Psychological Aspects of Cybersecurity - Term Paper Example

Psychological Aspects of Cyber Security Table of Contents Serial No. Topic Page No Introduction 3 2. Social Networks and theVulnerabilities and Associated Threats 4 2.1. Vulnerabilities and Threats Associated with Social Networks 4 2.1.1. Privacy Related Threats 4 2.1.2. SNS Variants of Traditional Network and Information Security Threats 6 2.1.3. Identity Related Threats 6 2.1.4. Social Threats 7 3. Probability of Occurrences of the Threats to Social Networks 8 4. Management of Estimated Level of Risk 9 4.1. Management of Privacy Related Threats 9 4.2. Management of SNS Variants of Traditional Network and Information Security Threats 9 4.3. Management of Identity Related Threats 10 4.4. Management of Social Threats 10 5. Effect of Policy and Procedure on Customer Satisfaction 11 6. Conclusion 12 References 13 1. Introduction: Present day technologies and innovations based on the use of computer systems, mobile phones, and the internet have become extensively prone to cyber attacks – either simple malware and spyware codes or serious viruses that can affect the systems and the networks, thus impacting the use of the services. The forms of the threats are different, and depending on the level of seriousness of the threat safety measures are required for the protection of one’s personal and important information. Cyber security enables the protection of all data that outsiders might try to get access to. Today, when the dependency on the use of computer systems and internet technology has increased significantly, the understanding and incorporation of cyber security proves to be highly essential (“What is Cyber Security?” 2010). The present study has considered social networking as the primary focus in regard to the psychological aspects of cyber security. Social networking in the present times is used by millions of individuals as a means of remaining connected with the outer world, with friends, near and dear ones as well as for professional purposes. However, a lot of personal information is, in turn, being shared in the process that might be used by cyber attackers to spread malevolent codes, viruses, or may even access the personal information and misuse it for their own purposes (McDowell & Morda, 2011, p.1). Thus the need for cyber security arises, and this study focuses on the vulnerabilities and threats associated with social networking and having impacts on the services and the users, thus trying to determine the possible cyber security measures and the level of customer satisfaction that may be achieved. 2. Social Networks and the Vulnerabilities and Associated Threats In the recent years, the use of social networks has been found to have increased significantly. There are several online social networking websites like Facebook, Myspace, YouTube, and LinkedIn, to name a few. The relative size of the addressees in these social networks is huge, which is often not known to the users of the site. Moreover, the nature of such users is also unknown. Hence individuals tend to reveal a lot of personal information. This may actually result in a number of security related threats for the members and hence for the services as well. Thus it proved to be necessary to incorporate such cyber security as to protect personal information on social networks (Hasib, 2008). 2.1. Vulnerabilities and Threats Associated with Social Networks When individuals post their personal information on social networks, a permanent record of the users is created that may be used by other parties if not secured. The vulnerabilities and threats associated with social networks can be classified and learnt in four groups: privacy related threats, SNS (Social Networking Sites) variants of traditional network and information security threats, identity related threats and social threats (Hasib, 2008). 2.1.1. Privacy Related Threats: Digital record of personal information. The vulnerability arises, since in the present times, the use of technologies like data mining and cost of disk storage are being reduced; it is possible for third parties to easily create a digital record of each person’s information that is made available through the individual profiles on the SNSs. The risk or the threat from such acts is that the information may be taken advantage of by an antagonist to humiliate, blackmail, or harm the image that a profile holder carries. People are many times threatened as demonstrated, for example, by the following case – “Miss New Jersey 2007 was threatened with publication of images taken from her SNS profile if she would not give up her crown” (Hasib, 2008). Face Recognition. Face recognition becomes possible through the SNSs, since individuals put up their photos in their profiles for correspondence. However, the risk from this fact arises, since an adversary may use face recognition and link the photos with other websites, thus being able to gather more information about an individual (Hasib, 2008). Content Based Image Retrieval (CBIR). CBIR is an upcoming technology that allows matching of features within large databases containing images and is thus capable of locating users. The vulnerability is that several SNSs do not have any protection against CBIR. Thus the potential threat arises from the ability of the technology to locate data easily, and it may lead to nuisance, unwanted promotion, blackmailing, and other threats related with unwanted revelation of information (Hasib, 2008). Image Tagging and Cross Profiling. SNS provides the facility to tag other people in different images, and this creates the risk of important people being tagged in unwanted photos, harming their reputation (Hasib, 2008). Difficulty of Complete Account Deletion. In many cases, the secondary information cannot be removed from the SNSs. Several posts, comments, or messages associated with an individual may remain online even if the account is deleted. This gives rise to the threat of an individual having no control over his or her personal information that cannot ever be removed (Hasib, 2008). 2.1.2. SNS Variants of Traditional Network and Information Security Threats Spamming. Social network spams, which are unwanted messaged, are created by spammers, and it leads to traffic overload in the social networking sites. The potential risks or threats with spamming are that the sites may get overloaded, the trust in the sites may be lost, and the difficulties in the use of different applications may be experienced by the users (Hasib, 2008). Cross Site Scripting, Viruses and Worms. Third parties that verify the sites produce widgets in the process that make the SNSs vulnerable to the attacks of viruses and threats of cross-site scripting attacks. The risk is that an opponent may use this advantage and compromise an individual’s account, being able to perform phishing attacks and send unwanted messaged to emails and other internet network sites (Hasib, 2008). SNS Aggregators. Several accounts of the SNSs can be accessed through the help of the recent applications like SNAG or ProfileLinker. These allow integration of the available data into a single application of the web. However, the vulnerability is increased with the authentication methods not being strong enough. The threats that arise out of this vulnerability include identity theft, zombification of SNS accounts, or loss of confidentiality of other associates of the SNS (Hasib, 2008). 2.1.3. Identity Related Threats Phishing. Information available on the SNSs can be easily exploited by a phisher; at the same time, the SNSs accounts are vulnerable to social engineering techniques that allow scripting attacks and lower thresholds of trust to the sites. The risks associated with these vulnerabilities include revelation of susceptible information and damages to finances and reputation (Hasib, 2008). Information Leakage. Leakage of information becomes easier, since an adversary has the advantage of making friends with people on the SNSs to access to his or her information. In some of the SNSs, scripts are also available in order to get in touch with an individual. The threats arising from this vulnerability include private information leakage, the use of information for phishing, spamming, and campaigns of marketing (Hasib, 2008). Profile Squatting Through Identity Theft. Fake profiles may be created by an adversary that represents a known person or brand. This is possible if the personal information of the brand or a reputed person is known by the adversary. The risks associated include the misuse of a reputed person’s data and hence damage to the reputation as well as finances of the individual, leading to severe embarrassment (Hasib, 2008). 2.1.4. Social Threats Stalking. Personal information shared on a SNS by an individual may be used by an adversary for stalking that refers to making use of that information for threatening the individual through phone calls, messages, or emails. This may either lead to mild bullying or may even cause severe damage through the loss of privacy (Hasib, 2008). Corporate Espionage. The vulnerability of the SNSs to social engineering attacks causes threats of the corporate intellectual property being lost, hacking of the corporate network systems, and blackmailing of the employees of an organization (Hasib, 2008). 3. Probability of Occurrences of the Threats to Social Networks Privacy Related Threats. The probability of occurrence of these threats can be understood to be very high, since individuals tend to share most of their personal information and photos on the social networks, thus making them available to adversaries. Face recognition becomes easier through such sharing, and opponents can easily take advantage of it, particularly with the availability of several programs in the present times that enable digital recording of the personal information available on social networks. SNS Variants of Traditional Network and Information Security Threats. The probability of occurrence of risks from these vulnerabilities is medium, since acts like spamming create overloads in the system. However, if these are removed from the system from time to time, then the effects of such activities are minimal. Identity Related Threats. The probability of these threats is high, since in the present times, several technologies of engineering and information have developed that are easily misused by the adversaries for revealing the personal information or misusing it through phishing activities. Social Threats. As far as the social threats associated with stalking and corporate espionages are concerned, it can be realized that the probability of occurrence of threats like stalking are high, since personal information is readily available to opponents to make use of it in blackmailing of individuals. On the other hand, corporate espionages do largely depend on the security facilities of the individual corporate organizations. 4. Management of Estimated Level of Risk 4.1. Management of Privacy Related Threats The estimated risks from privacy issues on social networking sites may be managed by building awareness among the users of the services regarding the threats that are associated with the sharing of their personal information and photos on the SNSs, and hence the users remain cautious about which information to reveal and which not to reveal. Also, the legislative powers need to be modified and used effectively against all forms of frauds and misuse of personal information that take place in the SNSs. The authentication and the access control measures need to be strong enough so that third parties are not easily capable of gaining access to the personal information that may not be designated for strangers. Moreover, powerful antivirus and security tools need to be incorporated in the computer systems that can provide the needed security to the service and its users (Gharibi & Shaabi, n.d., p.6). 4.2. Management of SNS Variants of Traditional Network and Information Security Threats The management of these risks may be achieved through the protection of the mobiles and the computer systems via web filtering that might enable detection of the spams and hence allow the system to delete them when detected. Activities like cross-scripting or SNS aggregators need to be managed through incorporation of suitable antivirus tools, and the individuals should secure their personal information on the SNSs through the secured systems available that restrict the information from being visible to strangers on the sites (“Balancing Social Networking with Network Security Objectives”, 2011, pp.1-11). Thus it can be said that the security systems or facilities that are made available need to be suitably utilized by the users of the SNS services so that their personal information may be protected. 4.3. Management of Identity Related Threats There are certain known sites that require paid subscriptions, and such sites have been known to have suffered less from the issues of such threats. For others, it can be said that the management of identity related threats would require much of the users’ attention to understanding that individuals across the world are capable of accessing the internet and whatever information they share on the sites may be traced by adversaries. Hence they should have control over their personal information and photos that they share on such SNSs that they do not want strangers to come across and accordingly secure their accounts (Cobb, 2012). 4.4. Management of Social Threats Social threats on and from the SNSs can be managed only through the limitation of the personal information that is being shared on the services. Generally, most of the social networks share all information that is provided to the site for the initiation of an account. This information needs to be limited so that adversaries do not come across them readily. Moreover, in the corporate organizations, the suitable cyber protective tools need to be incorporated so that the viruses and cyber attacks do not cause the damages to the organizational information (“Social Networking Security Threats”, 2012). Thus it can be reflected that in order to manage the estimated level of risks from the SNSs, every individual or the user of the services needs to be cautious personally and take the necessary protective step before and while they open an account in the social networking sites. 5. Effect of Policy and Procedure on Customer Satisfaction With the current increasing use of the SNSs not only by individuals personally but also by different organizations, the requirements of policies and procedures grow significantly. There is a need for companies to formalize policies and procedures determining the correct and limited usage of blogs, photosharing, sharing of videos, and other related activities. Blogs by employees within organizations also need to be monitored. Newer technologies should be included under such policies. Putting disclaimers and disclosures is an essential part of such policies and procedures for the purpose of protection of the SNSs that would determine which contents may be supported and which contents may not (“Social Media Policies and Procedures”, 2009, part 1). The social networks are currently also being used to connect to different customers. Therefore, the satisfaction of the customers with respect to the policies and procedures associated with the SNSs is also significant for understanding. It has been realized that customer relationships is enhanced with the availability of managed social networking sites. Individuals are not only motivated to use the social networks in the present time but also, with the protected measures of the sites, individuals find interest in sharing their interests and creating interactions with different people. Therefore, the policies and procedures can be realized to be important and effective in achieving the satisfaction of the customers. The management of the SNSs by any organization has proved to be essential in determining the level of satisfaction of the customers with using the SNS. The quality of content being shared, the level of interactions, and sharing of knowledge have a significant effect on the users, and these may be obtained through the suitable application of policies and procedures across the SNSs (Srisawas & Rotchanakitumnuai, 2011, pp.607-609). 6. Conclusion The above study has focused on the use of the social networking sites and the threats associated with them. On the basis of the study, it can be concluded that there are significant threats associated with the use of the SNSs that have gradually increased over the years, with individuals and organizations being more dependent on the SNSs today. Threats related to privacy, SNS variants, identity, and social threats are the primary threats that have been obtained from the study impacting the users and the services. These vulnerabilities and threats have brought into focus the increasing development of the information technology and software readily available for adversaries taking advantage of the personal information of individuals. Considering the level of such threats and activities, it can be said that the primary control and protection that can be implemented is through the individuals themselves. This can be achieved through suitable incorporation of protective tools and the limitation of the amounts of personal information shared on such sites, particularly those that cannot be secured. The policies and procedures associated with such sites have proved to increase the satisfaction of the customers and improve the customers’ relationships with different organizations that make use of the SNSs. Therefore, in order to manage the estimated risks associated with the SNSs and to remain protected from the negative acts of cyber attackers, a proper level of general awareness and understanding along with the suitable use of protective tools need to be incorporated. References Balancing social networking with network security objectives (2011). Retrieved from http://www.slaitconsulting.com/includes/pdfs/BlueCoat-BalanceSocialNetworking- Security.pdf Cobb, M. (2012). Social networking website threats manageable with good enterprise policy. Retrieved from http://searchsecurity.techtarget.com/tip/Social-networking-Web-site-threats-manageable-with-good-enterprise-policy Gharibi, W., & M. Shaabi (n.d.). Cyber threats in social networking websites. Retrieved from http://arxiv.org/ftp/arxiv/papers/1202/1202.2420.pdf Hasib, A.A. (2008). Threats of online social networks. Retrieved from http://www.cse.hut.fi/en/publications/B/1/papers/Hasib_final.pdf McDowell, M., & D. Morda (2011). Socializing securely: Using social networking services. Retrieved from http://www.us-cert.gov/reading_room/safe_social_networking.pdf Social media policies and procedures, part 1. (2009). Retrieved from http://www.danielhoang.com/2009/02/21/social-media-policies-and-procedures/ Social networking security threats (2012). Retrieved from http://www.sophos.com/en- us/security-news-trends/security-trends/social-networking-security-threats.aspx Srisawas, S., & S. Rotchanakitumnuai (2011). Social network management enhances customer relationship. World Academy of Science, Engineering and Technology 77, pp.607-610. Retrieved from: http://www.waset.org/journals/waset/v77/v77-111.pdf What is cyber security? (2010). Retrieved from: http://www.cybersecurityhome.com/ Read More