The increasing threat of social engineers targeting social media channels to advance their attack effectiveness on company data has seen many organizations introducing initiatives to better understand these vulnerabilities. This paper examines concerns of social engineering through social media within the enterprise and explores countermeasures undertaken to stem ensuing risk. Also included is an analysis of existing social media security policies and guidelines within the public and private sectors.
Матеріали Всеукраїнської науково-практичної конференції здобувачів вищої освіти й молодих учених "Комп'ютерна інженерія і кібербезпека: досягнення та інновації" (м. Кропивницький, 27-29 листопада 2018 р.) 361 ЗАХИСТ ПРОГРАМ ТА ДАНИХ В КОМП'ЮТЕРНИХ СИСТЕМАХ І МЕРЕЖАХ UDC 316.776:004.58 Introduction. The history of attacks based on SE practices is a wave: the victims changed, the different, new at their time, tricks were practiced and still are. The era of SE attacks in the field of IT began in 2014 when the first mass attacks were carried out on individuals, users of the banking payment system. People received calls from fake bank operators who informed about innovations regarding the protection of their data and steps that each and should every pass in order to become more secured. At their request, individuals in conversation gave critical data such as CVV2/CVC2 (3 digits on the back of a bank card) and 4 to 6 digits codes that the operator sent on their smartphones to confirm changes applying during the conversation, also in some cases even card pin-codes. The result of such manipulations as can understood had not given an additional level of protection to users, but rather deprived them of many decent sums of money (see fig. 1).
Social engineering through social media channels targeting organizational employees is emerging as one of the most challenging information security threats. Social engineering defies traditional security efforts due to the method of attack relying on human naiveté or error. The vast amount of information now made available to social engineers through online social networks is facilitating methods of attack which rely on some form of human error to enable infiltration into company networks. While, paramount to organisational information security objectives is the introduction of relevant comprehensive policy and guideline, perspectives and practices vary from global region to region. This paper identifies such regional variations and then presents a detailed investigation on information security outlooks and practices, surrounding social media, in Australian organisations (both public and private). Results detected disparate views and practices, suggesting further work is needed to achieve effective protection against security threats arsing due to social media adoption.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.