Trust Framework on Exploitation of Humans as the Weakest Link in Cybersecurity

Daudi, Morice

doi:10.60097/ACIG/162867

Artykuł - szczegóły

Tytuł artykułu

Trust Framework on Exploitation of Humans as the Weakest Link in Cybersecurity

Autorzy

Daudi Morice

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.60097/ACIG/162867

Warianty tytułu

Języki publikacji

Abstrakty

T he significance of cybersecurity is increasing in our daily digital lives. The reason for this rise is that human interactions take place in computer-mediated environments, or cyberspace, where physical cues from face-to-face interactions are either absent or very minimal. Computer users are becoming increasingly susceptible to cyberattacks as a result of human interactions in cyberspace. Understanding how cybercriminals exploit the human trust, the weakest link in cybersecurity is relevant because cybercriminals focus on attacking the human psychology of trust rather than technical-based controls. To this end, the present paper develops a trust framework on exploitation of humans as the weakest link in cybersecurity. The framework is established by linking the human psychology of trust and techniques used by cybercriminals in deceiving and manipulating users of computer systems. The framework is validated by demonstrating its application using a case study employing real data. Findings show that cybercriminals exploit human trust based on trust development processes and bases of trust, either creating (falsified) expectations or a relationship history to lure the victim in. Furthermore, it is revealed that technical-based controls cannot provide effective safeguards to prevent manipulation of the human psychology of trust.

Słowa kluczowe

cybersecurity weakest link trust

cyberbezpieczeństwo najsłabsze ogniwo zaufanie

Wydawca

NASK – National Research Institute

Czasopismo

Applied Cybersecurity & Internet Governance

Rocznik

2023

Tom

Vol. 2, No. 1

Strony

1--26

Opis fizyczny

Bibliogr. 42 poz., rys., tab.

Twórcy

autor

Daudi Morice

morice.daudi@mu.ac.tz

Department of Computing Science Studies, Faculty of Science and Technology, Mzumbe University, United Republic of Tanzania

https://orcid.org/0000%E2%80%930001%E2%80%937907%E2%80%93427X

Bibliografia

1. B. Schneier. (Oct. 15, 2000). “Semantic Attacks: The Third Wave of Network Attacks,”Schneier on Security. [Online]. Available: https://www.schneier.com/crypt.... [Accessed: Feb. 04, 2023].
2. URT. (2018). “Crime and traffic incidents: report January-December 2017,” Dares Salaam. [Online]. Available: https://www.nbs.go.tz/nbs/takw.... December_2017.pdf. [Accessed: Feb. 04, 2023].
3. Inspector General of Police. (2019). “Takwimu za Hali Ya Uhalifu na Matukio ya Usalama Barabarani Januari –– Desemba 2018,” Dodoma. [Online]. Available:https://www.nbs.go.tz/index.ph.... [Accessed: Feb. 04, 2023].
4. Inspector General of Police. (2020). “Takwimu za Hali Ya Uhalifu na Matukio ya Usalama Barabarani Januari –– Desemba 2019,” Dodoma. [Online]. Available:https://www.nbs.go.tz/index.ph.... [Accessed: Feb. 04, 2023].
5. Inspector General of Police. (2021). “Takwimu za Hali Ya Uhalifu na Matukioya Usalama Barabarani Januari – Desemba 2020,” Dodoma. [Online]. Available:https://www.nbs.go.tz/index.ph.... [Accessed: Feb. 04, 2023].
6. W. D. Kearney, H. A. Kruger, “Considering the influence of human trust in practical social engineering exercises,” in Proceedings of the ISSA 2014 Conference, 2014,pp. 1 – 6, doi: 10.1109/ISSA.2014.6950509.
7. G. Tejay, G. Klein, “Organizational Cybersecurity Journal editorial introduction, ”Organizational Cybersecurity Journal: Practice Process and People, vol. 1, no. 1,pp. 1 – 4, 2021, doi: 10.1108/ocj-09-2021-017.
8. A. Jain, H. Tailang, H. Goswami, S. Dutta, M. S. Sankhla, R. Kumar, “Social Engineering: Hacking a Human Being through Technology,” IOSR Journal of Computing Engineering, vol. 18, no. 5, pp. 94 – 100, 2016, doi: 10.9790/0661-18050594100.
9. DiamondIT. (2022). The 7 Layers of Cybersecurity. [Online]. Available: https://www.diamondit.pro/7-la.... [Accessed: Dec. 03, 2022].
10. Manhattan Tech Support. (2022). The seven layers of IT security. [Online]. Available: https://www.manhattantechsuppo.... [Accessed Dec. 02, 2022].
11. D. Henshel, M. G. Cains, B. Hoffman, T. Kelley, “Trust as a Human Factor in Holistic Cyber Security Risk Assessment,” Procedia Manufacturing, vol. 3, pp. 1117 – 1124,2015, doi: 10.1016/j.promfg.2015.07.186.
12. A. M. Shabut, K. T. Lwin, M. A. Hossain, “Cyber attacks, countermeasures, and protection schemes - A state of the art survey,” in SKIMA 2016 – 2016 10th International Conference on Software, Knowledge, Information Management and Applications,2017, pp. 37 – 44, doi: 10.1109/SKIMA.2016.7916194.
13. R. Hanzu-Pazara, G. Raicu, R. Zagan, “The Impact of Human Behaviour on Cyber Security of the Maritime Systems,” Advanced Engineering Forum, vol. 34, pp.267 – 274, 2019, doi: 10.4028/www .scientific.net/aef.34.267.
14. R. Ottis, P. Lorents, “Cyberspace: Definition and Implications,” in Proceedings of the 5th International Conference on Information Warfare and Security, 2010.
15. J. R. C. Nurse, “Cybercrime and You: How Criminals Attack and the Human Factors That They Seek to Exploit,” in The Oxford Handbook of Cyberpsychology, A. Attrill-Smith, C. Fullwood, M. Keep, D. J. Kuss, Eds., Oxford: Oxford Library of Psychology, Oxford Academic, 2019, pp. 662 – 690, doi: 10.1093/oxfordhb/9780198812746.013.35.
16. D. Craigen, N. Diakun-Thibault, R. Purse, “Defining Cybersecurity,” Technology Innovation Management Review, vol. 4, no. 10, pp. 13 – 21, 2014, doi: 10.22215/timreview835.
17. J. R. C. Nurse, S. Creese, M. Goldsmith, K. Lamberts, “Trustworthy and effective communication of cybersecurity risks: A review,” in 2011 1st Workshop on Socio Technical Aspects in Security and Trust (STAST), IEEE, Sep. 2011, pp. 60 – 68, doi:10.1109/STAST.2011.6059257.
18. The Citizen. (Dec. 4, 2017). Cybercrime cases hit 82pc. [Online]. Available: https://www.thecitizen.co.tz/t...: Feb. 04, 2023].
19. D. Masesa, B. Munyendo, N. Rishad, P. Musuva-Kigen, N. Karumba, et al. “Tanzania Cyber Security Report 2016: Achieving Cyber Security Resilience Through Enhancing Visibility and Increasing Awareness,” Tanzania Cyber Security Report2016, pp. 1 – 20, 2016. [Online]. Available: http://www.serianu.com/downloa.... [Accessed: Feb. 04, 2023].
20. AFRIPOL. (2021). African Cyberthreat Assessment Report: Interpol’s Key Insight into Cybercrime in Africa. [Online]. Available: https://www.interpol.int. [Accessed: Feb. 04, 2023].
21. TZ-CERT. (2023). “TZ-CERT Honeypots Weekly Report,” Dares Salaam. [Online].Available: https://www.tzcert.go.tz/resou.... [Accessed: Feb. 04, 2023].
22. M. Daudi, Trust in Sharing Resources in Logistics Collaboration. Düren: Shaker Verlag GmbH, 2019.
23. M. Laeequddin, B. S. Sahay, V. Sahay, K. A. Waheed, “Trust building in supply chain partners relationship : an integrated conceptual model,” Journal of Management Development, vol. 31, no. 6, pp. 550 – 564, 2012, doi: 10.1108/02621711211230858.
24. M. Lianos, “Social control after Foucault,” Surveillance & Society, vol. 1, no. 3,pp. 412 – 430, 2003.
25. I. Pinyol, J. Sabater-Mir, “Computational trust and reputation models for openmulti-agent systems: A review,” Artifical Intelligence Review, vol. 40, no. 1, pp. 1 – 25,2013, doi: 10.1007/s10462-011-9277-z.
26. J. Riegelsberger, M. A. Sasse, J. D. McCarthy, “The mechanics of trust: A frame work for research and design,” International Journal of Human - Computer Studies, vol. 62,no. 3, pp. 381 – 422, 2005, doi: 10.1016/j.ijhcs.2005.01.001.
27. A. Grizard, L. Vercouter, T. Stratulat, G. Muller, “A peer-to-peer normative system to achieve social order,” in: Coordination, Organizations, Institutions, and Norms in Agent Systems II. COIN 2006. Lecture Notes in Computer Science(), vol. 4386, R. Noriega et al. Eds. Berlin, Heidelberg: Springer, 2007, doi: 10.1007/978 -3-540 -74459 -7_18.
28. C. R. Sunstein, “Social Norms and Social Rules,” Coarse-Sandor Institute for Law &Economics Working Papers, vol. 36, 1996.
29. L. Rasmussen, S. Jansson, “Simulated Social control for Secure Internet Commerce,” in New Security Paradigms Workshop, C. Meadows, Ed., ACM, 1996.[Online]. Available at: https://www.nspw.org/papers/19.... [Accessed: Feb. 04, 2023].
30. A. Capaldo, I. Giannoccaro, “How does trust affect performance in the supply chain? The moderating role of interdependence,” International Journal of Production Economics, vol. 166, pp. 36 – 49, 2015, doi: 10.1016/j.ijpe.2015.04.008.
31. N. P. Nguyen, N. T. Liem, “Inter-Firm Trust Production: Theoretical Perspectives, ”International Journal of Business and Management, vol. 8, no. 7, pp. 46 – 54, doi:10.5539/ijbm.v8n7p46.
32. P. M. Doney, J. P. Cannon, “An Examination of the Nature of Trust in Buyer-Seller Relationships,” Journal of Marketing, vol. 61, no. April, pp. 35 – 51, 1997, doi:10.2307/1251829.
33. D. M. Rousseau, S. B. Sitkin, R. S. Burt, C. Camerer, “Not so different after all: A cross-discipline view of trust,” Academy of Management Review, vol. 23, no. 3,pp. 393 – 404, 1998, doi: 10.5465/AMR.1998.926617.
34. G. Tejpal, R. K. Garg, A. Sachdeva, “Trust among supply chain partners: A review,” Measuring Business Excellence, vol. 17, no. 1, pp. 51 – 71, 2013, doi:10.1108/13683041311311365.
35. B. H. Sheppard, D. M. Sherman, “The Grammars of Trust : A Model and General Implications,” The Academy of Management Review, vol. 23, no. 3, pp. 422 – 437,2016, doi:10.2307/259287.
36. A. F. Salam, L. Iyer, P. Palvia, R. Singh, “Trust in e-commerce,” Communications of the ACM, vol. 48, no. 2, pp. 72 – 77, 2005, doi: 10.1145/1042091.1042093.
37. D. L. Paul, R. R. McDaniel, “A Field Study of the Effect of Interpersonal Truston Virtual Collaborative Relationship Performance,” MIS Quarterly, vol. 28, no. 2,pp. 183 – 227, 2004.
38. R. J. Lewicki, M. A. Stevenson, R. Lewicki, M. A. Stevenson, “Trust Development in Negotiation : Proposed Actions and a Research Agenda,” Business & Professional Ethics Journal, vol. 16, no. 1, pp. 99 – 132, 1997.
39. J. M. da C. Hernandez, C. C. dos Santos, “Development-based Trust : Proposing and Validating a New Trust Measurement Model for Buyer-Seller Relationships, ”Brazilian Administration Review, vol. 7, no. 2, pp. 172 – 197, 2010, doi: 10.1590/S1807-76922010000200005.
40. O. Schilke, G. Wiedenfels, M. Brettel, L. G. Zucker, “Interorganizational trust production contingent on product and performance uncertainty,” Socio-Economic Review, vol. 1, no. 2, pp. 307 – 330, 2017, doi: 10.1093/ser/mww003.
41. E. Jaakkola, “Designing conceptual articles: four approaches,” AMS Review, vol. 10,no. 1 – 2, pp. 18 – 26, 2020, doi: 10.1007/s13162-020-00161-0.
42. I. H. Bakar. (2016). “Social engineering tactics used in mobile money theft in Tanzania,” The University of Dodoma. [Online]. Available: http://repository.udom.ac.tz/h.... [Accessed: Apr. 29, 2023].

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2024).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-142bca6c-dc53-4985-936a-724ec9ec82ed