STRisk: A Socio-Technical Approach to Assess Hacking Breaches Risk

TL;DR

This paper introduces STRisk, a socio-technical predictive system that combines technical indicators and social media factors to accurately assess hacking breach risks for organizations, achieving high predictive performance.

Contribution

We develop a novel socio-technical model incorporating social media data into breach risk prediction, improving accuracy over purely technical approaches.

Findings

Achieved over 98% AUC in breach prediction.

Social features like spreadability and agreeability are key predictors.

Technical features such as open ports and expired certificates are highly influential.

Abstract

Data breaches have begun to take on new dimensions and their prediction is becoming of great importance to organizations. Prior work has addressed this issue mainly from a technical perspective and neglected other interfering aspects such as the social media dimension. To fill this gap, we propose STRisk which is a predictive system where we expand the scope of the prediction task by bringing into play the social media dimension. We study over 3800 US organizations including both victim and non-victim organizations. For each organization, we design a profile composed of a variety of externally measured technical indicators and social factors. In addition, to account for unreported incidents, we consider the non-victim sample to be noisy and propose a noise correction approach to correct mislabeled organizations. We then build several machine learning models to predict whether an organization is exposed to experience a hacking breach. By exploiting both technical and social features, we achieve a Area Under Curve (AUC) score exceeding 98%, which is 12% higher than the AUC achieved using only technical features. Furthermore, our feature importance analysis reveals that open ports and expired certificates are the best technical predictors, while spreadability and agreeability are the best social predictors.