Keywords

1 Introduction

Nowadays, the benefit of participating in social media not only involve simple social interaction, but also building reputations and bridging in career opportunities, and/or generating direct monetary revenue [1] It’s considered to be the greatest technological invention ever discovered, social digital media are fast gaining popularity globally among online cyber community. Social Media can also serve as tools facilitating intra- and inter-organization activities among peers, customers, business partners, and organizations [2]. Unfortunately, Social Digital Media could lead to several critical cybersecurity risks that could cause serious impact of the Critical National Information Infrastructure (CNII) sector. National Defense and Security; Banking and Finance; Information and Communications; Energy; Transportation; Water; Health Services; Government; Emergency Services; Food and Agriculture that might be difficult to manage and mitigate were the focus area of Critical National Information Infrastructure.

The current advanced Information Communication Technology (ICT) allowed several cybersecurity risks occur and effected the entire activities within Critical National Information Infrastructure sectors. If this occur it’s could be a serious disaster for the entire information infrastructure ecosystem. Moreover, some the cybersecurity risk could cause severe impact of human factors that are vital to their incapacity or destruction would have a devastating impact on National economic strength; National image; National Defense and Security; Government capability to function; Public health and safety. Therefore, this study aims to measure the level of Information Security Risk severity level on Critical National Information Infrastructure (CNII) in the context of Malaysian. The findings could be serve as a fundamental study, and to stimulate innovative ideas in the future research in this body of knowledge.

The paper is organized as follows: the next section briefly describes the literature review on Social Media, Cybersecurity Risk Factors, and Critical National Information Infrastructure (CNII). The third section highlight several related issues on social media and cybersecurity risks in critical national information infrastructure. The forth section describes the methodology and research model used in the study. The fifth section further discusses the results and findings from the study. The final section is devoted to the conclusion and a discussion of contribution and future direction of the study.

2 Related Literature Review

Online Social Digital Media become an effective platform for many businesses, especially cyberpreneur to promote their product and services to capture greater potential market across the globe. Besides the advantages, functions and capability offered by this technology, it’s comes with several issues and challenge that need to overcome in the appropriate manner so that the real benefit of Online Social Media will be fully utilized by cyber community. Fundamental concept and related previous literature for this study had been identified as the basis for this study. This section analyzed and discussed several related literature and concept used for this study.

2.1 Online Social Media Networking

Online Social Media as “a group of Internet-based applications that build on the ideological and technological foundations of Web 2.0, and allow the creation and exchange of user generated content” [3]. Social Media define as the set of Web-based broadcast technologies that enable the democratization of content, giving people the ability to emerge from consumers of content to publishers [4]. Through the Social Media platform, users creates online communities to share information, ideas, personal messages, and other content [5].

The dramatic development of social media has helped shape people’s connections with others via different social media platforms [6]. Social media drive a new set of models for various kinds of businesses that challenge traditional business processes and operations [7]. Individuals and/or organizations therefore must be well prepared to embrace the challenges and opportunities brought about by social media [2]. Generally, social media considered as part of the internet society ecosystem that serve an effective communication channel for cyber community. Besides the unbelievable opportunities offered through this technology, cybersecurity risks considered as emergent challenges to look into seriously.

2.2 Information Security and Cybersecurity Risk Factors

Besides the excitement sharing information about their activities, status, location, feeling, etc., they are not realizing that the information that they share in Online Media Social could contribute to the cybersecurity risks that might be difficult to manage and mitigate. The similar principles of information security risk [8] was adopted to redefine the new term of cybersecurity risks nature. Cybersecurity risks are the chances of electronic forms of threats action on core principles of information security [9] such confidentiality, integrity, availability to cause impact contributed to security incidents. In a computing context, the term security implies cybersecurity from both aspect of technology and human factors. These both aspect of cybersecurity could also consider among challenging issues among Online Social Media users to manage and mitigate.

Based on the literature, 18 common cybersecurity risk factors had been identified for the purpose of this study. There are Identity Theft [1013]; Information manipulation [10, 14, 15]; Cyber Assault/Bullying [10, 15]; Advanced Persistence Threats [10, 15]; Information Theft [10, 15]; Cyber Crime [10, 11, 16]; Insider [10, 16]; Espionage [10, 13]; Cyber Attacks [10, 15]; Transactional [10, 16, 17]; Attack of the Software [10, 11, 17]; Terrorisms [10, 13, 17]; Phishing Pond [10, 15]; Privacy Violation [10, 15]; Risk of Losing the Legal Battle [10, 13]; Corporate Espionage [10, 13]; Viruses and Malware [10, 11]; Productivity Loss [10].

2.3 Critical National Information Infrastructure (CNII)

The term “information infrastructure” has been increasingly used to refer to integrated solutions based on the now ongoing fusion of information and communication technologies [18]. The term became popular after the US plan for National Information Infrastructures (NII) was launched. The term has been widely used to describe national and global communication networks like the Internet and more specialized solutions for communications within specific business sectors [18]. The growing researchers interest for information infrastructure has produced a rich variety of studies and analyses of information infrastructures.

In India, National Cyber Security Policy 2013 [19] was introduce to protect the public and private infrastructure from cyber attacks [20]. The policy also intends to safeguard “information, such as personal information (of web users), financial and banking information and sovereign data”. Knowing the Cyberspace is a complex environment consisting of interactions between people, software services supported by worldwide distribution of information and communication technology [2022]. The main purpose of the policy development is to protect their country Critical National Information Infrastructure.

In Malaysia, Cyber Security Malaysia adopted the similar concept of information infrastructure to describe Critical National Information Infrastructure (CNII) definition. Critical National Information Infrastructure (CNII) is defined as those assets (real and virtual), systems and functions that are vital to the nations that their incapacity or destruction would have a devastating impact on the following aspects:

  • National economic strength [23]; Confidence that the nation’s key growth area can successfully compete in global market while maintaining favourable standards of living.

  • National image [23]; Projection of national image towards enhancing stature and sphere of influence.

  • National defence and security [23]; guarantee sovereignty and independence whilst maintaining internal security.

  • Government capability to functions [23]; maintain order to perform and deliver minimum essential public services.

  • Public health and safety [23]; delivering and managing optimal health care to the citizen.

At this moment, Cyber Security Malaysia had classified 10 Critical National Information Infrastructure focuses Sectors. There are National Defense and Security; Banking and Finance; Information and Communications; Energy; Transportation; Water; Health Services; Government; Emergency Services; Food and Agriculture [23].

Since these 10 sectors considered as the Critical National Information Infrastructure, its could explore several significant results and valuable findings. Therefore, this study will analyzed the Severity level of cybersecurity risk factors on Critical National Information Infrastructure. Details result of the analysis will be discuss further through this article.

3 Social Media Cybersecurity Risk Issues on Critical National Information Infrastructure

Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access [11, 24]. Social Digital Media could lead to several critical cybersecurity risks that could cause serious impact of the Critical National Information Infrastructure (CNII) sector, such National Defense and Security; Banking and Finance; Information and Communications; Energy; Transportation; Water; Health Services; Government; Emergency Services; Food and Agriculture [23] that might be difficult to manage and mitigate. Moreover, some the cybersecurity risk could cause severe impact of human factors that are vital to their incapacity or destruction would have a devastating impact on National economic strength; National image; National Defense and Security; Government capability to function; Public health and safety [23].

National Defense and Security considered as one of the Critical National Information Infrastructure (CNII) that need the top priorities on managing the cybersecurity risks. Information Theft; Information Manipulation; Cyber Attack; and Identity Theft normally will jeopardized confidentiality, integrity and availability of the information that could lead to National Defense and Security. Another Critical National Information Infrastructure (CNII) sector is Banking and Finance. In banking and finance sector, numerous banking transaction every day involves billions of user bank account around the globe via online platform also highly exposed to cybersecurity risks. Cybersecurity Risks such Identity Theft could allows unauthorized access into personal user bank account and conducts illegal money transfer. Another, equally critical, sector that is now fully integrated with cyberspace is telecommunications. Telecommunications and IT are extensively employed for computerised control and supervision of sectors like power, nuclear energy, gas pipelines, etc., which are generally not connected to the internet, but are still vulnerable to malware attacks [25]. For that reason, Information and Communication sector need to give priorities in handling cybersecurity risks.

Cybersecurity risk is currently becoming serious issues in digital social media due to the increasing number of social media population growth. The spectrum of the risks are really wide and unpredictable. Cybersecurity risk caused by common risk factors, which is threats and vulnerability of information in social media. Social media allows social engineer use the psychological manipulation of people into performing actions confidential information for the purpose of information gathering, fraud or system access [15, 2628]. Digital Social Media becomes the source of information for Social Engineer to capture and harvest the useful information for the purpose of the cyber attack.

Online Social Media might highly contribute to cybersecurity risks on Critical Information Infrastructure need to be identified and measure in order to understand the level of severity for each of them so that will be manage effectively. The capability of Online Social Media act as communication platform among cyber community, it’s could also become a phishing pond for cyberwarfare and cybercrimes. For extreme cases, the impact of the cyberwarfare and cybecrime might cause human personal security, safety and psychological impact in nature.

4 Methodology

A study using questionnaire survey was applied in this research. Five-Point-Likert-Scale was used to measure the severity level of online social media cybersecurity risk on Critical National Information Infrastructure (CNII). Both primary and secondary data were used in order to accomplish this research objective. Cybersecurity risk factors for Malaysian social media digital users and cyber community as described in previous section were used to determine its risk severity on Critical National Information Infrastructure.

The research model in Fig. 1 is built based on the combination of several past literatures instead of a single research model. The research model discussed the cybersecurity risk factors in digital social media. Eighteen (18) cybersecurity risk factors were used in the research to determine their ranking based on risk criticalness in Digital Social Media directly affected the Critical National Information Infrastructure.

Fig. 1
figure 1

Research analysis model

Full size image

5 Results, Discussions and Findings

Data were collected from various private, government agencies and practitioners for the study. An appropriate statistical analysis used to analyze the results in order to conclude the findings.

5.1 Respondent’s Demographic Profiles

Respondent’s demographic profile examined were respondent’s personal gender, age, professional experiences, organizational sectors and their industrial involvements. Most of them are the professional and senior executives from various organization and institutions in Malaysia. Therefore, the analysis shows that most of the respondent were consider as appropriate professionals that possess sufficient experience to response to the entire question trustfully and accurately. Table 1 summarized the demographic profiles of respondents involved in the study.

Table 1 Respondent’s demographic profile
Full size table

5.2 Reliability Test: Cronbach’s Alpha Coefficient

Cronbach’s Alpha Coefficient was used to test the survey item’s reliability. A coefficient value which is closer to “1” is required. Cronbach Alpha value for Cybersecurity risks impact on critical national infrastructure, 0.977 are high. Since the value of reliability test more then 0.7, its considered as reliable. The value 0.7 used as a benchmark value of reliability test by others the researchers [29, 30] the scale for these construct were considered to exhibit an acceptable reliability. Table 2, briefly describes result of the reliability test.

Table 2 Reliability test result: Cronbach’s alpha value
Full size table

5.3 Analysis Results: Online Social Media Cybersecurity Risk Factors Severity Level Impact on Critical National Information Infrastructure (CNII)

The highest mean in Table 3 represents the most severe impact of Online Social Media Cybersecurity Risk factors affected on Critical National Information Infrastructure while the lowest mean represents the least critical.

Table 3 Result: mean score ranking for critical cybersecurity risks severity level impact on critical national information infrastructure (CNII)
Full size table

The highest mean in Table 3 represents the most severe impact of Online Social Media Cybersecurity Risk factors affected on Critical National Information Infrastructure while the lowest mean represents the least critical.

Analysis results from the study explore the severity level of Online Social Media Cybersecurity Risks factors on Critical National Information Infrastructure (CNII). Information Theft; Cyber Crime; and Cyber Attacks considered as the most critical cybersecurity risk factors from the study. Information Theft frequently cause by lack of cybersecurity awareness among Online Social Media users. Most of them usually not configure the security setting carefully for their social media account. As a results, personal confidential data, such files and photos could be at risk on information theft activities. Leakages of confidentiality data an information could lead to more Cybercrime and Cyber attack incidents that also associated to 10 critical sectors of National Information Infrastructure. Therefore, severity levels discovered from the study might be use as indicator an preliminary study for strategic planning to mitigate critical cybersecurity risks and manage its impact on Critical National Information Infrastructure (CNII) efficiently.

The second Cybersecuity Risk Factors was Productivity Loss. This cybersecurity risk factor is caused by poor planning in business recovery plan and lack of contingency plan to manage the impact of the risks. For example, if the cybersecurity risk affected Critical Information Infrastructure (CNII) especially in Information and Telecommunication sector, it’s directly affected the quality of service. Meanwhile, other associated cybersecurity risk factors also could give serious problem to organization because it may interrupt the entire business operation. Finally it’s will affected the productivity of the organization performance.

The third critical threat risk factors were Information Manipulation; Advanced Persistence Threats; and Viruses and Malware. Consequently, the Information Manipulation; Advanced Persistence Threats; and Viruses and Malware might definitely contributes to the risk of ICT failures may give impact to the entire operation and information management processes in 10 critical sectors of National Information Infrastructure especially those are highly depend on ICT services. For example, if our utility bills records had been manipulated higher than what it’s cost by hackers/Viruses/Malware, we need to pay the higher bills for that we not use. If the service provider did not overcome this cybersecurity risk, its give bad reputation to customer. As a result, ICT service failures could damage the service provider image and reputation. Furthermore, public security and safety of the citizen could also at risks due to these failures.

Other critical Cybersecurity Risk Factors were Privacy Violation; Phishing Pond; Insider; and Transactional Attacks. Online Social Media could be the best platform for the source of information including the confidential data. Frequently, most of the social media user did not realized, they actually sharing their confidential information and personal data while updating their status or posted messages in social media platform. This information leakage is a critical problem for Critical National Information Infrastructure, where security information must be carefully managed and organized.

Conversely, Attack of the Software; Cyber Assault/Bullying; Espionage; Terrorisms; Risk of Losing the legal Battle. represents the lowest severity level from the same study. Attack of the Software rated the least critical because current advanced security technology able to manage attack of the software effectively. In addition, trends of the cybersecurity attack had change, hackers now prefer to harvest personal confidential information rather to attack the software.

Second least critical cybersecurity risk factors are Cyber Assault/Bullying through Online Social Media platform. Social media allows social engineer use the psychological manipulation of people into performing actions confidential information for the purpose of information gathering, fraud or system access as well as Cyber Assault/Bullying. This attack could affected one of the 10 critical sector of information infrastructure which is public health dan safety of the social media user.

Third least critical cybersecurity risk factors are Espionage, the practice of spying or of using spies, typically by governments to obtain political and military information. Espionage provide information as to anyone who need the valuable information. Espionage easily capture these valuable information though Online Social Media platform because most of the user share almost all of their information, activities, location, etc. including their personal confidential data.

Even these cybersecurity risk factors considered as least critical affected the Critical National Information Infrastructure, special concern still needed to ensure the sustainability of the businesses and services.

In general, results of the analysis shows that, similar cybersecurity risk arise in Online Social Media and directly affected to the security of Critical National Information Infrastructure (CNII) but then the severity level were differently discussed due to several factors that contribute to the risks.

6 Conclusion and Future Directions

The existence of Online Social Media, had changed today knowledge society in every aspect of human life. It’s changed personal lives, business activities, relational interaction, teaching and learning, communication and collaboration with various communities tremendously. However, if the sharing and disseminations of the confidential information via the social media could cause cybersecurity risks on Critical National Information Infrastructure (CNII). Analysis from this study shows some significant findings toward quantifying the severity level of cybersecurity risk factors on Critical National Information Infrastructure (CNII). Result of the analysis used as basis to prioritize the ranking of critical cybersecurity risk on Critical National Information Infrastructure.

The research finding discovered the top 5 most critical cybersecurity risk impact on Critical National Information Infrastructure (CNII) are Information Theft; Cyber Attacks; Cyber Crime; Information Manipulation; Productivity Loss. The findings indicates the similar nature of cybersecurity risk is critical. The human factors still considered the weakest link in cybersecurity incident on Critical National Information Infrastructure (CNII). Contrariwise, this article also highlight top 5 least critical cybersecurity risks impact on Critical National Information Infrastructure (CNII) which are Attack of the Software; Cyber Assault/Bullying; Espionage; Terrorisms; Risk of Losing the legal Battle.

Eventually, the findings possibly will provide an empirical evidences for the improvement to practitioner and technology implementer. Through the findings, experts, management and practitioners would be able to identify critical cybersecurity risk and address them more effective in order to minimize its related impact on Critical National Information Infrastructure (CNII) sectors. The findings through this study could also lead to the expansion of new knowledge and future discoveries.