A Human Dimension of Hacking: Social Engineering through Social Media
It addresses social engineering threats through social media for organizations, but is incremental as it focuses on regional variations without proposing new solutions.
The paper investigated regional variations in information security outlooks and practices regarding social media in Australian organizations, finding disparate views and practices that indicate further work is needed for effective protection against social engineering threats.
Social engineering through social media channels targeting organizational employees is emerging as one of the most challenging information security threats. Social engineering defies traditional security efforts due to the method of attack relying on human naiveté or error. The vast amount of information now made available to social engineers through online social networks is facilitating methods of attack which rely on some form of human error to enable infiltration into company networks. While, paramount to organisational information security objectives is the introduction of relevant comprehensive policy and guideline, perspectives and practices vary from global region to region. This paper identifies such regional variations and then presents a detailed investigation on information security outlooks and practices, surrounding social media, in Australian organisations (both public and private). Results detected disparate views and practices, suggesting further work is needed to achieve effective protection against security threats arsing due to social media adoption.