Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues

Aldawood, Hussain; Skinner, Geoff

doi:10.3390/fi11030073

Cited by 109 publications

(77 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Moreover, these traditional programs generally adopted a generalized approach rather than emphasizing different manipulation techniques adopted by attackers. Further, they were conducted in a completely formal setting which had certain limitations such as lack of employee engagement [10]. As mentioned in [11], traditional awareness programs like printing posters and warning messages in the form of screensavers only provided basic awareness regarding such attacks.…”

Section: Discussion 31 Traditional Awareness Programsmentioning

confidence: 99%

Evaluating Contemporary Digital Awareness Programs for Future Application within the Cyber Security Social Engineering Domain

Aldawood¹,

Skinner²

2020

IJCA

Self Cite

View full text Add to dashboard Cite

Social engineering is a rising threat to individuals and organizations, causing massive losses every day. Contemporary and innovative methods to mitigate these threats are needed today more than any other time in the past. This study aimed to assess the different awareness programs and techniques being developed or utilized against cyber security social engineering. A systematic review of various studies was performed, identifying that interactive awareness programs against social engineering are far superior and more engaging than traditional training sessions.

show abstract

Section: Discussion 31 Traditional Awareness Programsmentioning

confidence: 99%

Evaluating Contemporary Digital Awareness Programs for Future Application within the Cyber Security Social Engineering Domain

Aldawood¹,

Skinner²

2020

IJCA

Self Cite

View full text Add to dashboard Cite

show abstract

“…Tablets are also equipped with various application software that poses the same limitation as mobile applications. They expose the user to possible malware, worm, and Trojan attack vectors of social engineering [40,[58][59][60][61][62]].…”

Section: Tabletmentioning

confidence: 99%

A Taxonomy for Social Engineering Attacks via Personal Devices

Aldawood¹,

Skinner²

2019

IJCA

Self Cite

View full text Add to dashboard Cite

Social engineering attacks are a major threat to organizations and individuals as digitization and connectivity through the internet increase. This study aims to review scholarly research analyzing the topic of social engineering and further chart the evolution of the threat. The review identifies methods of such attacks on various platforms and devices and discusses motivations behind social engineering attacks. Finally, the paper analyzes the nature and impact of social engineering attacks and presents a taxonomy on socially engineered attacks by analyzing their anatomy.

show abstract

“…It has been widely accepted that awareness is one of the most important aspects of information security [5,6]. People using the most secure systems are also often the most vulnerable to social engineering attacks [7]. Employees sometimes ignore time-consuming security procedures in an effort to complete work tasks more quickly.…”

Section: Introductionmentioning

confidence: 99%

“…Given the fact that social engineering threats are dynamic and constantly evolving, developing a mitigation strategy becomes a top priority for organizations, including training employees to counter such attacks [7,10]. This countermeasure includes testing their level of awareness of social engineering from time to time [11,12].…”

Section: Introductionmentioning

confidence: 99%

“…Also, it is essential for organizations to have a defined set of security rules for attaining maximum efficacy. In addition to protecting companies from attackers, one of the greatest benefits of enforcing security policies is the protection from potential lawsuits that may arise in case of attacks and crack downs from the local authorities [7].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Does Awareness of Social Engineering Make Employees More Secure?

Aldawood¹,

Alashoor²,

Skinner³

2020

IJCA

Self Cite

View full text Add to dashboard Cite

Social engineering has become one of the biggest security threats facing organizations. Rather than relying upon information security technical-related shortcomings to break into computer networks, social engineers make use of employees' individual and organizational traits to deceive them. In such a scenario, it is crucial for organizations to ensure that their employees not only possess sound knowledge about information security but also about the concept of social engineering and threats emerging from social engineering attacks. This study aims to test whether awareness of social engineering can predict and explain individuals' securityprotective practices. We conducted a survey of 265 employees working in different organizations in Saudi Arabia. The results suggest that awareness of social engineering is a positive predictor of security-protective practices above and beyond the predictability power of possessing information security knowledge. Thus, to reduce the probability of potential consequences of social engineering attacks, our study suggests that organizations should not only strive to enhance employees' security knowledge but should also invest in increasing employees' awareness of social engineering.

show abstract

Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues

Cited by 109 publications

References 53 publications

Evaluating Contemporary Digital Awareness Programs for Future Application within the Cyber Security Social Engineering Domain

Evaluating Contemporary Digital Awareness Programs for Future Application within the Cyber Security Social Engineering Domain

A Taxonomy for Social Engineering Attacks via Personal Devices

Does Awareness of Social Engineering Make Employees More Secure?

Contact Info

Product

Resources

About