Cybersecurity:risks, vulnerabilities and countermeasures to prevent social engineering attacks
Nabie Y. Conteh and Paul J. Schmick
Abstract
The broad objective of this study is to evaluate the vulnerabilities of an organization’s information technology infrastructure, which include hardware and software systems, transmission media, local area networks, wide area networks, enterprise networks, intranets, and its use of the internet to cyber intrusions. To achieve this objective, the paper attempts to explain the importance and the role of social engineering in network intrusions and cyber-theft. It also discusses in vivid detail, the reasons for the rapid expansion of cybercrime. The paper also includes a complete description and definition of social engineering, the role it plays in network intrusion and cyber identity theft, a discussion of the reasons for the rise in cybercrime and their impact on organizations. In closing the authors recommend some preventive measures and possible solutions to the threats and vulnerabilities of social engineering. The paper concludes that while technology has a role to play in reducing the impact of social engineering attacks, the vulnerability resides with human behaviour, human impulses and psychological predispositions. While literature supports the dangers of psychological susceptibilities in social engineering attacks investment in organizational education campaigns offer optimism that social engineering attacks can be reduced.
Keyword
Cyber security, Cyber theft, Social Engineering, Cybercrime, Phishing, Network Intrusions.
Cite this article
Refference
[1][1]Ragan S, W Staff. Social engineering: study finds Americans willingly open malicious emails.http://www.csoonline.com/article/2133877/social-engineering/social-engineering--study-finds-americans-willingly-open-malicious-emails.html. Accessed 28 August 2013.
[2][2]Maan PS, Sharma M. Social engineering: a partial technical attack. International Journal of Computer Science Issues. 2012; 9(2):557-9.
[3][3]Anonymous. FBI: Cyber-attacks surpassing terrorism as major domestic threat. https://www.rt.com/usa/fbi-cyber-attack-threat-739/. Accessed 25 November 2013.
[4][4]Engebretson P. The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. Elsevier; 2011.
[5][5]Luo X, Brody R, Seazzu A, Burd S. Social engineering: the neglected human factor for information security management. Information Resources Management Journal. 2011; 24(3):1-8.
[6][6]Bisson D. 5 Social engineering attacks to watch out for. The state of security. http://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/. Accessed 23 March 2015.
[7][7]Andress J. The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Elsevier; 2011.
[8][8]Nakashima E, Peterson A. Report: cybercrime and espionage costs $445 billion annually. The Washington Post. https://www.washingtonpost.com/world/national-security/report-cybercrime-and-espionage-costs-445-billion-annually/2014/06/08/8995291c-ecce-11e3-9f5c-9075d5508f0a_story.html . Accessed 9 June 2014.
[9][9]Strohm C. Cyber theft, already a $445 billion business, to grow bigger. http://www.insurancejournal.com/news/national/2014/06/09/331333.htm. Accessed 9 June 2014.
[10][10]Grimes RA. 5 reasons internet crime is worse than ever. Info World. http://www.infoworld.com/article/2608631/security/5-reasons-internet-crime-is- worse-than-ever.html?page=2. Accessed 23 March 2015.
[11][11]Taylor RW, Fritsch EJ, Liederbach J. Digital crime and digital terrorism. Prentice Hall Press; 2014.
[12][12]Vacca JR. Computer and information security handbook. Newnes; 2012.
[13][13]Diana A. Social engineering targets weakest security link: employees. http://www.enterprisetech.com/2015/05/19/social-engineering-targets-weakest-security-link-employees/ Accessed 19 May 2015.
[14][14]Chitrey A, Singh D, Singh V. A comprehensive study of social engineering based attacks in India to develop a conceptual model. International Journal of Information and Network Security. 2012; 1(2):45-53.
[15][15]Bowen BM, Devarajan R, Stolfo S. Measuring the human factor of cyber security. In international conference on technologies for homeland security (HST) 2011(pp. 230-5). IEEE.