Solutions for counteracting human deception in social engineering attacks

The purpose of this paper is to investigate the top three cybersecurity issues in organizations related to social engineering and aggregate solutions for counteracting human deception in social engineering attacks.,A total of 20 experts within Information System Security Association participated in a three-round Delphi study for aggregating and condensing expert opinions. Three rounds moved participants toward consensus for solutions to counteract social engineering attacks in organizations.,Three significant issues: compromised data; ineffective practices; and lack of ongoing education produced three target areas for implementing best practices in countering social engineering attacks. The findings offer counteractions by including education, policies, processes and continuous training in security practices.,Study limitations include lack of prior data on effective social engineering defense. Research implications stem from the psychology of human deception and trust with the ability to detect deception.,Practical implications relate to human judgment in complying with effective security policies and programs and consistent education and training. Future research may include exploring financial, operational and educational costs of implementing social engineering solutions.,Social implications apply across all knowledge workers who benefit from technology and are trusted to protect organizational assets and intellectual property.,This study contributes to the field of cybersecurity with a focus on trust and human deception to investigate solutions to counter social engineering attacks. This paper adds to under-represented cybersecurity research regarding effective implementation for social engineering defense.

[1]  Sholom Cohen,et al.  Analysis of Unintentional Insider Threats Deriving from Social Engineering Exploits , 2014, 2014 IEEE Security and Privacy Workshops.

[2]  Gurpreet Dhillon,et al.  Identifying Governance Dimensions to Evaluate Information Systems Security in Organizations , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[3]  Nicole Beebe,et al.  Using Situational Crime Prevention Theory to Explain the Effectiveness of Information Systems Security , 2005 .

[4]  Xusen Cheng,et al.  Investigating the individual trust and school performance in semi-virtual collaboration groups , 2017, Inf. Technol. People.

[5]  R. Petty,et al.  Mass Media Attitude Change: Implications of the Elaboration Likelihood Model of Persuasion , 2002 .

[6]  Gregory J. Skulmoski,et al.  Journal of Information Technology Education the Delphi Method for Graduate Research , 2022 .

[7]  J. Landeta Current validity of the Delphi method in social sciences , 2006 .

[8]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[9]  Joshua J. Jackson,et al.  Sociogenomic personality psychology. , 2008, Journal of personality.

[10]  Mahmood Hussain Shah,et al.  Information security management needs more holistic approach: A literature review , 2016, Int. J. Inf. Manag..

[11]  Christopher Hadnagy,et al.  Unmasking the Social Engineer: The Human Element of Security , 2014 .

[12]  Anthony F Jorm Using the Delphi expert consensus method in mental health research , 2015, The Australian and New Zealand journal of psychiatry.

[13]  Kathy K. Franklin,et al.  Idea Generation and Exploration: Benefits and Limitations of the Policy Delphi Research Method , 2006 .

[14]  Sang M. Lee,et al.  An integrative model of computer abuse based on social control and general deterrence theories , 2004, Inf. Manag..

[15]  John Blackley,et al.  Information Security Policies , 2004 .

[16]  Mikko T. Siponen,et al.  Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study , 2010, MIS Q..

[17]  Holger Hoffmann,et al.  Incorporating behavioral trust theory into system development for ubiquitous applications , 2012, Personal and Ubiquitous Computing.

[18]  Sanjeev Kumar,et al.  Honeynet Based Botnet Detection Using Command Signatures , 2011 .

[19]  Robert Loo,et al.  The Delphi method: a powerful tool for strategic management , 2002 .

[20]  A. Tiwari,et al.  Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective , 2017 .

[21]  S B Sharkey,et al.  An approach to consensus building using the Delphi technique: developing a learning resource in mental health. , 2001, Nurse education today.

[22]  Bimal Parmar Employee negligence: the most overlooked vulnerability , 2013 .

[23]  Chuanfang Wang A knowledge network production: Ten years of information security research , 2012 .

[24]  Princely Ifinedo,et al.  Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory , 2012, Comput. Secur..

[25]  Gurvirender Tejay,et al.  A Confirmatory Analysis of Information Systems Security Success Factors , 2011, 2011 44th Hawaii International Conference on System Sciences.

[26]  Michael G. Bailey,et al.  The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems , 2004, CITC5 '04.

[27]  Mary Kay Rayens,et al.  Building Consensus Using the Policy Delphi Method , 2000 .

[28]  Ronald L. Rivest,et al.  Cryptography , 1990, Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity.

[29]  Donald R. Cooper,et al.  Business Research Methods , 1980 .

[30]  John C. Windsor,et al.  General deterrence theory: assessing information systems security effectiveness in large versus small businesses , 2009 .

[31]  A. V. D. Ven,et al.  Group Techniques for Program Planning , 1975 .

[32]  Earl R. Babbie,et al.  The Basics Of Social Research , 1998 .

[33]  Chia-Chien Hsu,et al.  The Delphi Technique: Making Sense of Consensus , 2007 .