Human factor: The weakest link of security?

Abstract

Human element plays a critical role in cyberwarfare scenarios: a malicious adversary can launch targeted social engineering campaigns to gain unfettered access to sensitive electronic resources, establish unauthorized system persistence, and use the compromised host as a stepping stone for further exploitation, incorporating it into a botnet of controlled nodes. As hardware and software infrastructure protection efforts result in increasingly resilient systems, focus on end-users who constitute a security vulnerability can be expected to increase in the future. However, password database leaks, effectiveness of social engineering, and bring your own device (BYOD) trends in organizations all raise concerns as to the security competencies the general population possess. In the article, we present results of a large-scale questionnaire study pertaining to security habits and BYOD practices of more than 700 participants conducted in the Czech Republic during the period of September-December 2013. Ranging from a preferred operating system to password selection rationale, the answers should be a representative cross-section of how an "average" user maintains their electronic identity online. The snapshot provides valuable insights and actionable intelligence based on which information and communication technology policies in organizations can be modified to better accommodate the patterns discovered. The article maps current state of selected aspects of security in increasingly interconnected, technology-driven global structures where electronic identities supplement real-world ones and their compromise results in significant negative consequences.