Abstract
In the field of cybersecurity human factor is considered one of the most critical elements. Security experts know well the importance of people’s security behaviors such as managing passwords, avoiding phishing attacks and similar. However, organizations still lack a strong cybersecurity culture to manage security risks related in particular to the human factor. In this paper we describe the results of a study involving 212 employees belonging to two companies operating in the service sector. Within a cybersecurity awareness project executed in each company, employees participated in workshop sessions and were asked to evaluate the credibility and the success probability of a list of the most common security risk scenarios based on social engineering techniques. Cyber-attacks based on these techniques are considered among the most successful because use psychological principles to manipulate people’s perception and obtain valuable information. The comparison of results obtained in the two companies shows that awareness training programs pay off in terms of raising people’s attention to cyber-risks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ponemon Institute: Cost of a Data Breach Study: Global Overview (2018). https://databreachcalculator.mybluemix.net/assets/2018_Global_Cost_of_a_Data_Breach_Report.pdf
Allianz: Allianz Risk Barometer. Top Business Risks for (2018). https://www.agcs.allianz.com/assets/PDFs/Reports/Allianz_Risk_Barometer_2018_EN.pdf
ENISA: Threat Landscape Report. 15 Top Cyberthreats and Trends (2018). https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018
Verizon: Data Breach Investigation Report (2018). https://enterprise.verizon.com/resources/reports/DBIR_2018_Report_execsummary.pdf
CISCO, Cisco 2018 Annual Security Report (2018). https://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/acr2018/acr2018final.pdf
Brundage, M., Avin, S., Clark, J., et al.: The malicious use of artificial intelligence: forecasting, prevention, and mitigation (2018). https://arxiv.org/abs/1802.07228
Schultz, E.: The human factor in security. Comput. Secur. 24(6), 425–426 (2005)
Corradini, I.: Human factors in hybrid threats: the need for an integrated view. In: Zorzino, G., et al. (eds.) Hybrid Cyberwarfare and The Evolution of Aerospace Power: Risks and Opportunities, pp. 85–96, CESMA (2017)
Ki-Aries, D., Faily, S.: Persona-centred information security awareness. Comput. Secur. 70, 663–674 (2017)
Mitnick, K.D., Simon, W.L.: The Art of Deception: Controlling the Human Element of Security. Wiley, New York (2002)
Schneier, B.: Secrets and Lies. Wiley, New York (2000)
Bullée, J.W.H., Montoya, L., Pieters, W., Junger, M., Hartel, P.: On the anatomy of social engineering attacks: a literature-based dissection of successful attacks. J. Invest. Psychol. Offender Profiling 15(1), 20–45 (2018)
Barnes, S.: A privacy paradox: social networking in the United States. First Monday, 11(9) (2006). https://firstmonday.org/article/view/1394/1312_2
Barth, S., de Jong, M.D.T.: The privacy paradox: investigating discrepancies between expressed privacy concerns and actual online behavior – a systematic literature review. Telematics Inform. 34(7), 1038–1058 (2017)
Schneier, B.: https://www.schneier.com/blog/archives/2013/01/people_process.html
De Bruijn, H., Janssen, M.: Building cybersecurity awareness: the need for evidence-based framing strategies. Gov. Inf. Q. 34, 1–7 (2017)
Enisa: Cyber Security Culture in organizations (2018). https://www.enisa.europa.eu/publications/cyber-security-culture-in-organisations
Corradini, I., Nardelli, E.: Building organizational risk culture in cyber security: the role of human factors. In: AHFE 2018, pp. 193–202. Springer, Cham (2018)
Wilson, M., Hash, J.: Building an information technology security awareness and training program. NIST Special Publication 800-50, USA (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Corradini, I., Nardelli, E. (2020). Social Engineering and the Value of Data: The Need of Specific Awareness Programs. In: Ahram, T., Karwowski, W. (eds) Advances in Human Factors in Cybersecurity. AHFE 2019. Advances in Intelligent Systems and Computing, vol 960. Springer, Cham. https://doi.org/10.1007/978-3-030-20488-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-20488-4_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20487-7
Online ISBN: 978-3-030-20488-4
eBook Packages: EngineeringEngineering (R0)