A Critical Appraisal of Contemporary Cyber Security Social Engineering Solutions: Measures, Policies, Tools and Applications

Aldawood, Hussain; Skinner, Geoff

doi:10.1109/icseng.2018.8638166

Cited by 23 publications

(22 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In brief, implementing training and awareness programs is a crucial step towards having a secure cyber environment in which users of all ages can freely use technology to conduct positive and self-developing activities. It is considered the most effective way to deal with social engineering threats as technology development has made humans potential targets of hackers and cyber criminals [4,6,[10][11][12]44,[90][91][92].…”

Section: Strategies For Addressing Social Engineering Education and Amentioning

confidence: 99%

“…As employees play the most important role in safeguarding the interest of organizations when it comes to socially engineered attacks, organizations choose to implement information security awareness programs to protect their data. [3,4]. There are some limitations posed in the process of implementing traditional training methods, including financial constraints [5,6].…”

Section: Introductionmentioning

confidence: 99%

“…In the last decade, a number of high-profile web services have been compromised. Such social engineering based attacks have resulted in millions of leaked passwords [4,[10][11][12]. Some recent victims include Yahoo, Dropbox, Last.fm, LinkedIn, Weebly, and MySpace [13].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues

2019

Self Cite

View full text Add to dashboard Cite

The idea and perception of good cyber security protection remains at the forefront of many organizations' information and communication technology strategy and investment. However, delving deeper into the details of its implementation reveals that organizations' human capital cyber security knowledge bases are very low. In particular, the lack of social engineering awareness is a concern in the context of human cyber security risks. This study highlights pitfalls and ongoing issues that organizations encounter in the process of developing the human knowledge to protect from social engineering attacks. A detailed literature review is provided to support these arguments with analysis of contemporary approaches. The findings show that despite state-of-the-art cyber security preparations and trained personnel, hackers are still successful in their malicious acts of stealing sensitive information that is crucial to organizations. The factors influencing users' proficiency in threat detection and mitigation have been identified as business environmental, social, political, constitutional, organizational, economical, and personal. Challenges with respect to both traditional and modern tools have been analyzed to suggest the need for profiling at-risk employees (including new hires) and developing training programs at each level of the hierarchy to ensure that the hackers do not succeed.

show abstract

Section: Strategies For Addressing Social Engineering Education and Amentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues

2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…Social engineering is defined as a non-technical method that relies heavily on human interactions and involves tricking people and manipulating them into breaking normal security procedures [3]. Such threats are challenging as they depend on human behavior and take advantage of vulnerable employees [4]. Thus, businesses today should utilize various strategies to improve employees' awareness of social engineering threats and attacks in order to protect their intellectual properties including information assets.…”

Section: Introductionmentioning

confidence: 99%

“…This factor represents the most important behavioral outcome in the domain of social engineering as it represents the technical and psychological loophole that can be exploited by social engineers to attack organizations. Therefore, organizations should invest in enhancing employees' security practices by educating them about best security practices [22].…”

Section: Introductionmentioning

confidence: 99%

Does Awareness of Social Engineering Make Employees More Secure?

Aldawood¹,

Alashoor²,

Skinner³

2020

IJCA

Self Cite

View full text Add to dashboard Cite

Social engineering has become one of the biggest security threats facing organizations. Rather than relying upon information security technical-related shortcomings to break into computer networks, social engineers make use of employees' individual and organizational traits to deceive them. In such a scenario, it is crucial for organizations to ensure that their employees not only possess sound knowledge about information security but also about the concept of social engineering and threats emerging from social engineering attacks. This study aims to test whether awareness of social engineering can predict and explain individuals' securityprotective practices. We conducted a survey of 265 employees working in different organizations in Saudi Arabia. The results suggest that awareness of social engineering is a positive predictor of security-protective practices above and beyond the predictability power of possessing information security knowledge. Thus, to reduce the probability of potential consequences of social engineering attacks, our study suggests that organizations should not only strive to enhance employees' security knowledge but should also invest in increasing employees' awareness of social engineering.

show abstract