Analysis of Human Factors in Cyber Security: A Case Study of Anonymous Attack on Hbgary
No Thumbnail Available
Date
2017
Journal Title
Journal ISSN
Volume Title
Publisher
School of Engineering and Computing, University of the West of Scotland, Paisley.
Abstract
Purpose: This paper critically analyses the
human factors or behaviours as major threats to
cyber security. Focus is placed on the usual roles
played by both the attackers and defenders (the
targets of the attacker) in cyber threats’
pervasiveness and the potential impacts of such
actions on critical security infrastructures.
Design/Methodology/Approach: To enable an
effective and practical analysis, the Anonymous
attack against HBGary Federal (A security firm
in the United State of America) was taken as a
case study to reveal the huge damaging impacts
of human errors and attitudes against the security
of organizations and individuals.
Findings: The findings revealed that the
powerful security firm was compromised and
overtaken through simple SQL injection
techniques and a very crafty social engineering
attack which succeeded because of sheer
personnel negligence and unwitting utterances.
The damage caused by the attack was enormous
and it includes the exposure of very sensitive
and personal data, complete shutdown of the
website, loss of backup data and personnel
character deformations. The research also found
that damaging human factors results from
ignorance or illiteracy to basic security practices,
carelessness and sometimes sabotage by
disgruntled employees from within and these
vulnerabilities have become prime target for
exploitation by attackers through social
engineering attacks. Social engineering was also
discovered to be the leading attack technique
adopted by attackers within the cyber space in
recent years.
Practical Implications: The paper concludes by
advocating assiduous training and cyber securityawareness programmes for workforces and the
implementations and maintenance of basic
security culture and policies as a panacea for
social engineering cyber attacks against
individuals and organizations.
Originality: Lots of work has been done and
many still on-going in the field of social
engineering attacks and human factors, but this
study is the first to adopt an approach of a
practical case study to critically analyze the
effects of human factors on cyber security.
Description
Keywords
The Anonymous, HBGary Federal, Uniform Resource Location (URL);, Content Management System (CMS), SQL Injection, Cross-site Scripting (XXS), Social Engineering, Cyber Security, Information Security
Citation
Benjamin, A.G. & Abikoye, O.C. (2017): Analysis of Human Factors in Cyber Security: A Case Study of Anonymous Attack on Hbgary. Computing and Information Systems Journal. 21(2); 10-18,