancement has also led to an increase in cybercrime activities, which has become a significant threat to individuals and organizations worldwide. In South Africa, cybercrime attacks against companies have become increasingly rampant, posing significant risks to their operations and even their existence. As a result, there is a growing concern about the effectiveness of the measures put in place to detect and prosecute cybercrime threats against companies. The purpose of this report is to investigate the efficiency of detecting and prosecuting cybercrime attacks against South African companies. While the term "cybercrime" encompasses a broad range of activities, this research will focus primarily on evaluating cybercrime threats that specifically target companies and their cybersecurity. The reason for this is that such attacks can have dire consequences on companies' operations and existence, ranging from financial losses to reputational damage. To achieve this objective, the study will pursue a twofold approach. Firstly, it will evaluate the effectiveness of South Africa's legislation in detecting and prosecuting cybercrime threats against companies. This includes a comprehensive examination of the legal frameworks and policies currently in place to combat cybercrime activities in the commercial sphere. Secondly, it will evaluate whether companies can rely on law enforcement agencies in South Africa to provide adequate protection against such threats. This will involve a critical analysis of the capacity and capability of law enforcement agencies to respond to cybercrime attacks against companies. The findings of this report will contribute significantly to the understanding of the effectiveness of detecting and prosecuting cybercrime attacks against South African companies. The recommendations made will provide valuable insights into how to improve the detection and prosecution of cybercrime threats in the commercial sphere. This study will be beneficial to policymakers, law enforcement agencies, and companies operating in South Africa, as it will help to enhance their understanding of the threats posed by cybercrime and the measures needed to mitigate themItem The impact of work from home and hybrid mode on cybersecurity practices in South Africa(University of the Witswatersrand, Johannesburg, 2023) Pather, RavashalinAs the trend of work-from-home and remote work grows in South Africa, adopting adequate cybersecurity measures and evaluating the human aspect of security perceptions is critical in protecting organisational information and maintaining corporate integrity. Over the past two decades, cybersecurity has been viewed from technological perspective of protecting networks and information assets, this study invokes the behavioural and social concerns, and how this affects an organisation’s cybersecurity strategy in South Africa. Covid-19 and the lockdown rules triggered a national emergency, compelling a considerable proportion of South Africa's workforce to embrace a work-from-home culture. While this study began during the lockdown, leaders at large enterprises in South Africa are adopting a more hybrid way of working permanently, due to the subsequent benefits. This study aimed to evaluate employee behaviour when working environments are suddenly affected by work-from-home policies and how an employee’s behaviour transposes to a different location. The overarching question was: How has cybersecurity behaviour in South Africa manifested during work-from-home policies and what are the determinants that force correct cybersecurity compliant behaviour?. Four key factors (“Subjective Norms & Response Efficacy”, “Attitude & Perceived Vulnerability”, “Self- Efficacy” and “Perceived Severity”) were identified and combined into a new framework based of two theoretical frameworks (The Theory of Planned Behaviour and Protection Motivation theory). This study utilised a quantitative cross-sectional design using a structured closed questionnaire that was distributed electronically. The data collected from 186 participants were analysed using Exploratory factor analysis, correlation analysis and multiple regression. Overall, “Subjective Norms & Response Efficacy” emerged as a significant and most influential predicator of “Cybersecurity Compliant behaviour”. “Attitude & Perceived Vulnerability”, “Self-Efficacy” and “Perceived Severity” were insignificant. It is apparent that there is a positive perception of correct Cyber security practices amongst South African organisations however there is a recommendation for future research, due to the diversity of organisational leadership in both the private and state-owned entities, to provide a better understanding of security compliant behaviourItem Investigating online learning and its role in addressing the cybersecurity skills shortage in South Africa(University of the Witswatersrand, Johannesburg, 2023) Kgosiatsela, Lefa; Pillay, KiruThis study explores the pivotal role of online learning in addressing the shortage of cybersecurity skills within the South African financial services sector. The study investigates the preferred learning formats of cybersecurity professionals, scrutinizes the strengths and weaknesses of online learning, and evaluates its efficacy in imparting cybersecurity skills. Emphasis is placed on the principles of attention, retention, and motivation in cybersecurity training, focusing on their implications for different learning formats. The decision to use a qualitative approach was influenced by the research questions, data requirements, and theoretical framework. A cross-sectional research design was chosen for its suitability in answering the research questions efficiently, considering the time constraints and the need for broad coverage in the complex field of cybersecurity. The advantages of this design include speedy data collection, simplicity in analysis, and suitability for exploratory research. Semi-structured interviews, conducted through Microsoft Teams, were employed for data collection from a sample of ten cybersecurity professionals, selected through a combination of purposive and snowball sampling methods. The interviews, comprising 16 open ended questions organised into four sections, aimed to explore participant preferences, critical factors for successful online learning, and the efficacy of online learning in imparting cybersecurity skills. Thematic Content Analysis (TCA) was employed for data analysis, involving the organization of data, identification of common themes, and the interpretation of findings. Online learning emerges as a flexible and accessible avenue for acquiring cybersecurity skills and knowledge. Despite its advantages, careful attention must be given to addressing potential drawbacks stemming from the absence of physical interaction and engagement. Instructors play a pivotal role in mitigating these challenges by incorporating interactive discussions, offering timely feedback, and fostering a sense of community among learners. The evaluation of online learning effectiveness should prioritize factors such as retention and practical skill application. Online platforms can contribute to this by providing diverse resources and tools. Success in online learning hinges on self-regulation iv and time management skills, underscoring the importance of adequate support and tools within the online learning environment. In essence, online learning holds the potential to motivate cybersecurity professionals, fostering not only skill development but also a lasting enthusiasm for lifelong learning. The research revealed distinct impacts of various training formats—physical on- the-job training, physical classroom training, and online training—on attention and engagement levels. Participants exhibited diverse preferences, with the majority favouring online self-paced and physical classroom training. Moreover, the study underscored the critical role of retention in cybersecurity training, emphasising the necessity for professionals to retain and recall knowledge and skills for effective application, necessitating continuous training to match the rapidly evolving nature of the field. Finally, the principle of motivation emerged as a key factor, indicating that participants driven to learn and apply their skills are more likely to excel in the cybersecurity field, as evidenced by their active participation in multiple training programs and specific formItem Assessing cybersecurity vulnerabilities in the disposal of ewaste in South African public & private institutions(University of the Witwatersrand, Johannesburg, 2022) Khumalo, DimitriOver the years there have been numerous studies conducted, focusing on the various facets of waste electronic and electrical equipment, also termed electronic waste or e-waste, and the impact it has on the environment. However, little attention has been placed on the management of personal data during the disposal phases of e-waste and the inherent ramifications it poses if this data were retrieved. This study sought to assess the vulnerabilities to which organisations are exposed, specifically financial and government institutions, by interrogating the management policies, processes, and procedures for stored data when disposing of e-waste at the end of the asset life cycle. A qualitative research method, through semi-structured interviews was conducted. The population selected were very senior individuals, selected based on the specific roles and experiences they fulfilled within the financial services sector, various government institutions, and e-waste recycling companies. From the findings, it emerged that there were growing concerns around the effective policy regulations put in place to manage the disposal practices of ewaste and that of personal identifiable and sensitive data of individuals. This has driven a need for policies and robust mechanisms to be instituted to try and minimise the overall impact these vulnerabilities could pose to the environment and the entire value chain, at that juncture where electronic devices have reached their EOL and are now being disposed of. iii The results demonstrate that more focus has to be placed on the managing of ewaste in industry, providing policy directives in relation to how organisations need to prescribe and conform to effective disposal practices of electronic devices that have reached their EOL. Further to this, government, in consultation with various industry role players, needs to look at ways to formalise and regulate the e-waste sector and institute measures to ensure conformance for every part of the value chain.