Cyber Security Awareness (CSA) and Cyber Crime in Bangladesh: A Statistical Modeling Approach

The need to combat cybercrime is becoming more and more urgent. This effect is crucial for developing nations like Bangladesh, which is currently building out its infrastructure in preparation for fully secure digitization. This study aims to identify the numerous factors that contribute to cybercrime, its challenges, the relationships between different cyber security variables, potential solutions to these issues and various behavioral viewpoints individuals and organizations hold regarding cybercrime victimization. A simple random sampling method has been conducted to collect 200 data from individuals on this topic. Factor analysis based on Principal Component Analysis (PCA) was fitted to the data to analyze cyber behaviour, Binary Logistic Regression was fitted to analyze cyber victimization status and Poisson Regression model was fitted to analyze victimization frequency. The research demonstrates that the dependent variable cybercrime victimization is strongly associated with the independent variables which are password sharing status, using a common password, cyber security knowledge Status, personal information online storage status, downloading free antivirus from an unknown source, disabling antivirus for downloading, download digital media from an unknown source, clicking links unauthorized sites, personal info Sharing with stranger over online. According to the regression model's findings, women are more likely than men to experience cybercrime. Cybersecurity knowledge is found to be a key factor in preventing cyberattacks. Additional research on this subject can be conducted utilizing large-scale data to gain more trustworthy conclusions on the underlying factors contributing to cybercrime victimization. Overall, developing a digital Bangladesh where our cyber security is robust can be accomplished by learning about cybersecurity and practicing safe online behavior.


INTRODUCTION:
In the era of globalization secure cyberspace plays a significant role in achieving economic prosperity and building a modern, and powerful nation. With the rapid spread of cyberspace and communication technology, cybercrimes have become a considerable security concern. With the progressive increase in the number of internet users in Bangladesh, the percentage of attacks is rising too. According to the Kaspersky Security Bulletin 2015, Bangladesh is in the second position in the level of infection among all the countries. 69.55% of unique users are at the highest risk of local virus infection in Bangladesh. 80% of users are the victim of spam attacks according to Trend Micro Global Spam

Literature Review
The issue of cyberattacks, which has emerged as one of the most crucial aspects of the Internet of Things (IoT), was discussed in a publication by Ulven & Wangen, (2021). By safeguarding IoT assets and user privacy, IoT cybersecurity aims to lower cybersecurity risk for businesses and consumers. The authors of the paper provided theoretical vulnerabilities faced by the IoT, major security issues, and necessary steps for the protection of cyber security and the IoT (Abomhara & Køien, 2015). Ramirez & Choucri, (2016) researched the 21st-century trends of cyberization and the rising demand for computer security. A recent increase in new technology investment has coincided with an increase in cybercrime, digital currency, and e-governance. Businesses and governments are starting to focus their attention on all-encompassing cybersecurity solutions. Using an integrated approach, Ali et al. (2022) investigated the causes of IT system failure in Bangladesh's banking sector. Cyberattacks, database hacks, server failure, network outages, broadcast data mistakes, virus impacts, etc. were the reported factors. Then, to facilitate managers' critical decision-making, these factors were examined. On a few Indian public and private sector banks, Atul et al. (2013) exposed the numerous cyberattack techniques used by cybercrimenals as well as the various cyber defense strategies and how they relate to cyberattacks. According to the report, 60% of bank executives acknowledged that their bank has discovered internet theft. Scholars examined the cyber threat posed by smart cities, assessed, exposed, and evaluated the advancement of data-driven solutions for situational awareness. The author assessed attack detection approaches, risk assessment methodologies, and ways for modeling relationships across different smart city infrastructures (Neshenko et al., 2020). Chen et al. (2015) did an exploratory study using the flux-fluctuation law, the Markov state TPM, and predictability measurements to look for patterns and predictability in cyberattacks. Unsurprisingly, they discovered the fundamental pattern of cyberattacks and discovered that just a small number of attacker groups were responsible for practically all the attacks. A comparative analysis of twenty nations' national cyber security strategy was conducted by Shafqat & Masood, (2016). The timeframe of development clearly stated objectives and goals, degree of prioritization, nations' perceptions of cyber threats, organizational overview, incident response capabilities, etc. were used as comparative criteria. It was discovered that while the purposes and objectives of all the strategies were quite similar, their scopes and methods were very dissimilar. Additionally, the UK, USA, and Germany had the best strategy overall. Maalem Lahcen et al. (2020) reviewed pertinent theories and ideas and offered insights, as well as a framework that integrates modeling and simulation, behavioral cybersecurity, and human factors. To emphasize the significance of social behavior, environment, biases, perceptions, deterrent, intent, attitude, norms, alternatives, punishments, decisionmaking, etc. in comprehending cybercrimes, Matyokurehwa et al. (2020) studied the Cyber Security Awareness (CSA) perspectives among students at Zimbabwean universities to build a model of the effectiveness of cyber security training programs. They worked on some statistical analysis on their primary data to find any significant relationship between cyberattacks and CSA. They found that malware attacks, social engineering attacks and IoT attacks are positively related to CSA. In addition, they developed a cross-case analysis which showed that CSA is invariant on age and sex while CSA has a noticeable impact on the level of education and institution. Alqahtani (2022) launched a study about the factors behind cybersecurity awareness among students taking higher study. Based on the CSA data taken from Imam Abdulrahman Bin Faisal University college students, he analyzed and created a module to make the students aware about cybersecurity. Many relevant statistical analyses including ANOVA, multiple regression, correlation test, multicollinearity test was carried out considering password security, browser security, and social media security as three main variables. All the three-security component was found significantly influential on cybersecurity awareness. Kovacevic et al.
(2020) explored how cyber security behavior is impacted by cyber security awareness. The study defined socio-demographics, cyber security perceptions, previous cyber security breaches, IT usage, and knowledge as CSA factors. Through correlation and regression analysis, knowledge and IT usage was found to be a significant factor in cyber security behavior. Ben-Asher & Gonzalez, (2015) inquired about how knowledge plays a role in the accurate classification of malicious events and prevents damages from cyber-attack. They evaluated the impact of cyber security knowledge on the detection of cyber-attack. A reliable tool for detection is an Intrusion Detection System (IDS) which detects by matching known attack patterns of network events. But 99% of the alerts from IDS are false alerts so a human analyst is required for triage analysis (Monitoring & Detection). And more knowledge about cyber security significantly helps in the correct detection of malicious events and decreases false classification. Haque, (2019) studied public opinion on cyber security condition of Bangladesh. He found that 78.4% internet users thought the condition be vulnerable. He also referred to some cyber threats and recent cyber-attacks specially in financial sectors in our country. Describing the deficiency of awareness in this sector, this paper further discussed some necessary policy regarding cyber security. Mazumder & Hossain, (2022) looked for a connection between board composition and disclosure of cyber security in Bangladesh's banking industry. Multiple linear regression analysis and automated content analysis were employed in the study. Throughout the research pe-riod, the cyber security division trend in Bangla-desh's banking sector was up (2014-2020). According to the data, larger boards do not substantially affect CSD whereas increased female involvement is linked to higher CSD. Kundu et al. (2018) analyzed cyber-attack in the monetary sector of Bangladesh and investigated the causes of that in Bangladesh. As they found increasing trend of cyber-attack, they suggested available framework against cybercrime in this paper. Hadlington, (2017) made a survey on attitude towards cybercrime as well as cyber security in business scale, Internet addiction and risky cyber security behaviors. By regression analysis the research shown that employee attitudes towards cyber security correlated negatively with which they engaged in risky cyber security behavior self-reporting is the Limitations for the study.
Research highlights employee attitudes & knowledge can play vital role in cyber security. Astromskis (2017) developed a conceptual cyber security regulation framework, based on the fundamentals of transaction cost theory. The study evaluated it in the context of emerging legal technologies. Bowen et al. (2011) conducted an experiment on randomly selected 4000 students and staffs using forged phishing emails to investigate a new method to measure, quantify and evaluate the security state of large corporation organizations and government agencies. According to them, computer security depends on the people who operate the system aside technology and systems. Nifakos et al.
(2021) aimed a review study to find out the factors causing cyber-attacks in healthcare sector. They analyzed and reported human behavioral causes of cyber threats in health organizations. They also researched the possible policies and measures which could be taken by the healthcare-providing organizations. In order to understand the mechanics of cyber-attack campaigns, Lallie et al. (2021) examined the cyberattacks that occurred during the COVID-19 epidemic.
Additionally, it showed how cybercriminals use actual crises and tragedies as cover for opportunistic assaults. Finally, the effects of these attacks on persons who work from home were explored, along with some future planning ideas. Sardi et al. (2020) studied by giving a special emphasis on one of the main challenges in the healthcare sector during the COVID-19 pandemic, the cyber risk. Since the beginning of the Covid-19 pandemic, the World Health Organization has detected a dramatic increase in the number of cyber-attacks. Information security and cyber security are two different concepts, according to Von Solms & Van Niekerk, (2013). They contended that these two aren't quite interchangeable or similar. The safeguarding of information assets is known as information security. However, cyber security is the defense of the internet's physical infrastructure, its users, and the assets that can be accessed through it. Consequently, cyber security has a further component. Staheli et al. (2014) surveyed and categorized the visualization evaluation metrics, components and techniques for cyber security that were utilized in the previous decade of VizSec (A research community that focuses on visualization of cyber security) research literature. They also defined existing methodological gaps in evaluating visualization in cyber security as well as suggested potential avenues for future research. Švábenský et al.
(2020) studied the fact that cybersecurity is now more important than ever, and so is education in this field.
However, the cybersecurity domain encompasses an extensive set of concepts, which can be taught in different ways and contexts to understand the state of the art of cybersecurity education and related research. Klimburg et al. (2011) had outlined a cyberstrategy that provided the stance of the United States of America (USA) on cyber-related issues and outlined a unified approach to the USA's engagement with other countries on cyber issues. They analyzed about technologies that might be used to protect the cyber environment and organization and user's assets. Becker & Quille, (2019) studied about cyber-Security issues that needed to be integrated in the educational process in the beginning at an early age (Mia et al., 2022).
This study focuses on cyber security emerging trends while adopting new technologies such as mobile computing, cloud computing, e-commerce, and social networking. The paper also described the challenges due to lack of coordination between Security agencies and the Critical IT Infrastructure. Lebek et al. (2014) provided an overview of theories used in the field of employees' information systems (IS) security behavior by analyzing and synthesizing previous literature.

Data Collection and Processing
Questionnaires were used as the data collection tool for this cross-sectional study. Both personal interviews and mail questionnaires through google forms were used for this purpose. Internet users who are greater than 16 years old were the target population of this study. Simple random sampling was adopted in collecting data from individuals. For large samples, the formula for estimating sample size through Simple Random Sampling is- Here, in this study, P, Assumed proportion in target population =0.50; q=1-p =0.50; d, Degree of accuracy expected in the estimated population =.07; Z, Standard normal deviate = 1.96. Accordingly, 200 data from Dhaka city was gathered for the study. Data were analyzed using SPSS software in computer.

Principal Component Analysis
By turning a set of values for correlated variables into a set of values for linearly uncorrelated variables, PCA is used to reduce the number of dimensions. Old dimensions are changed into new dimensions. These new dimensions indicate that since the majority of the information is included in the first few dimensions, it is acceptable to eliminate other dimensions containing less information/variance and instead choose the most significant ones, which results in dimensionality reduction. In this project, orthogonal transformation is used in variance reduction.

Binary Logistic Regression Model
Let us define the binary random variable Z= { 1 if the outcome is a success 0 if the outcome is a failure with probabilities Pr (Z = 1) = π and Pr (Z = 0) = 1− π, which is the Bernoulli distribution B(π). If there are n such random variables Z 1 ,..., Z n , which are independent with Pr(Z j = 1) Which is a member of the exponential family.
Next, for the case where the π j 's are all equal, we can So that Y is the number of successes in n "trials." The random variable Y has the distribution Bin (n, π): Pr (Y = y) =( ) (1 − ) − , y = 0,1,...,n.
For i th random variable Y i , = ( ) = is the expected number of successes. We can allow to depend on (vector of explanatory variables) via the link function Where is a vector of parameters. Finally, we consider the general case of N independent random variable Y 1 , Y 2 ,...,Y N corresponding to the numbers of successes in N different subgroups or strata. If Y i ∼ Bin (n i ,π i ), the log-likelihood function is l(π 1 ,...,π N ;y 1 ,...,y N ) = ∑ [ log ( The parameter vector can be estimated numerically using numerical methods. Finally, the model can be written as log ( π 1−π ) = .

Poisson Regression Model
Let us consider Y 1 ,...,Y N be independent random variables with denoting the number of events observed from exposure n i for the i th covariate pattern. The expected value of can be written as ( ) = µ = .
The dependence of on the explanatory variables is usually modelled by = e x i T β .
The natural link function for the Poisson distribution, the logarithmic function, yields a linear component For a binary explanatory variable denoted by an indictor variable, = 0 if the factor is absent and = 1 if it is present. The rate ratio, RR, for presence vs. absence is When the response variable is over dispersed, more sophisticated model such as Negative Binomial Regression Model can be used.

RESULTS AND DISCUSSIONS: Factor analysis using principal component analysis on cyber behavior
The goal of the traditional principal component analysis is to reduce the number of m variables to a smalller number of p uncorrelated variables known as principal components which account for the variance of the data as much as possible. PCA is suitable for continuous variables, and it assumes a linear relationship between variables, it is not an appropriate method for dimension reduction in categorical variables. Alternatively, categorical principal component analysis (CATPCA) has been developed for data having mixed measurements such as nominal, ordinal, or numeric which may not have linear relationships with each other. We refer to Gifi, (1990) for a historical review of CATPCA using optimal scaling. We compute the Bartlett's test for sphericity and find the Kaiser-Meyer-Olkin measure of sampling adequacy before proceeding to factor analysis. .000 Here, the Kaiser-Meyer-Olkin measure is .751 which indicates the dataset is valid for factor analysis. Bartlett's test for sphericity tests the hypothesis that a correlation matrix is an identity matrix, which means the variables are unrelated. For our data, we have pvalue .000 for Bartlett's test for sphericity. Therefore, we have enough evidence to conclude that the factor analysis is useful for the data. Now we can approach for the factor analysis in our dataset. The initial values of commonalities are set to 1. The highest extracted value is for the variable "Sharing password" is .693 indicating that a 69.3% variation in "Sharing password" is explained by the principal factors. 65.6% variation in "Same password multiple use" is explained by principal components. The least explained variable is "Insecure payment info online storage" which has an extraction value of about .294. As all values here are greater than .25, the communalities are acceptable ( Table 2).    The scree plot shows that eigenvalues drop somewhat rapidly from components one to four. As 4 components are above one, four components are selected. Variables that are most strongly correlated with each component are selected in Table 5 from the rotated factor matrix ( Table 4).
We assume 0.5 as a threshold value and select the variables for each principal component accordingly. As the factors cannot explain the total variance more than 60%, we may fit our statistical models with individual variables.

Fitting Binary Logistic Regression Model to assess victimization status
In Table 6, the odds ratio is discussed to show the effect of the covariates on victimization status. The odds ratio describes the odds that an event occurs given a particular exposure is present compared to an event that occurs given the exposure is absent. Controlling for all other variables in the model, cybercrime victimization is 3.028 times more likely for those who use common password than those who do not (p-value=.012). Also controlling for every other variable, the odds of cybercrime victimization is 2.526 times higher as person shifts from not storing personal data online to storing them online (p-value=.034). For persons leaving payment information on website with no clear security compared to those who do not, the odds of victimization are significantly 66.3% lower (p-value=.02). However, this seems illogical and may be observed due to our sample data. Having the habit of disabling antivirus while downloading significantly increases the victimization odds by approximately 3 times (p-value=.014). The practice of downloading digital media from unknown sources significantly rises the victimization odds by 2.398 times (p-value=.041). The likelihood of cybercrime victimization when a person shares personal information to strangers over the internet is 4.422 times greater than that of their counterparts. The p-value here is .002 which refers to the factor being highly significant at a 5% significance level. The significant outcomes support the research hypothesis I. All the other covariates are statistically insignificant at 5% level of significance.

CONCLUSION AND RECOMMENDATIONS:
Cyber facilities have brought a wave of change in our modern life. The purpose of the study is to see the behavior of cybercrime victimization, knowledge of cyber security, and causes of cybercrime victimization and to find some possible solutions and recommendations for this problem. The most common sort of cybercrime happening around is found to be hacking, identity fraud, phishing, monetary loss, computer virus and so on. The research demonstrates that the dependent variable cybercrime victimization is strongly associated with the independent variables which are password sharing status, using common password, cyber security knowledge Status, personal information online storage status, downloading free antivirus from unknown source, disabling antivirus for downloading, download digital media from unknown source, clicking links unauthorized sites, personal info Sharing with stranger over online. However, not all other variables have significant impact on cybercrime victimization. According to the regression model's findings, women are more likely than men to experience cybercrime. It is also evident from the views of the respondents that women are not very protected online. The study also contributes to some important opinions on cybercrime in the industrial sector. 69.5% of respondents strongly agree that management has the responsibility to ensure a company is protected from cybercrime. 65.2% of respondents strongly agree everyone in the company has a role to play in protecting against threats from cyber criminals. 56.52% of respondents agree that they don't have the right skills to be able to protect the organization from cybercrime. 52.1% of respondent agree that the Police cannot deal with cybercrime effectively.
39.13% of respondents were neutral that they worry that if they report a cyber-attack to the Police, it might damage the reputation of the company. The economic & digital development of the world along with our country is going on in a rapid speed. For this purpose, it is cyber security that is playing a vital role and contributing in these sectors. So, after conducting the study and recognizing reasons for cybercrime, we recommend following suggestions.
1) The Govt. should initiate cyber training programs.
2) The prevailing Law of Cybercrime should be implemented. 3) Strict cyber law should be imposed. 4) More and more seminars should be arranged to raise awareness among people. 5) Back dated software are unable to protect the device from cyber-attack. So, users should use up to date software in their devices. 6) For cyber security passwords is an exigent object. To avoid hacking, users should use strong & unique passwords. 7) Users should backup the data & review online accounts regularly. 8) Unauthorized & unknown sites contain viruses.
So, downloading any content from unknown sources should be avoided. 9) There is a high risk of identity theft, making fake accounts, harassment for sharing personal information. Therefore, sharing personal information with anyone should be avoided.