Skip to main content
SpringerLink
Log in

Impact of Human Factors in Cloud Data Breach

  • Conference paper
  • First Online:
Advances in Intelligent Systems and Interactive Applications (IISA 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1084))

Abstract

In this paper, we present a study on the impact of human factors in Cloud data breach. Data breaches in Cloud platforms result in major concerns and thus the underlying reasons for such data breaches demand investigation. An incident of data breach may occur due to several reasons. The root cause for a data breach may be related to technological factors as well as human factors. While technological factors are mostly predictable, human factors may not be. Besides, human factors are dynamic that cannot be fully quantified. This leaves a room for the attackers to compromise systems through social engineering. The presented study seeks to find the extent to which human factors are contributors for data breaches. Analyses on 20 real life incidents of Cloud data breaches are carried out, and the reasons behind those breaches are explored to understand the possible implications of human factors in Cloud breaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Jaeger, P., Lin, J., Grimes, J.: Cloud computing and information policy: computing in a policy cloud? J. Inf. Technol. Politics 5(3), 269–283 (2008)

    Article  Google Scholar 

  2. Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28, 583–592 (2012)

    Article  Google Scholar 

  3. Ahmed, M., Litchfield, A.T.: Taxonomy for identification of security issues in cloud computing environments. J. Comput. Inf. Syst. 58, 79–88 (2016)

    Google Scholar 

  4. Gruschka, N., Jensen, M.: Attack surfaces: a taxonomy for attacks on cloud services. In: 3rd International Conference on Cloud Computing, pp. 276–279. IEEE (2010)

    Google Scholar 

  5. Grobauer, B., Walloschek, T., Stocker, E.: Understanding cloud computing vulnerabilities. In: IEEE Cloud Computing, pp. 14–20, May/June 2012

    Google Scholar 

  6. Gupta, S., Kumar, P.: Taxonomy of cloud security. Int. J. Comput. Sci. Eng. Appl. 3(5), 47–67 (2013)

    Google Scholar 

  7. Srinivasan, M.K., Sarukesi, K., Rodrigues, P., Manoj, S., Revathy, P.: State–of–the–art cloud computing security taxonomies–a classification of security challenges in the present cloud computing environment. In: ICACCI 2012, pp. 470–476. ACM, India (2012)

    Google Scholar 

  8. National Research Council: Health Care Comes Home: The Human factors. Committee on the Role of Human factors in Home Health Care, Board on Human-Systems Integration, Division of Behavioural and Social Sciences and Education. The National Academies Press, Washington DC (2011)

    Google Scholar 

  9. Haniff, D.J., Baber, C.: Wearable computers for the fire service and police force: technological and human factors. In: ISWC 1999 Proceedings of the 3rd IEEE International Symposium on Wearable Computers, pp. 185–186. ACM (1999)

    Google Scholar 

  10. Hawkey, K., Gagne, A. Botta, D., Beznosov, K., Werlinger, R., Mukdner, K.: Human, organizational and technological factors of IT security. In: CHI 2008 Proceedings, Florence, Italy, pp. 3639–3644, 5–10 April 2008

    Google Scholar 

  11. Kueppers, S., Schilingno, M.: Getting our act together: human and technological factors in establishing an online knowledge base. In: SIGUCCS 1999, pp. 135–139. ACM, Denver (1999)

    Google Scholar 

  12. Mohamadi, M., Ranjbaran, T.: Effective factors on the success or failure of the online payment systems, focusing on human factors. In: 7th International Conference on e-Commerce in Developing Countries with Focus of e-Security, pp. 1–12. IEEE, Iran, 17–18 April 2013

    Google Scholar 

  13. Thornburgh, T.: Social engineering: the “Dark Art”. In: InfoSecCD Conference 2004, Kennesaw, GA, USA, 8 October 2004

    Google Scholar 

  14. Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Social engineering attacks on the knowledge worker. In: Proceedings of the 6th International Conference on Security of Information and Networks, SIN 2013, pp. 28–35. ACM, New York (2013)

    Google Scholar 

  15. Twitchell, D.P.: Social engineering in information assurance curricula. In: InfoSecCD Conference 2006, Kennesaw, Georgia, USA, 22–23 September 2006

    Google Scholar 

  16. Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. In: Communications of the ACM, vol. 50, no. 10, October 2007

    Google Scholar 

  17. Bakhshi, T., Papadaki, M., Furnell, S.M.: A practical assessment of social engineering vulnerabilities. In: Proceedings of the Second International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008), pp. 12–23 (2008)

    Google Scholar 

  18. Odaro, U.S., Sanders, B.G.: Social engineering: phishing for a solution. In: Proceedings of the IT Security for the Next Generation, Erfurt, Germany (2011)

    Google Scholar 

  19. Bradford, C.: 7 Most Infamous Cloud Security Breaches. https://www.storagecraft.com/blog/7-infamous-cloud-security-breaches/. Accessed 23 May 2018

  20. Gibbs, S.: Dropbox hack leads to leaking of 68 m user passwords on the internet. https://www.theguardian.com/technology/2016/aug/31/dropbox-hack-passwords-68m-data-breach. Accessed 24 May 2018

  21. BBC.: Dropbox hack ‘affected 68 million users’. http://www.bbc.com/news/technology-37232635. Accessed 24 May 2018

  22. Schuman, E.: LinkedIn’s disturbing breach notice. https://www.computerworld.com/article/3077478/security/linkedin-s-disturbing-breach-notice.html. Accessed 24 May 2018

  23. Armerding, T.: The 17 biggest data breaches of the 21st century. https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html. Accessed 24 May 2018

  24. Winter, M.: Home depot hackers used vendor log-on to steal data, e-mails. https://www.usatoday.com/story/money/business/2014/11/06/home-depot-hackers-stolen-data/18613167/. Accessed 26 May 2018

  25. Goldman, J.: Apple Admits Celebrity Accounts Were Hacked, But Denies iCloud Breach. https://www.esecurityplanet.com/network-security/apple-admits-celebrity-accounts-were-hacked-but-denies-icloud-breach.html. Accessed 26 May 2018

  26. Fleishman, G.: Ignore that call from “Apple” about an iCloud breach. https://www.macworld.com/article/3185485/security/ignore-that-call-from-apple-about-an-icloud-breach.html. Accessed 26 May 2018

  27. Condliffe. J.: A History of Yahoo Hacks. https://www.technologyreview.com/s/603157/a-history-of-yahoo-hacks/. Accessed 26 May 2018

  28. O’Sullivan, D.: Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts. https://www.upguard.com/breaches/verizon-cloud-leak. Accessed 28 May 2018

  29. Burgess, M.: That Yahoo data breach actually hit three billion accounts. http://www.wired.co.uk/article/hacks-data-breaches-2017. 28 May 2018

  30. Hopkins, N.: Deloitte hit by cyber-attack revealing clients’ secret emails. https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails. Accessed 13 June 2018

  31. KCOM.: Cloud: The Data Breach Scapegoat. https://business.kcom.com/media/blog/2017/november/cloud-the-data-breach-scapegoat/. Accessed 28 May 2018

  32. Shih, G.: Facebook admits year-long data breach exposed 6 million users. https://uk.reuters.com/article/net-us-facebook-security/facebook-admits-year-long-data-breach-exposed-6-million-users-idUSBRE95K18Y20130621. Accessed 28 May 2018

  33. Jones, C.: Twitter says 250,000 accounts have been hacked in security breach. https://www.theguardian.com/technology/2013/feb/02/twitter-hacked-accounts-reset-security. Accessed 28 May 2018

  34. Sharwood, S.: Missed patch caused Equifax data breach. https://www.theregister.co.uk/2017/09/14/missed_patch_caused_equifax_data_breach/. Accessed 10 June 2018

  35. Roberts, P.: Massive TJX Security Breach Reveals Credit Card Data. https://www.csoonline.com/article/2121609/malware-cybercrime/massive-tjx-security-breach-reveals-credit-card-data.html. 12 June 2018

  36. Bisson, D.: Scottrade Confirms Third-Party Data Breach Exposed 20,000 Customers’ Private Data. https://www.tripwire.com/state-of-security/latest-security-news/scottrade-confirms-third-party-data-breach-exposed-20000-customers-private-data/. Accessed 12 June 2018

  37. Clark, T.: Data hacked at web provider Fashion Nexus. https://www.drapersonline.com/news/data-hacked-at-web-provider-fashion-nexus/7031553.article. Accessed 24 Oct 2018

  38. Strauss, A., Corbin, J.: Basics of Qualitative Research: Grounded Theory: Qualitative Research in Nursing. Addison- Grounded Theory, Procedures and Techniques. Sage, California (1990)

    Google Scholar 

  39. Morse, J.M.: Strategies for sampling. In: Qualitative Nursing According, Sage, Newbury Park, California, pp. 127–145 (1991)

    Google Scholar 

  40. Patton, M.Q.: Qualitative Evaluation and Research Methods, 2nd edn. Sage, Newbury Park (1990)

    Google Scholar 

  41. Sandelowski, M.: Sample size in qualitative research. Res. Nurs. Health 18, 179–183 (1995)

    Article  Google Scholar 

  42. Johnson, R.B., Onwuegbuzie, A.J.: Mixed methods research: a research paradigm whose time has come. Educ. Res. 33(7), 14–26 (2004)

    Article  Google Scholar 

  43. Denzin, N.K., Lincoln, Y.S. (eds.): Collecting and Interpreting Qualitative Materials. Sage Publication, Thousand Oaks (1998)

    Google Scholar 

  44. Johnson, R.B., Onwuegbuzie, A.J., Turner, L.A.: Toward a definition of mixed methods research. J. Mixed Meth. Res. 1(112) (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Waikato Institute of Technology (Wintec), Hamilton, 3210, New Zealand

    Monjur Ahmed, Himagirinatha Reddy Kambam & Yahong Liu

  2. PrideSys IT Ltd., Dhaka, Bangladesh

    Mohammad Nasir Uddin

Authors
  1. Monjur Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Himagirinatha Reddy Kambam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yahong Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohammad Nasir Uddin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Monjur Ahmed .

Editor information

Editors and Affiliations

  1. Dept De Ciències De La Computació, Universitat Politècnica De Catalunya, Barcelona, Spain

    Fatos Xhafa

  2. Department of Computer Science and Engineering, SOA University, Bhubaneswar, Odisha, India

    Srikanta Patnaik

  3. Department of Business Systems and Analytics, La Salle University, Philadelphia, PA, USA

    Madjid Tavana

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ahmed, M., Kambam, H.R., Liu, Y., Uddin, M.N. (2020). Impact of Human Factors in Cloud Data Breach. In: Xhafa, F., Patnaik, S., Tavana, M. (eds) Advances in Intelligent Systems and Interactive Applications. IISA 2019. Advances in Intelligent Systems and Computing, vol 1084. Springer, Cham. https://doi.org/10.1007/978-3-030-34387-3_70

Download citation

Publish with us

Policies and ethics

Search

Navigation