Quantitative Analysis on Vulnerability to Electronic Business Identity Theft Among Estonian Companies
Name
Andres Jõgi
Abstract
As 60% of all information security incidents resulting in data breaches involve social engineering, it is essential to understand the extent and motivations behind them. Electronic identity theft is an important component to cyber attacks involving social engineering techniques.
While cybercriminals opportunistically exploit the identities of organisations and physical persons, many successful attacks focus on impersonating organisations. Current research focuses on analysing the impact of past cyber attacks and in-depth analysis of attack techniques with vulnerability surface measured across the internet. However, technical vulnerabilities should be tied to the entities responsible for vulnerable assets to predict and prevent potential attacks across organisations. This thesis aims to reduce this gap by providing insights into active organisations' vulnerabilities, from micro-enterprises to large multinational corporations. Data from the Estonian e-Business Register is used to conduct a case study that ties digital assets to a responsible legal entity, allowing for actionable information on vulnerability trends to be analysed and used to improve resilience against impersonation attacks. Discovered vulnerabilities have been forwarded to Estonian Computer Security Incident Response Team
(CERT-EE) who used this information to notify affected service providers.
While cybercriminals opportunistically exploit the identities of organisations and physical persons, many successful attacks focus on impersonating organisations. Current research focuses on analysing the impact of past cyber attacks and in-depth analysis of attack techniques with vulnerability surface measured across the internet. However, technical vulnerabilities should be tied to the entities responsible for vulnerable assets to predict and prevent potential attacks across organisations. This thesis aims to reduce this gap by providing insights into active organisations' vulnerabilities, from micro-enterprises to large multinational corporations. Data from the Estonian e-Business Register is used to conduct a case study that ties digital assets to a responsible legal entity, allowing for actionable information on vulnerability trends to be analysed and used to improve resilience against impersonation attacks. Discovered vulnerabilities have been forwarded to Estonian Computer Security Incident Response Team
(CERT-EE) who used this information to notify affected service providers.
Graduation Thesis language
English
Graduation Thesis type
Master - Cyber Security
Supervisor(s)
Mari Seeba, Tarmo Oja, Markko Merzin
Defence year
2024