Countering Social Engineering through Social Media: An Enterprise Security Perspective

The increasing threat of social engineers targeting social media channels to advance their attack effectiveness on company data has seen many organizations introducing initiatives to better understand these vulnerabilities. This paper examines concerns of social engineering through social media within the enterprise and explores countermeasures undertaken to stem ensuing risk. Also included is an analysis of existing social media security policies and guidelines within the public and private sectors.Comment: Proceedings of The 7th International Conference on Computational Collective Intelligence Technologies and Applications (ICCCI 2015), LNAI, Springer, Vol. 9330, pp. 54-6

A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure

Insider attacks are becoming increasingly detrimental and frequent, affecting critical infrastructure at a massive scale. Recent attacks such as the UK National Health Service (NHS) WannaCry ransomware attack which partly depends on internal users for initial infection highlight the increasing role of the malicious insiders in cyber attack campaigns . The objective of this research is to ascertain the existing technological capability to mitigate insider threats within computer security systems by way of a mixed-method systematic review. Evidence was acquired from major sources of mainstream and grey literature by analysing about 300, 000 papers. Crude aggregated results were analysed across the literature, the results were TPR 0.75, FPR 0.32, σ 0.24 and 0.36 respectively, σ 2 0.06 and 0.13 respectively. In totality, the literature evidence suggests that there is high heterogeneity across crude data indicating that the effectiveness of security measures varies significantly. No solution is able to totally mitigate an insider threat. Themes when set against that data suggest that most, if not all, security measures require breaches to occur before an analysis of malicious activity can prevent it in future through recall. Such a reactive approach is not effective to protect our critical infrastructure including our healthcare systems. Consequently, there is a major theoretical shortfall in current cyber defence architecture

Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems

This mixed-methods study focused on the internal human factors responsible for data breaches that could cause adverse impacts on organizations. Based on the Swiss cheese theory, the study was designed to examine preventative measures that managers could implement to minimize potential data breaches resulting from internal employees\u27 behaviors. The purpose of this study was to provide insight to managers about developing strategies that could prevent data breaches from cyber-threats by focusing on the specific internal human factors responsible for data breaches, the root causes, and the preventive measures that could minimize threats from internal employees. Data were collected from 10 managers and 12 employees from the business sector, and 5 government managers in Ivory Coast, Africa. The mixed methodology focused on the why and who using the phenomenological approach, consisting of a survey, face-to-face interviews using open-ended questions, and a questionnaire to extract the experiences and perceptions of the participants about preventing the adverse consequences from cyber-threats. The results indicated the importance of top managers to be committed to a coordinated, continuous effort throughout the organization to ensure cyber security awareness, training, and compliance of security policies and procedures, as well as implementing and upgrading software designed to detect and prevent data breaches both internally and externally. The findings of this study could contribute to social change by educating managers about preventing data breaches who in turn may implement information accessibility without retribution. Protecting confidential data is a major concern because one data breach could impact many people as well as jeopardize the viability of the entire organization