IIUM Repository

Information Leakage through online social networking: opening the doorway for advanced persistence threats

Abdul Molok , Nurul Nuha and Ahmad, Atif and Chang, Shanton (2011) Information Leakage through online social networking: opening the doorway for advanced persistence threats. The Journal of the Australian Institute of Professional Intelligence Officers (AIPIO), 19 (2). pp. 38-55. ISSN 1039-1525

[img] PDF - Published Version
Restricted to Repository staff only
Download (139kB) | Request a copy
Official URL: http://www.aipio.asn.au

Abstract

The explosion of online social networking (OSN) in recent years has caused damages to organizations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to realize their social engineering techniques and undetectable zero-day exploits. APT attackers use a spear-phishing method that targets key employees of victim organizations through social media in order to conduct reconnaissance and theft of confidential proprietary information. This conceptual paper posits OSN as the most challenging channel of information leakage for organizations and explores the underlying factors that influence employee behaviour through a theoretical lens from information systems. It also describes how OSN becomes an attack vector of APT owing to employees’ social networking behaviour, and finally, discusses security education, training and awareness (SETA) for organizations to combat these threats.

Item Type: Article (Journal)
Additional Information: 5341/33075
Uncontrolled Keywords: Information leakage, unauthorised information disclosure, online social networking, social media, advanced persistent threats, cyber espionage
Subjects: H Social Sciences > H Social Sciences (General) > H61.8 Communication of information
T Technology > T Technology (General) > T55.4 Industrial engineering.Management engineering. > T58.6 Management information systems
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Information and Communication Technology > Department of Information System
Kulliyyah of Information and Communication Technology > Department of Information System
Depositing User: Dr. Nurul Nuha Abdul Molok
Date Deposited: 04 Dec 2013 11:56
Last Modified: 04 Dec 2013 11:56
URI: http://irep.iium.edu.my/id/eprint/33075

Actions (login required)

View Item View Item
Download Statistics

Downloads

Downloads per month over past year