Passwords are usually the only thing unknown about social networking site credentials and that makes them gold for those will malicious intent. In fact, according to Kim, site passwords along the the username have even been sold through illicit channels. Once the account’s credentials have been compromised, the new holder can harvest the owner’s posted information, any information that has been shared with the owner, and even impersonate the owner. Such impersonation can facilitate phishing attacks against the owner’s contacts with messages made plausible by accessing the private information which the victims have thought they only shared with friends. (Kim, 2012)
Account compromise can result in devastating damage to all three facets of cybersecurity. All confidentiality is stripped away from unencrypted data when an unauthorized user accesses the account. If there is modify access to posted data then the intruder has the ability to damage the integrity of such data. Through password modification the attacker can even lock the owner out of their account, impacting the availability, as was reported to have happened to the interviewed user Brian twice. (Debatin et al, 2009, pp. 98)
Account compromise is a high risk threat because of the extremely high amount of damage which can be inflicted upon a user, their social network, their data, their reputation, and other accounts that use the same credentials. Thankfully, the rate at which account credentials end up compromised is far less than the rate that private data is exposed. Policies prevent account compromise have to be broad to cover both prevention of malware as well as to prevent social engineering attacks. Users must be trained to avoid shady websites and not download unauthorized software. They must have it ingrained to never share or reveal their account details, even to persons that seem like legitimate support personnel. Systems administrators need to keep the machines patched to prevent automatic exploit access to the machine for malware.
Such policies and training can impose a significant burden on users. If the machines are not kept stocked with all authorized tools to address any needs they may have occur then the prohibition to download the requisite tools will impact their system use.
Debatin, B., Lovejoy, J. P., Horn, A. K., & Hughes, B. N. (2009). Facebook and online privacy: Attitudes, behaviors, and unintended consequences. Journal of Computer‐Mediated Communication, 15(1), 83-108.
Vulnerabilities To Be Addressed To Safely Utilize Online Social Networking | |
---|---|
INTRODUCTION | |
PRIVACY | |
UNREMOVABLE CONTENT | |
PRIVACY RISK | |
PRIVACY PROTECTION | |
SAFETY | |
ACCOUNT SAFETY | |
NETWORK SAFETY | |
INTERACTION SAFETY | |
CONCLUSION |
No comments:
Post a Comment