The Research Problem
Cybersecurity has become one of the primary factors that define the success of any given project. According to Trim and Lee (2016), when undertaking a sensitive project, it is necessary to protect critical information from third parties who may use it at the expense of the firm. In the past, a project manager only needed to ensure that files are locked in a safe where it would only be accessible to authorized persons. However, the digital age has transformed how data is processed, stored, retrieved, and transferred. Many project managers rely on internet-enabled computers to manage data.
Cybercriminals have become so sophisticated that in most of the cases they do not need to be physically present at offices of an organization to access the digital data. Others target finances meant to complete specific projects. Stealing large amounts of money needed to undertake specific tasks in a project could have devastating effects. Smith (2014) explains that cybercrime is currently one of the major threats that affect the ability to complete the project in time using the set resources. The purpose of the qualitative study will be to describe the effects of cybercrime on projects and to explain how managers can deal with the problem to enhance the success in their activities.
Background and Justification
On May 21, 2014, E-bay reported that cybercriminals had hacked into its database and retrieved critical information about its customers (Rose & Lacher 2017). The incident happened at a time when the firm was updating its systems following major acquisitions of firms such as PayPal, Skype, Craigslist, and StudHub among others. The small project was meant to integrate information about customers to enhance service delivery. Hackers took advantage of the opportunity to access sensitive information from these databases (Lock 2014). The incident had a major implication on the company. Customers were concerned about the security of their money in PayPal given that these criminals had succeeded in stealing their passwords and account details.
Users of services such as Skype were no longer convinced about the privacy offered by the firm. Russell and Arlow (2015) explain that when a firm loses the trust of its customers, it can easily be forced out of the market because of a possible mass switch of loyalty. In a society where many people rely on the digital wallet to make their purchases, security is at the top of their priority. When they realize that the systems they are using no longer guarantees the security they need, they can consider using the services of alternative institutions (Nicholas & Steyn 2017). E-bay was able to address the issue before it could escalate.
According to a report by Gao, Chai, and Liu (2018), $ 600 billion was lost to the global cybercriminals in 2017, which represents 0.8 percent of the global gross domestic product. In 2014, $ 445 billion had been lost to these unscrupulous individuals. It is evident that they are getting bolder and more sophisticated with time. Although financial institutions are their main targets, they also focus on non-financial institutions undertaking major projects. Some of them use junior officers in the finance department to help them implement their evil plans while others use an advanced method to access the information they need. Data breach and theft of resources meant to complete projects is becoming a common phenomenon around the world.
The United Arab Emirates is one of the fastest growing economies in the Middle East and North Africa (MENA) region (Nicholas & Steyn 2017). The effort of the government to diversify the country’s economy has led to numerous private and public projects in various industries. The real estate sector, hospitality and tourism, oil and gas industry, infrastructure, and many other sectors of the economy are growing rapidly thanks to these developmental projects. However, the country has come under sharp focus of cybercriminals (Allen, Loyear & Noakes-Fry 2016). They are attracted to the multi-billion mega projects being undertaken in by the government and non-governmental institutions. Shankar (2018) explains that both public and private-sponsored projects have lost significant amounts of money to these criminals over the past two years. Such attacks often lead to delays in projects’ completion and increase the overall cost.
Project managers have to rethink their strategies as the threat continues to mount. In the past, the concept of security in project management primarily focused on the physical protection of assets. Well-trained and properly armed security guards, security walls, proper locks, bankers, and getting police escort were some of the steps that a firm had to take to avoid theft of its resources. However, the new threat of cyber-attack can easily circumvent these security features (O’Reilly, Caldwell, Chatman & Doerr 2014). Physical protection of project data may no longer offer the security needed in a given area. Managers must understand that the success of their mission lies in their ability to devise effective mechanisms of protecting data. This study will explain how they can manage this threat and enhance the ability of their projects to achieve the set goals using the available resources.
Deficiencies in the Evidence
Cybersecurity is a relatively new concept that has gained massive attention over the past decade. According to Schaufelberger and Holm (2017), the idea that someone can access assets of an entity through the digital platform without being physically present in that location is a relatively new concept. Arnold (2017) explains that most of the stakeholders were caught unawares by this threat, and they are still struggling to find the best ways of addressing the problem. The problem of hacking started in western countries where technology is getting increasingly advanced. However, Johnson (2016) reports that the main targets of these criminals are firms in developed countries. They choose these soft targets because of their limited capacity to protect their data from sophisticated cyber-attacks.
When trying to address this problem, it is critical for the affected institutions to provide data that can be used by experts to identify the patterns of attacks, mechanisms used to achieve these selfish goals, factors that make the security of these organizations fail to protect them, and any other relevant information. Pompon (2016) explains that the biggest challenge in the fight against cybercrime is the deficiency in evidence. Most of the institutions that suffer these attacks are expected to provide evidence that can be used to develop countermeasures. However, it is unfortunate that most of them choose to hide the truth about these attacks. For instance, financial institutions are the worst affected entities. However, they are often unwilling to express the kind of loss they suffer every financial year because of the image that they have to protect.
Kogon, Blakemore, and Wood (2015) argue that the most important promise that banks give to its customers is the security of their savings. Their ability to remain sustainable in the market is to ensure that there is a continuous process of savings and withdrawals of cash made by its customers. Customers’ savings enable these institutions to engage in other businesses to boost their income. When it is revealed that a given bank is losing money to cybercriminals, its customers may rush to withdraw their money (Pauleen & Wang 2017). Such an eventuality may cripple operations of the firm. It explains why these institutions suffer in silence despite the magnitude of the problem. They prefer finding internal mechanisms of fighting cyber-attack without the involvement of external stakeholders. Such a strategy makes it difficult to have a multi-agency approach to dealing with the problem.
Deficiency in the evidence is also demonstrated in terms of the available publications within the region. Although the challenge of hiding facts about cyber-attacks exists as discussed above, researchers have done their best to investigate this issue in North American and parts of Europe. Most of the literature that exists about cybercrime is based on investigations conducted in these two regions (Audretsch, Link & Walshok 2015). However, the threat is becoming a global issue that affects the developed economies just as much as it is destroying the economy of the developed nations. Limited literature about the nature of this problem locally is a major concern. The strategy that is used to attack institutions in the United States may be the same as that used in the United Arab Emirates. However, most of the institutions in the UAE lack the sophistication that can help them deal with the threat. Lack of local evidence further makes it difficult to develop solutions based on local factors.
Effect of cybercrime on project management is one of the least explored fields of project management. According to Campbell & Göritz (2014), literature about project management define threats such as siphoning of resources, manipulation or theft of data by employees, increase in cost because of inflation and related factors, bad weather that may limit various activities, general insecurity in a given area, and direct political interference (Rogers 2016). These materials provide ways in which project managers can deal with these problems to ensure that intended objectives re-realized within the set time. However, the effect of cybercrime on projects, which is becoming one of the top concerns of managers, is not effectively explored, especially at the local and regional levels.
It means that these project managers are ill-prepared to deal with this problem. As Reynolds (2016) explains, anyone in a managerial position in modern society knows about the threat of cyber-attack. However, most of them do not know how to deal with the problem. They try to use passwords and lock most of the rooms where data is kept, but that is not enough to deter highly skilled cybercriminals who have the capacity to get the information they need even in password-protected savers (Wang & Rafiq 2014). This research will provide information that will not only help project managers but also the local policymakers to find effective ways of dealing with the problem.
The United Arab Emirates is experiencing massive growth of the economy because of the numerous projects undertaken by the government and private investors. Most of these projects are worth billions of dollars (Hana 2015). However, the threat of cybercrime is casting a dark shadow over the ongoing and planned projects, especially the ease with which the criminals can steal finances and critical data. The success in project management currently lies with the ability of managers to understand how to address these threats in a timely and effective manner. This research will benefit several stakeholders not only within the country but also in the MENA region and beyond. The following are stakeholders who will directly benefit from the study.
The research is designed to help managers to overcome the challenge of rampant cybercrime when undertaking the project. The document will identify factors that make a firm vulnerable to such attacks, early signs that its database has been compromised, and how to act in such cases. It will explain what a project manager and his or her team should do before initiating a project to protect important information. As Carvalho (2015) explains, it is always important to put measures in place to avoid a cyber-attack instead of waiting until it happens before doing something about it.
The reactionary approach of dealing with such threats may be costly and time-consuming. As such, the document will explain the proactive measures that can be used by managers to protect their data, finances, and other important assets that might be targeted by cybercriminals (Huhtala, Tolvanen, Mauno & Feldt 2015). The document will provide a framework that outlines how and with whom critical information should be shared to enhance security. It is expected that the information will help these managers to complete their project in time and within the set budget by eliminating possible theft or manipulation of data at any of the stages of development.
Government and Private Investors
The government of the United Arab Emirates has been investing billions of dollars on various infrastructural development projects. According to Kloppenborg (2015), many cybercriminals often target such major government projects. When money meant for road construction is lost to these fraudsters, the government would be forced to reallocate more resources to ensure that the intended goals are realized. Such challenges often delay the completion date of these projects (Huemann 2016). The research will identify how the problem can be addressed. It will be possible for the government to put measures in place that would protect its resources from theft by these criminals. The research will also identify how the government can use its legislative and investigative powers to fight the problem in the country. Private investors will also benefit from having a business environment that is protected from cybercriminals.
The research will be of great benefit to future scholars in this country who might want to conduct a further investigation about cybersecurity in the country. As explained above, information about cyber-attacks on local projects in the country is scanty. This document will provide detailed information about possible factors that make a project or a firm vulnerable to such attacks, what a manager and his or her team need to do to avoid such possibilities, and how to act in cases of data breach. In the methodology section, the document will describe in details how qualitative research was conducted to obtain and analyze the needed information. Future scholars may find the section important in explaining how they can conduct their own studies in a related field.
Arnold, R 2017, Cybersecurity: a business solution: an executive perspective on managing cyber risk, Threat Sketch LLC, Winston-Salem, NC.
Johnson, M 2016, Cybercrime, security and digital intelligence, 2nd edn, Routledge, London.
Trim, P & Lee, Y 2016, Cyber security management: a governance, risk and compliance framework, 2nd edn, Routledge, New York, NY.
Smith, R 2014, Cybercrime – a clear and present danger the ceo’s guide to cyber security, LULU Press INC, London.
Rose, J & Lacher, D 2017, Managing public safety technology: deploying systems in police, courts corrections, and fire organizations, Routledge, New York, NY.
Russell, DL & Arlow, P 2015, Industrial security: managing security in the 21st century, John Wiley & Sons, Hoboken, NJ.
Shankar, D 2018, It strategy and management, 4th edn, PHI Learning Private Limited, New Delhi.
Nicholas, J & Steyn, H 2017, Project management for engineering, business, and technology, Routledge, London.
Allen, B, Loyear, R & Noakes-Fry, K 2016, The manager’s guide to enterprise security risk management: essentials of risk-based security, Rothstein Associates Incorporated, Brookfield, CT.
Pompon, R 2016, IT security risk control management: an audit preparation plan, Apress, Berkeley, CA.
Schaufelberger, J & Holm, L 2017, Management of construction projects: a constructor’s perspective, Riutkedge, London.
Reynolds, GW 2016, Information technology for managers, Cengage Learning, Boston, MA.
Audretsch, B, Link, A & Walshok, M (eds) 2015, The Oxford handbook of local competitiveness, Oxford University Press, Oxford.
Campbell, JL & Göritz, A 2014, ‘Culture corrupts, a qualitative study of organizational culture in corrupt organizations’, Journal of Business Ethics, vol. 120, no. 3, pp. 291-311.
Carvalho, L (eds) 2015, Handbook of research on internationalization of entrepreneurial innovation in the global economy, Cengage, New York, NY.
Gao, Y, Chai, W & Liu, Y 2018 ‘A review of knowledge management about theoretical conception and designing approaches’, International Journal of Crowd Science, vol. 2, no. 1, pp.42-51.
Hana, U 2015, ‘Competitive advantage achievement through innovation and knowledge,’ Journal of Competitiveness, vol. 5, no. 1, pp. 82-96.
Huemann, M 2016, Human resource management in the project-oriented organization: towards a viable system for project personnel, Routledge, New York, NY.
Huhtala, M, Tolvanen, A, Mauno, S & Feldt, T 2015, ‘The associations between ethical organizational culture, burnout, and engagement: a multilevel study’, Journal of Business Psychology, vol. 30, no. 3, pp. 399–414.
Kloppenborg, T 2015, Contemporary project management: organize, plan, perform, 3rd edn, Cengage Learning, Stamford, CT.
Kogon, K, Blakemore, S & Wood, J 2015, Project management for the unofficial project manager: a Franklin covey title, BenBella Books, Dallas, TX.
Lock, D 2014, The essentials of project management, 4th edn, Gower, Burlington, VT.
Nicholas, J & Steyn, H 2017, Project management for engineering, business, and technology, 5th edn, Taylor & Francis, New York, NY.
O’Reilly, C, Caldwell, D, Chatman, J & Doerr, B 2014, ‘The promise and problems of organizational culture: chief executive officer personality, culture, and firm performance’, Group & Organization Management, vol. 39, no. 6, pp. 595–625.
Pauleen, D & Wang, W 2017, ‘Does big data mean big knowledge? KM perspectives on big data and analytics’, Journal of Knowledge Management, vol. 21, no. 1, pp.1-6.
Rogers, D 2016, The digital transformation playbook: rethink your business for the digital age, Columbia Business School Publishing, New York, NY.
Wang, C & Rafiq, M 2014, ‘Ambidextrous organizational culture, contextual ambidexterity and new product innovation: a comparative study of UK and Chinese high-tech firms’, British Journal of Management, vol. 25, no. 1, pp. 58–76.