User characteristics that influence judgment of social engineering attacks in social networks

Samar Muslah Albladi, George R. S. Weir
2018 Human-Centric Computing and Information Sciences  
User characteristics that influence judgment of social engineering attacks in social networks. Human-centric Computing and Information Sciences, 8 (1). , http://dx. Introduction Although stronger security measures are increasingly developed, promoted and deployed, the number of security breaches is still increasing [1] . his may be because cybercriminals often target a weak and easy access point, the user. No security issue can arise unless there is a weakness that can be exploited by
more » ... nals [2] . Security breaches are causing signiicant damage to organizations in diferent industries through decreasing customer trust [3] and stock returns [4] . According to a report published in 2015, the estimated cost of the data breach that occurred in 2013 to Target, a retail company in the US, ranges between $11 million to $4.9 billion [5] . Furthermore, a recent study conducted by Ponemon Institute [1] states that cyber breaches among 419 organizations cost an average of $3.62 million. Using advanced and sophisticated deception methods to manipulate the user in order to access sensitive information is the essence of social engineering (SE). Most communication media, such as email, telephone, and recently social networks, have been afected by social engineering threats (Additional ile 1). Abstract Social engineering is a growing source of information security concern. Exploits appear to evolve, with increasing levels of sophistication, in order to target multiple victims. Despite increased concern with this risk, there has been little research activity focused upon social engineering in the potentially rich hunting ground of social networks. In this setting, factors that influence users' proficiency in threat detection need to be understood if we are to build a profile of susceptible users, develop suitable advice and training programs, and generally help address this issue for those individuals most likely to become targets of social engineering in social networks. To this end, the present study proposes and validates a user-centric framework based on four perspectives: socio-psychological, habitual, socio-emotional, and perceptual. Previous research tends to rely on selected aspects of these perspectives and has not combined them into a single model for a more cohesive understanding of user's susceptibility.
doi:10.1186/s13673-018-0128-7 fatcat:6iks4wkp5zfj3nm2qyefynm54i