Advertisement

Impact of Human Factors in Cloud Data Breach

  • Monjur AhmedEmail author
  • Himagirinatha Reddy Kambam
  • Yahong Liu
  • Mohammad Nasir Uddin
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1084)

Abstract

In this paper, we present a study on the impact of human factors in Cloud data breach. Data breaches in Cloud platforms result in major concerns and thus the underlying reasons for such data breaches demand investigation. An incident of data breach may occur due to several reasons. The root cause for a data breach may be related to technological factors as well as human factors. While technological factors are mostly predictable, human factors may not be. Besides, human factors are dynamic that cannot be fully quantified. This leaves a room for the attackers to compromise systems through social engineering. The presented study seeks to find the extent to which human factors are contributors for data breaches. Analyses on 20 real life incidents of Cloud data breaches are carried out, and the reasons behind those breaches are explored to understand the possible implications of human factors in Cloud breaches.

Keywords

Cloud breach Cloud computing Cyber security Data breach Human factors Security Social engineering 

References

  1. 1.
    Jaeger, P., Lin, J., Grimes, J.: Cloud computing and information policy: computing in a policy cloud? J. Inf. Technol. Politics 5(3), 269–283 (2008)CrossRefGoogle Scholar
  2. 2.
    Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28, 583–592 (2012)CrossRefGoogle Scholar
  3. 3.
    Ahmed, M., Litchfield, A.T.: Taxonomy for identification of security issues in cloud computing environments. J. Comput. Inf. Syst. 58, 79–88 (2016)Google Scholar
  4. 4.
    Gruschka, N., Jensen, M.: Attack surfaces: a taxonomy for attacks on cloud services. In: 3rd International Conference on Cloud Computing, pp. 276–279. IEEE (2010)Google Scholar
  5. 5.
    Grobauer, B., Walloschek, T., Stocker, E.: Understanding cloud computing vulnerabilities. In: IEEE Cloud Computing, pp. 14–20, May/June 2012Google Scholar
  6. 6.
    Gupta, S., Kumar, P.: Taxonomy of cloud security. Int. J. Comput. Sci. Eng. Appl. 3(5), 47–67 (2013)Google Scholar
  7. 7.
    Srinivasan, M.K., Sarukesi, K., Rodrigues, P., Manoj, S., Revathy, P.: State–of–the–art cloud computing security taxonomies–a classification of security challenges in the present cloud computing environment. In: ICACCI 2012, pp. 470–476. ACM, India (2012)Google Scholar
  8. 8.
    National Research Council: Health Care Comes Home: The Human factors. Committee on the Role of Human factors in Home Health Care, Board on Human-Systems Integration, Division of Behavioural and Social Sciences and Education. The National Academies Press, Washington DC (2011)Google Scholar
  9. 9.
    Haniff, D.J., Baber, C.: Wearable computers for the fire service and police force: technological and human factors. In: ISWC 1999 Proceedings of the 3rd IEEE International Symposium on Wearable Computers, pp. 185–186. ACM (1999)Google Scholar
  10. 10.
    Hawkey, K., Gagne, A. Botta, D., Beznosov, K., Werlinger, R., Mukdner, K.: Human, organizational and technological factors of IT security. In: CHI 2008 Proceedings, Florence, Italy, pp. 3639–3644, 5–10 April 2008Google Scholar
  11. 11.
    Kueppers, S., Schilingno, M.: Getting our act together: human and technological factors in establishing an online knowledge base. In: SIGUCCS 1999, pp. 135–139. ACM, Denver (1999)Google Scholar
  12. 12.
    Mohamadi, M., Ranjbaran, T.: Effective factors on the success or failure of the online payment systems, focusing on human factors. In: 7th International Conference on e-Commerce in Developing Countries with Focus of e-Security, pp. 1–12. IEEE, Iran, 17–18 April 2013Google Scholar
  13. 13.
    Thornburgh, T.: Social engineering: the “Dark Art”. In: InfoSecCD Conference 2004, Kennesaw, GA, USA, 8 October 2004Google Scholar
  14. 14.
    Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Social engineering attacks on the knowledge worker. In: Proceedings of the 6th International Conference on Security of Information and Networks, SIN 2013, pp. 28–35. ACM, New York (2013)Google Scholar
  15. 15.
    Twitchell, D.P.: Social engineering in information assurance curricula. In: InfoSecCD Conference 2006, Kennesaw, Georgia, USA, 22–23 September 2006Google Scholar
  16. 16.
    Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. In: Communications of the ACM, vol. 50, no. 10, October 2007Google Scholar
  17. 17.
    Bakhshi, T., Papadaki, M., Furnell, S.M.: A practical assessment of social engineering vulnerabilities. In: Proceedings of the Second International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008), pp. 12–23 (2008)Google Scholar
  18. 18.
    Odaro, U.S., Sanders, B.G.: Social engineering: phishing for a solution. In: Proceedings of the IT Security for the Next Generation, Erfurt, Germany (2011)Google Scholar
  19. 19.
    Bradford, C.: 7 Most Infamous Cloud Security Breaches. https://www.storagecraft.com/blog/7-infamous-cloud-security-breaches/. Accessed 23 May 2018
  20. 20.
    Gibbs, S.: Dropbox hack leads to leaking of 68 m user passwords on the internet. https://www.theguardian.com/technology/2016/aug/31/dropbox-hack-passwords-68m-data-breach. Accessed 24 May 2018
  21. 21.
    BBC.: Dropbox hack ‘affected 68 million users’. http://www.bbc.com/news/technology-37232635. Accessed 24 May 2018
  22. 22.
    Schuman, E.: LinkedIn’s disturbing breach notice. https://www.computerworld.com/article/3077478/security/linkedin-s-disturbing-breach-notice.html. Accessed 24 May 2018
  23. 23.
    Armerding, T.: The 17 biggest data breaches of the 21st century. https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html. Accessed 24 May 2018
  24. 24.
    Winter, M.: Home depot hackers used vendor log-on to steal data, e-mails. https://www.usatoday.com/story/money/business/2014/11/06/home-depot-hackers-stolen-data/18613167/. Accessed 26 May 2018
  25. 25.
    Goldman, J.: Apple Admits Celebrity Accounts Were Hacked, But Denies iCloud Breach. https://www.esecurityplanet.com/network-security/apple-admits-celebrity-accounts-were-hacked-but-denies-icloud-breach.html. Accessed 26 May 2018
  26. 26.
    Fleishman, G.: Ignore that call from “Apple” about an iCloud breach. https://www.macworld.com/article/3185485/security/ignore-that-call-from-apple-about-an-icloud-breach.html. Accessed 26 May 2018
  27. 27.
    Condliffe. J.: A History of Yahoo Hacks. https://www.technologyreview.com/s/603157/a-history-of-yahoo-hacks/. Accessed 26 May 2018
  28. 28.
    O’Sullivan, D.: Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts. https://www.upguard.com/breaches/verizon-cloud-leak. Accessed 28 May 2018
  29. 29.
    Burgess, M.: That Yahoo data breach actually hit three billion accounts. http://www.wired.co.uk/article/hacks-data-breaches-2017. 28 May 2018
  30. 30.
    Hopkins, N.: Deloitte hit by cyber-attack revealing clients’ secret emails. https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails. Accessed 13 June 2018
  31. 31.
    KCOM.: Cloud: The Data Breach Scapegoat. https://business.kcom.com/media/blog/2017/november/cloud-the-data-breach-scapegoat/. Accessed 28 May 2018
  32. 32.
    Shih, G.: Facebook admits year-long data breach exposed 6 million users. https://uk.reuters.com/article/net-us-facebook-security/facebook-admits-year-long-data-breach-exposed-6-million-users-idUSBRE95K18Y20130621. Accessed 28 May 2018
  33. 33.
    Jones, C.: Twitter says 250,000 accounts have been hacked in security breach. https://www.theguardian.com/technology/2013/feb/02/twitter-hacked-accounts-reset-security. Accessed 28 May 2018
  34. 34.
    Sharwood, S.: Missed patch caused Equifax data breach. https://www.theregister.co.uk/2017/09/14/missed_patch_caused_equifax_data_breach/. Accessed 10 June 2018
  35. 35.
    Roberts, P.: Massive TJX Security Breach Reveals Credit Card Data. https://www.csoonline.com/article/2121609/malware-cybercrime/massive-tjx-security-breach-reveals-credit-card-data.html. 12 June 2018
  36. 36.
    Bisson, D.: Scottrade Confirms Third-Party Data Breach Exposed 20,000 Customers’ Private Data. https://www.tripwire.com/state-of-security/latest-security-news/scottrade-confirms-third-party-data-breach-exposed-20000-customers-private-data/. Accessed 12 June 2018
  37. 37.
    Clark, T.: Data hacked at web provider Fashion Nexus. https://www.drapersonline.com/news/data-hacked-at-web-provider-fashion-nexus/7031553.article. Accessed 24 Oct 2018
  38. 38.
    Strauss, A., Corbin, J.: Basics of Qualitative Research: Grounded Theory: Qualitative Research in Nursing. Addison- Grounded Theory, Procedures and Techniques. Sage, California (1990)Google Scholar
  39. 39.
    Morse, J.M.: Strategies for sampling. In: Qualitative Nursing According, Sage, Newbury Park, California, pp. 127–145 (1991)Google Scholar
  40. 40.
    Patton, M.Q.: Qualitative Evaluation and Research Methods, 2nd edn. Sage, Newbury Park (1990)Google Scholar
  41. 41.
    Sandelowski, M.: Sample size in qualitative research. Res. Nurs. Health 18, 179–183 (1995)CrossRefGoogle Scholar
  42. 42.
    Johnson, R.B., Onwuegbuzie, A.J.: Mixed methods research: a research paradigm whose time has come. Educ. Res. 33(7), 14–26 (2004)CrossRefGoogle Scholar
  43. 43.
    Denzin, N.K., Lincoln, Y.S. (eds.): Collecting and Interpreting Qualitative Materials. Sage Publication, Thousand Oaks (1998)Google Scholar
  44. 44.
    Johnson, R.B., Onwuegbuzie, A.J., Turner, L.A.: Toward a definition of mixed methods research. J. Mixed Meth. Res. 1(112) (2007)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Monjur Ahmed
    • 1
    Email author
  • Himagirinatha Reddy Kambam
    • 1
  • Yahong Liu
    • 1
  • Mohammad Nasir Uddin
    • 2
  1. 1.Waikato Institute of Technology (Wintec)HamiltonNew Zealand
  2. 2.PrideSys IT Ltd.DhakaBangladesh

Personalised recommendations