Information Leakage through online social networking: opening the doorway for advanced persistence threats

The explosion of online social networking (OSN) in recent years has caused damages to organizations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to...

Full description

Bibliographic Details
Main Authors: Abdul Molok , Nurul Nuha, Ahmad, Atif, Chang, Shanton
Format: Article
Language:English
Published: Australian Institute of Professional Intelligence Officers (AIPIO) 2011
Subjects:
Online Access:http://irep.iium.edu.my/33075/
http://irep.iium.edu.my/33075/
http://irep.iium.edu.my/33075/1/AIPIO_Vol_19_No_2_2011_Information_Leakage_thru_OSN.pdf
Description
Summary:The explosion of online social networking (OSN) in recent years has caused damages to organizations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to realize their social engineering techniques and undetectable zero-day exploits. APT attackers use a spear-phishing method that targets key employees of victim organizations through social media in order to conduct reconnaissance and theft of confidential proprietary information. This conceptual paper posits OSN as the most challenging channel of information leakage for organizations and explores the underlying factors that influence employee behaviour through a theoretical lens from information systems. It also describes how OSN becomes an attack vector of APT owing to employees’ social networking behaviour, and finally, discusses security education, training and awareness (SETA) for organizations to combat these threats.