Organized cybercrime groups (OCGs) are a significant threat to the security of European critical infrastructure, but little is understood about the impact of conflict on their operations. With the...Show moreOrganized cybercrime groups (OCGs) are a significant threat to the security of European critical infrastructure, but little is understood about the impact of conflict on their operations. With the onset of the Russia-Ukraine war, this can result in unpredictable situations, weakening defensive capabilities. Not much has yet been written on the influence of war on these groups, but the dominant view is that OCGs will invariably act towards monetary gain, coming from studies of ‘traditional’ organized crime. Data is used from cyber threat reports and interviews with industry-leading experts to explore the influence of the war on the operations of OCGs towards critical infrastructure, and to find explanations for a change in behaviour. Using qualitative thematic analysis, configurated using Rational Choice Theory (RCT) by Mandelcorn et al. (2016), the findings are analysed to get an academic and generalizable understanding of the phenomenon. In line what has often been assumed with ‘traditional’ organized crime, OCGs continued acting with financial profit as their goal, which can be explained using Rational Choice Theory. Contrarily, some groups politically aligned themselves with Russia or Ukraine, which is more difficult to justify using RCT. Therefore, this thesis proposes a contribution to the theory by incorporating political ideology specifically.Show less
This thesis examines the cyber security challenges of leveraging third-party ICT in the financial sector (FS). Although new EU regulation such as DORA (2023) has taken steps to mitigate the...Show moreThis thesis examines the cyber security challenges of leveraging third-party ICT in the financial sector (FS). Although new EU regulation such as DORA (2023) has taken steps to mitigate the challenges of adopting third-party providers (TPPs) in the recently securitised financial sector, there remains limited qualitative research on this phenomenon. Academic research is urgently needed to explore the reasons behind the FS’s reliance on TPPs, despite their apparent risks and the organisational challenges they are likely to face whilst outsourcing their critical services. Using a qualitative, deductive approach, the thesis collected its data from interviews with cyber security experts and from secondary literature. Using Atlas.ti, a qualitative analysis software, the thesis conducted a thematic analysis with pre-defined codes using the organisational behaviour model (OBM) from Graham and Zelikow (1999). The thesis found that despite an awareness of its many risks, the FS has made exceptional use of TPPs. This can be explained by its low costs for installation and shifting market demands. Furthermore, the thesis found that despite a willingness to improve their third- party risk management (TPRM), the FS has difficulty to achieve this due to their organisational behaviour. A culture of minimising costs, not wanting to exceed regulatory compliance and an inability to establish standard operating procedures (SOPs) for their TPPs are only a few of the organisational challenges that will prevent the FS to face the cyber security challenges of expanding its supply chain. The findings of this paper have important implications as a successful supply chain attack on the EU financial sector could cause unprecedented disruptions to the global financial system. Furthermore, this research will support policymakers and FS leaders to better understand and mitigate the cyber challenges of TPPs for the financial sector.Show less
