Abstract
In this paper, we present a study on the impact of human factors in Cloud data breach. Data breaches in Cloud platforms result in major concerns and thus the underlying reasons for such data breaches demand investigation. An incident of data breach may occur due to several reasons. The root cause for a data breach may be related to technological factors as well as human factors. While technological factors are mostly predictable, human factors may not be. Besides, human factors are dynamic that cannot be fully quantified. This leaves a room for the attackers to compromise systems through social engineering. The presented study seeks to find the extent to which human factors are contributors for data breaches. Analyses on 20 real life incidents of Cloud data breaches are carried out, and the reasons behind those breaches are explored to understand the possible implications of human factors in Cloud breaches.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jaeger, P., Lin, J., Grimes, J.: Cloud computing and information policy: computing in a policy cloud? J. Inf. Technol. Politics 5(3), 269–283 (2008)
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28, 583–592 (2012)
Ahmed, M., Litchfield, A.T.: Taxonomy for identification of security issues in cloud computing environments. J. Comput. Inf. Syst. 58, 79–88 (2016)
Gruschka, N., Jensen, M.: Attack surfaces: a taxonomy for attacks on cloud services. In: 3rd International Conference on Cloud Computing, pp. 276–279. IEEE (2010)
Grobauer, B., Walloschek, T., Stocker, E.: Understanding cloud computing vulnerabilities. In: IEEE Cloud Computing, pp. 14–20, May/June 2012
Gupta, S., Kumar, P.: Taxonomy of cloud security. Int. J. Comput. Sci. Eng. Appl. 3(5), 47–67 (2013)
Srinivasan, M.K., Sarukesi, K., Rodrigues, P., Manoj, S., Revathy, P.: State–of–the–art cloud computing security taxonomies–a classification of security challenges in the present cloud computing environment. In: ICACCI 2012, pp. 470–476. ACM, India (2012)
National Research Council: Health Care Comes Home: The Human factors. Committee on the Role of Human factors in Home Health Care, Board on Human-Systems Integration, Division of Behavioural and Social Sciences and Education. The National Academies Press, Washington DC (2011)
Haniff, D.J., Baber, C.: Wearable computers for the fire service and police force: technological and human factors. In: ISWC 1999 Proceedings of the 3rd IEEE International Symposium on Wearable Computers, pp. 185–186. ACM (1999)
Hawkey, K., Gagne, A. Botta, D., Beznosov, K., Werlinger, R., Mukdner, K.: Human, organizational and technological factors of IT security. In: CHI 2008 Proceedings, Florence, Italy, pp. 3639–3644, 5–10 April 2008
Kueppers, S., Schilingno, M.: Getting our act together: human and technological factors in establishing an online knowledge base. In: SIGUCCS 1999, pp. 135–139. ACM, Denver (1999)
Mohamadi, M., Ranjbaran, T.: Effective factors on the success or failure of the online payment systems, focusing on human factors. In: 7th International Conference on e-Commerce in Developing Countries with Focus of e-Security, pp. 1–12. IEEE, Iran, 17–18 April 2013
Thornburgh, T.: Social engineering: the “Dark Art”. In: InfoSecCD Conference 2004, Kennesaw, GA, USA, 8 October 2004
Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Social engineering attacks on the knowledge worker. In: Proceedings of the 6th International Conference on Security of Information and Networks, SIN 2013, pp. 28–35. ACM, New York (2013)
Twitchell, D.P.: Social engineering in information assurance curricula. In: InfoSecCD Conference 2006, Kennesaw, Georgia, USA, 22–23 September 2006
Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. In: Communications of the ACM, vol. 50, no. 10, October 2007
Bakhshi, T., Papadaki, M., Furnell, S.M.: A practical assessment of social engineering vulnerabilities. In: Proceedings of the Second International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008), pp. 12–23 (2008)
Odaro, U.S., Sanders, B.G.: Social engineering: phishing for a solution. In: Proceedings of the IT Security for the Next Generation, Erfurt, Germany (2011)
Bradford, C.: 7 Most Infamous Cloud Security Breaches. https://www.storagecraft.com/blog/7-infamous-cloud-security-breaches/. Accessed 23 May 2018
Gibbs, S.: Dropbox hack leads to leaking of 68 m user passwords on the internet. https://www.theguardian.com/technology/2016/aug/31/dropbox-hack-passwords-68m-data-breach. Accessed 24 May 2018
BBC.: Dropbox hack ‘affected 68 million users’. http://www.bbc.com/news/technology-37232635. Accessed 24 May 2018
Schuman, E.: LinkedIn’s disturbing breach notice. https://www.computerworld.com/article/3077478/security/linkedin-s-disturbing-breach-notice.html. Accessed 24 May 2018
Armerding, T.: The 17 biggest data breaches of the 21st century. https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html. Accessed 24 May 2018
Winter, M.: Home depot hackers used vendor log-on to steal data, e-mails. https://www.usatoday.com/story/money/business/2014/11/06/home-depot-hackers-stolen-data/18613167/. Accessed 26 May 2018
Goldman, J.: Apple Admits Celebrity Accounts Were Hacked, But Denies iCloud Breach. https://www.esecurityplanet.com/network-security/apple-admits-celebrity-accounts-were-hacked-but-denies-icloud-breach.html. Accessed 26 May 2018
Fleishman, G.: Ignore that call from “Apple” about an iCloud breach. https://www.macworld.com/article/3185485/security/ignore-that-call-from-apple-about-an-icloud-breach.html. Accessed 26 May 2018
Condliffe. J.: A History of Yahoo Hacks. https://www.technologyreview.com/s/603157/a-history-of-yahoo-hacks/. Accessed 26 May 2018
O’Sullivan, D.: Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts. https://www.upguard.com/breaches/verizon-cloud-leak. Accessed 28 May 2018
Burgess, M.: That Yahoo data breach actually hit three billion accounts. http://www.wired.co.uk/article/hacks-data-breaches-2017. 28 May 2018
Hopkins, N.: Deloitte hit by cyber-attack revealing clients’ secret emails. https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails. Accessed 13 June 2018
KCOM.: Cloud: The Data Breach Scapegoat. https://business.kcom.com/media/blog/2017/november/cloud-the-data-breach-scapegoat/. Accessed 28 May 2018
Shih, G.: Facebook admits year-long data breach exposed 6 million users. https://uk.reuters.com/article/net-us-facebook-security/facebook-admits-year-long-data-breach-exposed-6-million-users-idUSBRE95K18Y20130621. Accessed 28 May 2018
Jones, C.: Twitter says 250,000 accounts have been hacked in security breach. https://www.theguardian.com/technology/2013/feb/02/twitter-hacked-accounts-reset-security. Accessed 28 May 2018
Sharwood, S.: Missed patch caused Equifax data breach. https://www.theregister.co.uk/2017/09/14/missed_patch_caused_equifax_data_breach/. Accessed 10 June 2018
Roberts, P.: Massive TJX Security Breach Reveals Credit Card Data. https://www.csoonline.com/article/2121609/malware-cybercrime/massive-tjx-security-breach-reveals-credit-card-data.html. 12 June 2018
Bisson, D.: Scottrade Confirms Third-Party Data Breach Exposed 20,000 Customers’ Private Data. https://www.tripwire.com/state-of-security/latest-security-news/scottrade-confirms-third-party-data-breach-exposed-20000-customers-private-data/. Accessed 12 June 2018
Clark, T.: Data hacked at web provider Fashion Nexus. https://www.drapersonline.com/news/data-hacked-at-web-provider-fashion-nexus/7031553.article. Accessed 24 Oct 2018
Strauss, A., Corbin, J.: Basics of Qualitative Research: Grounded Theory: Qualitative Research in Nursing. Addison- Grounded Theory, Procedures and Techniques. Sage, California (1990)
Morse, J.M.: Strategies for sampling. In: Qualitative Nursing According, Sage, Newbury Park, California, pp. 127–145 (1991)
Patton, M.Q.: Qualitative Evaluation and Research Methods, 2nd edn. Sage, Newbury Park (1990)
Sandelowski, M.: Sample size in qualitative research. Res. Nurs. Health 18, 179–183 (1995)
Johnson, R.B., Onwuegbuzie, A.J.: Mixed methods research: a research paradigm whose time has come. Educ. Res. 33(7), 14–26 (2004)
Denzin, N.K., Lincoln, Y.S. (eds.): Collecting and Interpreting Qualitative Materials. Sage Publication, Thousand Oaks (1998)
Johnson, R.B., Onwuegbuzie, A.J., Turner, L.A.: Toward a definition of mixed methods research. J. Mixed Meth. Res. 1(112) (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Ahmed, M., Kambam, H.R., Liu, Y., Uddin, M.N. (2020). Impact of Human Factors in Cloud Data Breach. In: Xhafa, F., Patnaik, S., Tavana, M. (eds) Advances in Intelligent Systems and Interactive Applications. IISA 2019. Advances in Intelligent Systems and Computing, vol 1084. Springer, Cham. https://doi.org/10.1007/978-3-030-34387-3_70
Download citation
DOI: https://doi.org/10.1007/978-3-030-34387-3_70
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34386-6
Online ISBN: 978-3-030-34387-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)