Information Leakage through online social networking: opening the doorway for advanced persistence threats
The explosion of online social networking (OSN) in recent years has caused damages to organizations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Australian Institute of Professional Intelligence Officers (AIPIO)
2011
|
Subjects: | |
Online Access: | http://irep.iium.edu.my/33075/ http://irep.iium.edu.my/33075/ http://irep.iium.edu.my/33075/1/AIPIO_Vol_19_No_2_2011_Information_Leakage_thru_OSN.pdf |
Summary: | The explosion of online social networking (OSN) in recent years has caused damages to organizations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to realize their social engineering techniques and undetectable zero-day exploits. APT attackers use a spear-phishing method that targets key employees of victim organizations through social media in order to conduct reconnaissance and theft of confidential proprietary information. This conceptual paper posits OSN as the most challenging channel of information leakage for organizations and explores the underlying factors that influence employee behaviour through a theoretical lens from information systems. It also describes how OSN becomes an attack vector of APT owing to employees’ social networking behaviour, and finally, discusses security education, training and awareness (SETA) for organizations to combat these threats. |
---|