Mathew Nicho
Dimensions of ‘socio’ vulnerabilities of advanced persistent threats.
Nicho, Mathew; McDermott, Christopher D.
Authors
Dr Christopher McDermott c.d.mcdermott@rgu.ac.uk
Lecturer
Contributors
Dinko
Editor
Nikola
Editor
Radi?
Editor
Matko
Editor
Abstract
Advanced Persistent Threats (APT) are highly targeted and sophisticated multi-stage attacks, utilizing zero day or near zero-day malware. Directed at internetworked computer users in the workplace, their growth and prevalence can be attributed to both socio (human) and technical (system weaknesses and inadequate cyber defenses) vulnerabilities. While many APT attacks incorporate a blend of socio-technical vulnerabilities, academic research and reported incidents largely depict the user as the prominent contributing factor that can weaken the layers of technical security in an organization. In this paper, our objective is to explore multiple dimensions of socio factors (non-technical vulnerabilities) that contribute to the success of APT attacks in organizations. Expert interviews were conducted with senior managers, working in government and private organizations in the United Arab Emirates (UAE) over a period of four years (2014 to 2017). Contrary to common belief that socio factors derive predominately from user behavior, our study revealed two new dimensions of socio vulnerabilities, namely the role of organizational management, and environmental factors which also contribute to the success of APT attacks. We show that the three dimensions postulated in this study can assist Managers and IT personnel in organizations to implement an appropriate mix of socio-technical countermeasures for APT threats.
Citation
NICHO, M. and MCDERMOTT, C.D. 2019. Dimensions of ‘socio’ vulnerabilities of advanced persistent threats. In Begušić, D., Rožić, N., Radić, J. and Šarić, M. (eds.) Proceedings of the 27th International software, telecommunications and computer networks conference 2019 (SoftCOM 2019), 19-21 September 2019, Split, Croatia. Piscataway: IEEE [online], article ID 8903788. Available from: https://doi.org/10.23919/SOFTCOM.2019.8903788
| Conference Name | 27th International software, telecommunications and computer networks conference 2019 (SoftCOM 2019) |
|---|---|
| Conference Location | Split, Croatia |
| Start Date | Sep 19, 2019 |
| End Date | Sep 21, 2019 |
| Acceptance Date | Jul 2, 2019 |
| Online Publication Date | Sep 21, 2019 |
| Publication Date | Nov 21, 2019 |
| Deposit Date | Dec 2, 2019 |
| Publicly Available Date | Dec 2, 2019 |
| Publisher | IEEE Institute of Electrical and Electronics Engineers |
| Series ISSN | 1847-358X |
| DOI | https://doi.org/10.23919/SOFTCOM.2019.8903788 |
| Keywords | Advanced persistent threats (APT); Spear-phishing; User vulnerabilities |
| Public URL | https://rgu-repository.worktribe.com/output/795882 |
Files
NICHO 2019 Dimensions of socio vulnerabilities
(222 Kb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by-nc/4.0/
You might also like
Towards a conversational agent for threat detection in the internet of things.
(2019)
Conference Proceeding
Botnet detection in the Internet of Things using deep learning approaches.
(2018)
Conference Proceeding
Towards situational awareness of botnet activity in the Internet of Things
(2018)
Conference Proceeding