Behavior of Brazilian banks employees on Facebook and the cybersecurity governance

Terlizzi, Marco Alexandre; Meirelles, Fernando de Souza; Cunha, Maria Alexandra Viegas Cortez da

View/Open

000419291700002.pdf (1.092Mb)

Date

2017

Author

Terlizzi, Marco Alexandre

Meirelles, Fernando de Souza

Cunha, Maria Alexandra Viegas Cortez da

Metadata

Show full item record

Abstract

The financial service industry (FSI) has been the victim of sophisticated cyber attacks that take advantage of vulnerabilities created by employee misconduct. An experiment was conducted on Facebook (R) with 500 employees from the top five largest banks in Brazil and another 100 randomly selected individuals. It was observed that bank employees are more prepared to avoid social engineering than typical Facebook (R) users; however, more training is still needed because an anonymous individual using social engineering techniques successfully infiltrated an online social network (OSN) used by bank employees and gained access to sensitive data. Moreover, by analyzing the banking reports and their policies, it was possible to identify the five main mechanisms of control and governance implemented by the FSI to protect data: (a) incorporate the National Institute of Standards and Technology framework into its model of cybersecurity governance, (b) establish policies that regulate the use of information assets, (c) establish a code of conduct for its employees, (d) develop a corporate security culture, and (e) maintain a corporate security department.