Browsing by Subject "Cybersecurity"

Now showing 1 - 4 of 4
  • No Thumbnail Available
    Item
    Open Access
    Analysis of COVID-19 Effects on Cybersecurity in South African-Based Organizations
    (2025) Daya, Mahima; Kyobe, Michael
    The COVID-19 pandemic has significantly impacted cybersecurity practices in South African organisations across various sectors, including financial services, healthcare, retail, and technology, with vulnerabilities arising from remote work, digital infrastructure, and financial strain. This study applied Engström's Activity Theory Framework to explore the effects of the pandemic on cyber-threats, vulnerabilities, and organisational responses. The findings reveal that remote workers faced significant vulnerabilities during the pandemic, making them susceptible to phishing and social engineering attacks. The study highlights the importance of cybersecurity awareness training and education for employees in South African organisations. The economic instability of South Africa during the pandemic led to an increased appeal of cyber-threats, underscoring the need for enhanced cybersecurity strategies. The study's findings provide practical recommendations for enhancing cybersecurity strategies, including the adoption of secure remote work solutions and the development of incident response plans. The results underscore the importance of cybersecurity awareness training and education for employees. The study's methodology involved conducting 30 semi-structured interviews with South African organisations from the financial, healthcare, retail, and technology sectors, employing thematic analysis to delve into the realm of cybersecurity management practices during the pandemic. Despite its limitations, including a limited data sample and potential lack of generalisability to all South African organisations, this study contributes to the existing literature and provides valuable insights for policymakers, organisations, and cybersecurity professionals. The findings suggest that to mitigate risks, organisations should prioritise cybersecurity and invest in comprehensive cybersecurity solutions. Employee training is essential for enhancing cybersecurity awareness and preventing cyberattacks. Regulatory compliance is crucial for ensuring data privacy and security standards are met. Investments in digital infrastructure and cybersecurity education and training are also recommended to equip future professionals with the necessary skills to address emerging cyber threats. Future research should consider expanding data sources and conducting long-term analyses to gain a more comprehensive understanding of the cybersecurity challenges during and beyond the pandemic.
  • No Thumbnail Available
    Item
    Open Access
    Cybersecurity in the workplace: factors that influence positive cybersecurity behavior against phishing in South African institutions
    (2025) Pilane, Karabo; Ruhwanya, Zainab
    In South Africa one of the top cybersecurity threats is phishing. Furthermore, employees' responses to phishing emails can either bolster or weaken an organisation's cyber security. It is estimated that more than 90% of data breaches are due to successful phishing attacks. They bring the maximum benefits with little to no cost for cyber attackers. Hence, this study aims to explain the factors that influence cybersecurity protective behaviour against phishing in South African organisations. A quantitative method was used, and data were collected online through a questionnaire survey. One hundred and twenty respondents from South African organisations participated. The partial least squares-structural equation modelling platform provided in SmartPLS-4 was used to model the data. SmartPLS was used to calculate and analyse reliability, convergent and discriminant validity, path coefficients, and significance of relationships. Factors that were identified as influencing cybersecurity protective behaviour against phishing were remote working, cybersecurity awareness, perceived user self-efficacy, facilitating conditions, perceived vulnerability, perceived severity, response efficacy, response costs, and government cyber laws enforcement.
  • Thumbnail Image
    Item
    Open Access
    Towards an aligned South African National Cybersecurity Policy Framework
    (2023) Chigada, Joel; Kyobe, Michael
    This thesis measured and aligned factors that contribute to the misalignment of the South African National Cybersecurity Policy Framework (SA-NCPF). The exponential growth rate of cyber-attacks and threats has caused more headaches for cybersecurity experts, law enforcement agents, organisations and the global business economy. The emergence of the global Corona Virus Disease-2019 has also contributed to the growth of cyber-attacks and threats thus, requiring concerted efforts from everyone in society to devise appropriate interventions that mitigate unacceptable user behaviour in the reality of cyberspace. In this study, various theories were identified and pooled together into an integrative theoretical framework to provide a better understanding of various aspects of the law-making process more comprehensively. The study identified nine influencing factors that contributed to misalignment of the South African National Cybersecurity Policy Framework. These influencing factors interact with each other continuously producing complex relationships, therefore, it is difficult to measure the degree of influence of each factor, hence the need to look at and measure the relationships as Gestalts. Gestalts view individual interactions between pairs of constructs only as a part of the overall pattern. Therefore, the integrative theoretical framework and Gestalts approach were used to develop a conceptual framework to measure the degree of alignment of influencing factors. This study proposed that the stronger the coherence among the influencing factors, the more aligned the South African National Security Policy Framework. The more coherent the SA-NCPF is perceived, the greater would be the degree of alignment of the country's cybersecurity framework to national, regional and global cyberlaws. Respondents that perceived a strong coherence among the elements also perceived an effective SA-NCPF. Empirically, this proposition was tested using nine constructs. Quantitative data was gathered from respondents using a survey. A major contribution of this study was that it was the first attempt in South Africa to measure the alignment of the SA-NCPF using the Gestalts approach as an effective approach for measuring complex relationships. The study developed the integrative theoretical framework which integrates various theories that helped to understand and explain the South African law making process. The study also made a significant methodological contribution by adopting the Cluster-based perspective to distinguish, describe and predict the degree of alignment of the SA-NCPF. There is a dearth of information that suggests that past studies have adopted or attempted to address the challenge of alignment of the SA-NCPF using the cluster-based and Gestalts perspectives. Practical implications from the study include a review of the law-making process, skills development strategy, a paradigm shift to address the global Covid-19 pandemic and sophisticated cybercrimes simultaneously. The study asserted the importance of establishing an independent cybersecurity board comprising courts, legal, cybersecurity experts, academics and law-makers to provide cybersecurity expertise and advice. From the research findings, government and practitioners can draw lessons to review the NCPF to ensure the country develops an effective national cybersecurity strategy. Limitations and recommendations for future research conclude the discussions of this study.
  • No Thumbnail Available
    Item
    Open Access
    Understanding the role of cybersecurity culture in the gig economy: the case of platform-based food delivery workers in Gauteng
    (2025) Radebe, Mlungisi; Tsibolane, Pitso
    The growth of gig economy platforms has coincided with increased cybersecurity threats and attacks. As gig platforms have evolved, so too have cybercriminals, with attacks such as malware, phishing, and social engineering becoming increasingly sophisticated and human centric. However, cybersecurity defence mechanisms are still centred around traditional technical controls. In response to this growing threat landscape, researchers argue that organisations should implement other mechanisms to counter the threat. Embedding a cybersecurity culture in organisations has gained prominence in recent studies. However, studies on the cybersecurity culture in the gig economy, focusing on food delivery workers, are needed, as there is currently limited literature on this phenomenon. This research report explored the nature of cybersecurity culture in the context of platform-based food delivery workers in Gauteng, South Africa. The main research question explored the following: How does the cybersecurity culture influence the cybersecurity behaviours of food delivery gig workers? The Cybersecurity Culture Model (CCM) was used as a sensitizing theoretical device to develop the initial interview guides, observation protocols, and the preliminary coding schemes. A qualitative research strategy was adopted using semi-structured interviews as the primary data source; furthermore, a qualitative research survey and publicly available documents and observations of the context were provided as secondary data sources. Fifteen (N=15) semi-structured interviews were performed with food delivery workers. Secondary data was acquired via online searches (N=11), web articles on the gig economy, three (N=3) online qualitative surveys, and contextual observations by interacting with food delivery workers at their pick-up sites. Data analysis was conducted using established guidelines for inductive data analysis using the NVivo 14 software. The research revealed significant barriers to implementing cybersecurity culture in the food delivery sector of the local gig economy. Workers receive minimal cybersecurity education and training, with limited management communication about security policies and procedures. Gig work apps present additional challenges, contributing to a virtually non-existent cybersecurity culture among food delivery workers in Gauteng, South Africa. Weak management initiatives, inadequate training, and absent security policies drive non-compliance, further complicated by conflicts between financial incentives, personal safety, and cybersecurity requirements. These findings highlight structural gig economy issues, underscoring the need for enhanced cybersecurity governance, comprehensive training programs, and integrated information security policies. Future research should examine platform providers' responsibilities in cybersecurity culture development and methods to align safety priorities with cybersecurity compliance.