Tijdschrift voor Veiligheid

Meer op het gebied van Criminologie en veiligheid

Over dit tijdschrift  

Meld u zich hier aan voor de attendering op dit tijdschrift zodat u direct een mail ontvangt als er een nieuw digitaal nummer is verschenen en u de artikelen online kunt lezen.

Aflevering 3-4, 2022 Alle samenvattingen uitklappen

Wijk + web: de noodzaak van een lokale aanpak van cybercriminaliteit

Trefwoorden cybercriminaliteit, lokale aanpak, slachtofferschap, cyber-enabled crimes, cyber-dependent crime
Auteurs Remco Spithoven, Jurjen Jansen, Anthonie Drenth e.a.

Remco Spithoven
Remco Spithoven is lector Maatschappelijke Veiligheid bij Hogeschool Saxion en hoofdredacteur van Tijdschrift voor Veiligheid.

Jurjen Jansen
Jurjen Jansen is lector Digitale Weerbaarheid bij NHL Stenden Hogeschool en senior onderzoeker bij de Politieacademie.

Anthonie Drenth
Anthonie Drenth is adviseur Digitale Weerbaarheid bij de gemeente Amersfoort.

Rutger Leukfeldt
Rutger Leukfeldt is lector Cybercrime & Cybersecurity en directeur van het Kenniscentrum Cyber Security aan de Haagse Hogeschool en senior onderzoeker bij het Nederlands Studiecentrum Criminaliteit en Rechtshandhaving (NSCR).

Access_open De slachtofferimpact van cybercrime versus traditionele criminaliteit: aanknopingspunten voor slachtofferzorg en preventieprioriteiten

Trefwoorden cybercrime, traditionele criminaliteit, slachtofferimpact, slachtofferbehoeften, slachtofferzorg
Auteurs Kimberly Bluhm, Jildau Borwell en Wouter Stol

    Digitalisation offers criminals new ways to commit crimes and commit old crimes in digital ways, also known as cybercrime. The percentage of cybercrime victims is increasing and is currently similar to the percentage of victims of traditional crimes. However, local authorities are not prioritising cybercrime in their policies, even though they have a role in tackling it. Their policies are mostly based on victimisation of traditional crimes. However, it is unclear whether the impact and needs are different for cybercrime victims compared to victims of traditional crime. Our results suggest that the impact after cybercrime victimisation does not seem to differ from the impact after traditional crime victimisation. This impact varies per crime. In addition, certain needs of cybercrime victims differ from the needs of victims of traditional crime. Therefore, local authorities could prioritise cybercrime in their policies and also base these policies on the impact and needs of cybercrime victims, as they differ from victims of traditional crime. These implications might help to improve local aftercare and prevention policies, and provide support for citizens after victimisation of both types of crimes.

Kimberly Bluhm
Kimberly Bluhm is masterstudent Psychologie aan de University of Twente en werkzaam bij de Onderzoeksgroep Cybersafety aan NHL Stenden Hogeschool.

Jildau Borwell
Jildau Borwell is promovendus bij het Cyber Science Center (NHL Stenden Hogeschool, Open Universiteit en Politieacademie).

Wouter Stol
Wouter Stol is lector Cybersafety aan NHL Stenden Hogeschool en aan de Politieacademie en bijzonder hoogleraar Politiestudies aan de Open Universiteit.

    In this study we have examined the intention to seek help after victimization of WhatsApp-fraud, as well as the incident and personal characteristics that potentially assert an influence on this. The intention to seek help at the police, the bank, Victim Support Netherlands and friends and family was studied through the use of a questionnaire with vignettes. The incident characteristics that were measured in the vignettes consisted of the incurred financial damage and the person whom the perpetrator pretended to be. The personal characteristics include the respondents’ age, gender, educational level, relationship status, employment status, and previous online fraud victimization. Logistic regression analyses were used to examine the associations of the different types of help-seeking intention with the incident and personal characteristics. The results show the intention to seek help from the police and the bank to be the highest amongst the respondents. The logistic regression analyses further showed that a higher amount of incurred financial damages leads to a higher intention to seek help after victimization of WhatsApp-fraud. The person whom the perpetrator pretended to be and the personal characteristics did not predict the respondents’ intention to seek help well.

Valérie Pijlman
Valérie Pijlman is werkzaam bij Nederlands Studiecentrum Criminaliteit en Rechts­­­handhaving (NSCR).

Steve van de Weijer
Steve van de Weijer is werkzaam bij Nederlands Studiecentrum Criminaliteit en Rechtshandhaving (NSCR).

Dian Boelsz
Dian Boelsz is werkzaam bij Vrije Universiteit Amsterdam, afdeling Criminologie.

Melanie Brouwer
Melanie Brouwer is werkzaam bij Vrije Universiteit Amsterdam, afdeling Criminologie.

Rowan Fijn
Rowan Fijn is werkzaam bij Vrije Universiteit Amsterdam, afdeling Criminologie.

Mara Lemmens
Mara Lemmens is werkzaam bij Vrije Universiteit Amsterdam, afdeling Criminologie.

Dominique Smit
Dominique Smit is werkzaam bij Vrije Universiteit Amsterdam, afdeling Criminologie.

Max Willers
Max Willers is werkzaam bij Vrije Universiteit Amsterdam, afdeling Criminologie.

Rowena Winter
Rowena Winter is werkzaam bij Vrije Universiteit Amsterdam, afdeling Criminologie.

Weerbaar tegen phishing: een verkenning van de onderliggende factoren bij zelfbescherming tegen phishing onder jongeren, ouderen en mkb’ers

Trefwoorden phishing, slachtofferschap van cybercriminaliteit, cyberweerbaarheid, protection motivation theory, PMT
Auteurs Susanne van ’t Hoff-de Goede, Luuk Bekkers, Ellen Misana-ter Huurne e.a.

    A large group of Dutch people fall victim to phishing every year. However, citizens and companies take self-protective measures to a limited extent. This study maps out which factors contribute to the intention to take self-protective measures against phishing by three high-risk groups, namely young people, the elderly and SMEs (Small and Medium Enterprises). We apply the Protection Motivation Theory and justify an extension of this model with two factors: affective response and subjective norms. Data was collected through questionnaire research at a panel agency among young people (N=1179), the elderly (N=1191) and SME owners (N=1020). The strongest predictor for the intention to take self-protective measures against phishing appeared to be affective response (worrying about phishing), followed by a negative effect of self-efficacy and positive effects of perceived seriousness (young people and SMEs) and subjective norm (SMEs). Implications of the findings for policy makers and interventions are discussed.

Susanne van ’t Hoff-de Goede
Susanne van ’t Hoff-de Goede is senior onderzoeker bij het Centre of Expertise Cyber Security van de Haagse Hogeschool.

Luuk Bekkers
Luuk Bekkers is PhD kandidaat bij het Centre of Expertise Cyber Security van de Haagse Hogeschool en het lectoraat Maatschappelijke Veiligheid van Hogeschool Saxion.

Ellen Misana-ter Huurne
Ellen Misana-ter Huurne is senior docent/onderzoeker bij het lectoraat Maatschappelijke Veiligheid van Hogeschool Saxion.

Ynze van Houten
Ynze van Houten is senior docent/onderzoeker bij het lectoraat Maatschappelijke Veiligheid van Hogeschool Saxion.

Rutger Leukfeldt

Remco Spithoven

NAS-ransomware: hoe ransomware-aanvallen tegen NAS-apparaten verschillen van reguliere ransomware-aanvallen

Trefwoorden ransomware, Network Attached Storage, politie, empirisch onderzoek, cybercrime
Auteurs Tom Meurs, Marianne Junger, Erik Tews e.a.

    The present study examines the impact of ransomware against Network Attached Storage (NAS) devices. NAS devices are external hard drives which are usually easily accessible through the internet. Between 2019 and 2022, 434 ransomware attacks were reported to the Dutch Police, of which 78 (18%) were against NAS devices. These attacks targeted both companies as individuals. One limitation of this sample is possible low willingness to report to the Police. The aim of the present study is to compare NAS attacks with regular attacks. Our findings show that, compared to regular ransomware attacks, NAS ransomware typically targets individual citizens instead of organizations, requests relatively low amounts of ransom, and the attack is carried out in a more automatic fashion. Furthermore, attack campaigns seem to correlate with the publication of certain vulnerabilities of NAS devices.
    We present recommendations for users of NAS devices, companies who sell NAS devices and local government agencies, to minimize the risk and impact of NAS ransomware attacks among citizens. First, updating the NAS software seems the most important step a user could take to prevent NAS ransomware. NAS vendors should inform clients of the risks of falling victim of NAS malware, including ransomware. Local government agencies could take a more generalized approach where they advise citizens to think about safe data-storage. Our study is, to the best of our knowledge, the first to pay attention to NAS ransomware. Although the financial impact of an attack on an individual is relatively low compared to an attack against an organization, the loss of personal pictures and videos can be very painful for victims and therefore we think it is important to address NAS ransomware in the public debate.

Tom Meurs
Tom Meurs is PhD-student bij de Nederlandse Politie en aan de Universiteit Twente.

Marianne Junger
Marianne Junger is hoogleraar aan de Universiteit Twente.

Erik Tews
Erik Tews is universitair docent aan de Universiteit Twente.

Abhishta Abhishta
Abhishta Abhishta is universitair docent aan de Universiteit Twente.

Leren van cyberincidenten: een meta-analyse van evaluatierapporten ten behoeve van organisatorisch leren

Trefwoorden cyberweerbaarheid, organisatorisch leren van cyberincidenten, meta-analyse, evaluatierapporten, kwalitatief onderzoek
Auteurs Bruno Verweijen

    Many organisations fall victim to cyberattacks, such as ransomware attacks. Nevertheless, organisations have opportunities to bolster their cyber resilience. One way to achieve this is by learning vicariously from the experience of victims. This allows organisations to learn meaningful lessons, while not being burdened by the impact of an incident. However, vicarious learning requires victims to share lessons learned resulting from the investigation into causes and consequences of a cyber incident. Fortunately, some organisations disseminate lessons learned and recommendations through the publication of a publicly available evaluation report. Despite the potential of such sources for meaningful learning, most studies on organisational learning from cyberincidents focus on how individual organisations learn from their own experiences. As a consequence, such studies fail to identify recurring patterns of lessons learned that may generalize to other organisations. This meta-analysis addresses this issue by comparing multiple evaluation reports. The research objective is twofold: 1) to identify recurring lessons learned about causes and consequences of cyberincidents, and 2) to study from which frames of reference incidents are evaluated to understand why certain lessons are learned and others are not. The research question is: which lessons are drawn in evaluation reports into the causes and consequences of cyberincidents at organisations, in order to prevent these from recurring in the future. Various recurring lessons are identified and classified using an analytical framework that incorporates different risk management phases and categories of lessons learned. It is recommended to improve sharing of lessons learned within a network of trusted partners to enable broad vicarious learning and collective cyber resilience.

Bruno Verweijen
Bruno Verweijen is onderzoeker bij het lectoraat Maatschappelijke Veiligheid van Hogeschool Saxion.
Uit de praktijk

Lokale stappen in de aanpak van gedigitaliseerde criminaliteit

Trefwoorden cybercriminaliteit, basisteams, gebiedsgebonden politie, aanpak, politie
Auteurs Jelle Kort en Remco Spithoven

    This article is based on an exploratory study into endeavors at the local police level, with the aim of tackling cyber-­enabled crime. We highlight what the IJsselland police district in the Netherlands encountered in some recent developments in their approach to this new challenge. In this article we will also address the more general question of how the Dutch police at the local level can be better equipped to tackle cybercrime effectively.

Jelle Kort
Jelle Kort is docent/onderzoeker bij het lectoraat Maatschappelijke Veiligheid van Hogeschool Saxion.

Remco Spithoven