Defining Social Engineering in Cybersecurity

Wang, Zuoguang; Sun, Limin; Zhu, Hongsong

doi:10.1109/access.2020.2992807

Cited by 81 publications

(54 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The lack of a structured definition has led to works that have focused solely on defining the term. One such work by Wang, Sun and Zhu has defined Social Engineering in cyber-security as a type of attack wherein the attacker(s) exploit human vulnerabilities by means of social interaction to breach cyber security, with or without the use of technical means and technical vulnerabilities [ 4 ]. Going forward, this paper will be using this definition by Wang et al, as the standard definition for the term ’Social Engineering Attack’ (SEA) in this study.…”

Section: Introductionmentioning

confidence: 99%

Social Engineering Attacks During the COVID-19 Pandemic

2021

View full text Add to dashboard Cite

The prevailing conditions surrounding the COVID-19 pandemic has shifted a variety of everyday activities onto platforms on the Internet. This has led to an increase in the number of people present on these platforms and also led to jump in the time spent by existing participants online. This increase in the presence of people on the Internet is almost never preceded by education about cyber-security and the various types of attacks that an everyday User of the Internet may be subjected to. This makes the prevailing situation a ripe one for cyber-criminals to exploit and the most common type of attacks made are Social Engineering Attacks. Social Engineering Attacks are a group of sophisticated cyber-security attacks that exploit the innate human nature to breach secure systems and thus have some of the highest rate of success. This paper delves into the particulars of how the COVID-19 pandemic has set the stage for an increase in Social Engineering Attacks, the consequences of this and some techniques to thwart such attacks.

show abstract

Section: Introductionmentioning

confidence: 99%

Social Engineering Attacks During the COVID-19 Pandemic

2021

View full text Add to dashboard Cite

show abstract

“…Social engineering can be traced back to 1984 [6]. It can be referred to as the "psychological manipulation of people into performing actions or divulging confidential information that cannot be effectively dealt with using traditional security methods", as these "do not investigate the exploitation of human vulnerabilities" [8].…”

Section: Literature Reviewmentioning

confidence: 99%

“…Thirty percent of large companies indicated that social engineering attacks can cost more than 100,000 USD per instance. In 2018, 85% of organizations were attacked, an increase by 16%, and the average annual cost reached 1.4 million USD [6]. A study conducted by [7] indicated that the FBI's data gives an average cost of 130,000 USD and that costs can extend to millions of dollars in some cases.…”

Section: Introductionmentioning

confidence: 99%

Measuring Awareness of Social Engineering in the Educational Sector in the Kingdom of Saudi Arabia

et al. 2021

View full text Add to dashboard Cite

Social engineering is one of the most inventive methods of gaining unauthorized access to information systems and obtaining sensitive information. This type of cybersecurity threat requires minimal technical knowledge because it relies on the organization’s human element. Social engineers use various techniques, such as phishing, to manipulate users into either granting them access to various systems or disclosing their private data and information. Social engineering attacks can cost organizations more than 100,000 USD per instance. Therefore, it is necessary for organizations to increase their users’ awareness of social engineering attacks to mitigate the problem. The aim of this study is to provide a measurement of social engineering awareness in the Saudi educational sector. To achieve the aim of this study, a questionnaire was developed and evaluated. A total of 465 respondents completed the survey and answered questions related to measuring their knowledge of social engineering. The results show that 34% of participants (158 participants) had previous knowledge of social engineering approaches. The results also indicate that there are significant differences between participants with prior knowledge of social engineering and those with no such knowledge in terms of their security practices and skills. The implication of this study is that training is an essential factor in increasing the awareness of social engineering attacks in the Saudi educational sector.

show abstract

“…In connection with phishing and the exploitation of human error sources, social engineering is frequently mentioned in the scientific literature (Wang et al, 2020). While phishing attacks are the gateways for criminals to access sensitive data, social engineering tactics are used as the underlying methodology and act as an enabler.…”

Section: Organizational Aspects Of Cybersecuritymentioning

confidence: 99%

Organizational aspects of cybersecurity in German family firms – Do opportunities or risks predominate?

Ulrich

Timmermann

Frank

2021

OCJ

View full text Add to dashboard Cite

PurposeThe starting point for the considerations the authors make in this paper are the special features of family businesses in the area of management discussed in the literature. It has been established here that family businesses sometimes choose different organizational setups than nonfamily businesses. This has not yet been investigated for cybersecurity. In the context of cybersecurity, there has been little theoretical or empirical work addressing the question of whether the qualitative characteristics of family businesses have an impact on the understanding of cybersecurity and the organization of cyber risk defense in the companies. Based on theoretically founded hypotheses, a quantitative empirical study was conducted in German companies.Design/methodology/approachThe article is based on a quantitative-empirical survey of 184 companies, the results of which were analyzed using statistical-empirical methods.FindingsThe article asked – based on the subjective perception of cybersecurity and cyber risks – to what extent family businesses are sensitized to the topic and what conclusions they draw from it. An interesting tension emerges: family businesses see their employees more as a security risk, but do less than nonfamily businesses in terms of both training and organizational establishment. Whether this is due to a lack of technical or managerial expertise, or whether family businesses simply think they can prevent cybersecurity with less formal methods such as trust, is open to conjecture, but cannot be demonstrated with the research approach taken here. Qualitative follow-up studies are needed here.Originality/valueThis paper represents the first quantitative survey on cybersecurity with a specific focus on family businesses. It shows tension between awareness, especially of risks emanating from employees, and organizational routines that have not been implemented or established.

show abstract

Defining Social Engineering in Cybersecurity

Cited by 81 publications

References 57 publications

Social Engineering Attacks During the COVID-19 Pandemic

Social Engineering Attacks During the COVID-19 Pandemic

Measuring Awareness of Social Engineering in the Educational Sector in the Kingdom of Saudi Arabia

Organizational aspects of cybersecurity in German family firms – Do opportunities or risks predominate?

Contact Info

Product

Resources

About