Security Strategies for Hindering Watering Hole Cyber Crime Attack

The significant increase of Advanced Persistent Threat (APT) attacks, especially via watering hole leads to a huge loss to the company as they enable Bring Your Own Devices (BYOD) in the workplace. Higher education institutions also faced the same threat since BYOD has been adopted into their institution. In this paper, a simulation on watering hole attack and spear phishing; comparison between these two APT variants, as well as the survey design based on the Protection Motivation Theory (PMT) are presented. The result of the survey is analyzed using PLS-SEM. The result demonstrated that severity factor and vulnerability factor moderately explained the Protection Behaviour factor; and Protection Behaviour factor is a moderately strong predictor to self-efficacy, but avoidance behavior does not predict self-efficacy directly. Based on this result, a set of security policy for hindering watering hole and spear phishing attack is designed and implemented. The new policy will then be adapted to the university e-learning portal.