Analysis and Findings of Social Engineering Industry Experts Explorative Interviews: Perspectives on Measures, Tools and Solutions

Hussain Aldawood, Geoffrey Skinner
2020 IEEE Access  
Social engineering is one of the biggest threats organizations face today, as more and more organizations are adopting digitalization. In the context of cyber security, social engineering is the practice of taking advantage of human weaknesses through manipulation to accomplish a malicious goal. For better implementation methods against social engineering, this qualitative study will attempt to provide measures against information security challenges faced by organizations. The analysis is then
more » ... provided by the answers of interviewed experts in the field of cyber security and social engineering. The research herein focuses on the human element of cyber security threats, recognizing that hackers exploit the vulnerabilities and lack of awareness of staff. Then using these issues to create security loopholes and engineer cyber-attacks that include the interruption or infection of information systems, transfer of unauthorized funds, and stealing of credentials. The results of this qualitative study highlight that there is a positive relationship between social engineering and user awareness. The findings build upon the researchers' ongoing work, which postulates that as an increase in contextual social engineering knowledge leads to a decrease in being victims of social engineering and is, therefore, one of the most effective mechanisms for managing social engineering. INDEX TERMS Cyber security social engineering, training and awareness programs, information security awareness programs.
doi:10.1109/access.2020.2983280 fatcat:l5qyhrtnvrge3nwrs6bh5nfboi