Browsing by Author "Gainey, Randy"

Now showing 1 - 4 of 4
  • Thumbnail Image
    CIVIIC: Cybercrime in Virginia: Impacts on Industry and Citizens Final Report
    Gainey, Randy; Vandecar-Burdin, Tancy; Albanese, Jay; Dearden, Thomas E.; Hawdon, James E.; Parti, Katalin (CoVA CCI, 2023-01-01)
  • Thumbnail Image
    Cybercrime victimization among Virginia businesses: frequency, vulnerabilities, and consequences of cybervictimization
    Hawdon, James E.; Parti, Katalin; Dearden, Thomas E.; Vandecar-Burdin, Tancy; Albanese, Jay; Gainey, Randy (Taylor & Francis, 2023-09-04)
    The Commonwealth of Virginia, USA, is one of the most vulnerable states to cyberattacks and breaches. Analyzing data from 428 online surveys collected from Virginia businesses from multiple vendors and several unique resources, this study provides an in-depth view of the nature and extent of cybercrime victimization in Virginia, highlighting specific vulnerabilities, how the victimization occurred, the consequences of victimization, and if and to whom these breaches were reported. In addition, we describe the extent to which businesses perceive their vulnerabilities, the extent in which companies engage in behaviors that can potentially make them vulnerable, the policies and practices they have in place to reduce vulnerability, and their experiences with victimization. The results provide a quality baseline for understanding cybercrimes against businesses in Virginia.
  • Thumbnail Image
    Differentiating Insider and Outsider Cyberattacks on Businesses
    Dearden, Thomas E.; Parti, Katalin; Hawdon, James E.; Gainey, Randy; Vandecar-Burdin, Tancy; Albanese, Jay (Springer Nature, 2023-08-01)
    The use of information and communication technologies in business has opened several new ways for employees to commit cybercrimes against their employers. Utilizing opportunity theory, the current paper investigates the characteristics of businesses victimized by employee-committed cyberattacks and compares insider- and outsider-committed cybercrime in terms of the damage they cause to the business. We used online sampling to obtain information on 350 businesses in the Commonwealth of Virginia, revealing 29 outsider cases and 17 insider attacks that were clearly identified. We found that insider attacks were more costly, resulting in more damage than external attacks; the most frequent attack type was impersonating the organization online for insiders, and viruses, spyware, and malware for outsiders. Our data suggested restricting personal devices, making cybersecurity a priority, cybersecurity updates among management, and employee training do not significantly lessen the risk or mitigate the effects of insider attacks. We suggest that organizational security culture must be refined and strengthened to identify and prevent insider attacks successfully.
  • Thumbnail Image
    Routine citizen Internet practices and cyber victimization: a state-wide study in Virginia
    Gainey, Randy; Albanese, Jay; Vandecar-Burdin, Tancy; Hawdon, James E.; Dearden, Thomas E.; Parti, Katalin (Taylor & Francis, 2023-10-22)
    Cybercrime has become a major societal concern, and a better understanding OF cybercrime is needed to target and prevent it more effectively, minimize its consequences, and provide support for victims. Research on cybercrime victimization has exploded in the past few years, but much of it relies on convenience samples and is largely descriptive in nature. The research presented here involves the collection of data from a large sample of Virginia households in 2022 (n = 1,206). The data are analyzed to provide a partial test of routine activity theory to better understand fraud and theft via the Internet. The data provide a solid baseline for describing the extent of cyber victimization across the state. Bivariate and multivariate analyses (logistic regressions) show support for routine activity theory and provide important insights for future research. In particular, we find that certain routine Internet activities may better predict unique forms of cybervictimization than others and that length of time on the Internet is not a good indicator of exposure to motivated offenders. Further, protective guardianship mediates the effects of exposure to motivated offenders; thus, efforts to educate the public on best practices are needed. We conclude that to better assess cybercrime, victimization and engagement, better measurement and longitudinal panel data will be needed.