A layered defense mechanism for a social engineering aware perimeter

Abeywardana, Kavinga Yapa; Pfluegel, Eckhard; Tunnicliffe, Martin J.

doi:10.1109/sai.2016.7556108

Cited by 12 publications

(9 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some security organizations encourage companies to adopt the defense in depth strategy to monitor their network and prepared themselves for possible attacks while neglecting the human aspect. In [46], the authors proposed to identify the requirements of an anti-social engineering attacks framework capable of analyzing and mitigating attack risks. They developed a new layered defense technique named Social Engineering Centered Risk Assessment (SERA).…”

Section: Prevention Techniquesmentioning

confidence: 99%

Social Engineering Attacks: A Survey

2019

View full text Add to dashboard Cite

The advancements in digital communication technology have made communication between humans more accessible and instant. However, personal and sensitive information may be available online through social networks and online services that lack the security measures to protect this information. Communication systems are vulnerable and can easily be penetrated by malicious users through social engineering attacks. These attacks aim at tricking individuals or enterprises into accomplishing actions that benefit attackers or providing them with sensitive data such as social security number, health records, and passwords. Social engineering is one of the biggest challenges facing network security because it exploits the natural human tendency to trust. This paper provides an in-depth survey about the social engineering attacks, their classifications, detection strategies, and prevention procedures.

show abstract

Section: Prevention Techniquesmentioning

confidence: 99%

Social Engineering Attacks: A Survey

2019

View full text Add to dashboard Cite

show abstract

“…Befriending [2] Direct Approach [22] Distraction Approach [13,22] Dumpster Diving [22-25, 31, 33, 36, 43, 45, 47, 48, 52] Hoaxing [29,30] Quid pro quo [3,23,27,28,30,32,33,[36][37][38] Pretexting / Impersonation [3, 8, 9, 13, 22-25, 27, 28, 30-38, 43, 5, 47, 48, 53] Red Team [8] Reverse Social Engineering [22,23,[33][34][35][36]47] Role-playing [31] Shoulder Surfing [22-25, 27, 28, 31, 33-37, 45, 48] Scamming [21] Support Staff and Technical Expert [29] Tailgating ou Piggybacking [3, 8, 24, 25, 29-38, 48, 51, 53] Whaling [7,24,33,34,37] Here, we can observe that Pretexting / Impersonation, Tailgating / Piggybacking and Shoulder Surfing are the most non-technical techniques that attackers use.…”

Section: Non-technical Se Technique Sourcesmentioning

confidence: 99%

“…This method of psychological manipulation is used by social engineers to surreptitiously gather information. [8,55] Persuasion A successful relationship with the victim allows the attacker to employ a variety of persuasion techniques. [8,13,55] Authority Having been successfully created, it is the "Holy Grail" for a social engineer because the victim receives multiple orders.…”

Section: Brief Description Sourcesmentioning

confidence: 99%

“…[8,55] Persuasion A successful relationship with the victim allows the attacker to employ a variety of persuasion techniques. [8,13,55] Authority Having been successfully created, it is the "Holy Grail" for a social engineer because the victim receives multiple orders. [8, 22, 31, 36, 46-48, 51, 53, 55] Scarcity Utilised in phishing emails that ask users to check in as soon as possible to receive cash incentives.…”

Section: Brief Description Sourcesmentioning

confidence: 99%

“…The primary focus of security assessment frameworks is on the technical components of extant hazards and an organization's essential assets. As a result, there are insufficiently defined frameworks to recognize, classify, evaluate, and reduce the risks associated with SE [8]. In addition, SE refers to the "art" of persuading others to spread sensitive information, and the act of doing so is called a SE attack [5].…”

mentioning

confidence: 99%

See 2 more Smart Citations

Common Techniques, Success Attack Factors and Obstacles to Social Engineering: A Systematic Literature Review

Lopes,

Mamede,

Reis

et al. 2024

Emerg Sci J

View full text Add to dashboard Cite

Knowledge of Social Engineering is crucial to prevent potential attacks related to organizational Information Security. The objective of this paper aims to identify the most common social engineering techniques, success attack factors, and obstacles, as well as the good practices and frameworks that could be adopted concerning their mitigation. As an analysis methodology, a Systematic Literature Review was carried out. The findings revealed that the discussion about SE attacks has increased and that the most imminent threat is phishing. Exploiting human vulnerabilities is a growing threat when the attack is not carried out directly through technical means. There continue to be more technical attacks than non-technical attacks. Encouraging organizational security prevention, like training, education, technical controls, process development, defense in detail, and the development of security policies, should be considered mitigating factors for the negative impact of SE attacks. Most SE frameworks/models are focused on attack techniques and methods, mostly on technical components, decorating human factor. As a novelty, we found the opportunity to develop a new framework that could improve coverage of the gaps found, supported on security international standards, that could help and support researchers in developing their work, understanding open research topics, and providing a clearer understanding of this type of threat. Doi: 10.28991/ESJ-2024-08-02-025 Full Text: PDF

show abstract

Model-Based Risk Analysis and Evaluation Using CORAS and CVSS

Wirtz

Heisel

2020

Communications in Computer and Information Science

View full text Add to dashboard Cite

A layered defense mechanism for a social engineering aware perimeter

Cited by 12 publications

References 1 publication

Social Engineering Attacks: A Survey

Social Engineering Attacks: A Survey

Common Techniques, Success Attack Factors and Obstacles to Social Engineering: A Systematic Literature Review

Model-Based Risk Analysis and Evaluation Using CORAS and CVSS

Contact Info

Product

Resources

About