Search results

The purpose of this paper is to investigate the top three cybersecurity issues in organizations related to social engineering and aggregate solutions for counteracting human deception in social engineering attacks.

A total of 20 experts within Information System Security Association participated in a three-round Delphi study for aggregating and condensing expert opinions. Three rounds moved participants toward consensus for solutions to counteract social engineering attacks in organizations.

Three significant issues: compromised data; ineffective practices; and lack of ongoing education produced three target areas for implementing best practices in countering social engineering attacks. The findings offer counteractions by including education, policies, processes and continuous training in security practices.

Study limitations include lack of prior data on effective social engineering defense. Research implications stem from the psychology of human deception and trust with the ability to detect deception.

Practical implications relate to human judgment in complying with effective security policies and programs and consistent education and training. Future research may include exploring financial, operational and educational costs of implementing social engineering solutions.

Social implications apply across all knowledge workers who benefit from technology and are trusted to protect organizational assets and intellectual property.

This study contributes to the field of cybersecurity with a focus on trust and human deception to investigate solutions to counter social engineering attacks. This paper adds to under-represented cybersecurity research regarding effective implementation for social engineering defense.

One of the key components to fraud prevention is strong internal controls. However, the greatest threat to an organization's information security is the manipulation of employees who are too often the victims of ploys and techniques used by slick con men known as social engineers. The purpose of this paper is to help prevent future incidents by increasing the awareness of social engineering attacks.

A review of the more common social engineering techniques is provided. Emphasis is placed on the fact that it is very easy for someone to become a victim of a social engineer.

While many organizations recognize the importance and value of having strong internal controls, many fail to recognize the dangers associated with social engineering attacks.

Individuals and organizations remain vulnerable to social engineering attacks. The focus on internal controls is simply not enough and is not likely to prevent these attacks. Raising awareness is a good first step to addressing this significant and potentially dangerous problem.

This paper provides a concise summary of the most common social engineering techniques. It provides additional evidence that individuals need to better understand their susceptibility to becoming a victim of a social engineer as victims may expose their organizations to very significant harm.

The aim of this article is to explore how social engineering and social marketing are connected, and how social marketing is a tool used to achieve adherence to social engineering.

Through examination of contemporary and historical thinking around social marketing, we present a conceptual argument that social marketing is another tool of the social engineer, and that social engineering, through methods such as social marketing, is pervasive throughout all societies in positive ways.

We develop a conceptual model of social engineering and social marketing, which goes beyond behaviour change to incorporate the essentials of society and the influencers of those essentials. In doing so, we show that social marketing influenced behaviour lies within the social engineering influenced laws, codes and norms of society, which in turn lie within the morals, values and beliefs of society.

This article provides for the first time a conceptual grounding of social marketing within social engineering, enabling academics and practitioners to contextualise social marketing activities in a broader societal framework.

The purpose of this transcendental phenomenological qualitative research study is to understand the essence of what it is like to be an information systems professional working in the USA while managing and defending against social engineering attacks on an organization. The findings add to the information system (IS) body of literature by uncovering commonly shared attitudes, motivations, experiences and beliefs held by IS professionals who are responsible for protecting their company from social engineering attacks.

This is a qualitative, transcendental phenomenological study that was developed to gain a deeper understanding about the essence of what it is like to be an IS professional defending a US business against social engineering attacks. This research design is used when sharing the experiences of study participants is more important than presenting the interpretations of the researcher. To target participants from the industries identified as regularly targeted by social engineers, purposive sampling was used in conjunction with the snowball sampling technique to find additional participants until saturation was reached.

Ten themes emerged from the data analysis: (1) foster a security culture, (2) prevention means education, (3) layered security means better protection, (4) prepare, defend and move on, (5) wide-ranging responsibilities, (6) laying the pipes, (7) all hands on deck, (8) continuous improvement, (9) attacks will never be eliminated and (10) moving pieces makes it harder. The ten themes, together, reveal the essence of the shared experiences of the participants with the phenomenon.

Understanding how to defend an enterprise from social engineering attacks is an international issue with implications for businesses and IS professionals across the world. The findings revealed that to prevent social engineer attacks, all employees – IS and non-IS professionals alike – must be unified in their desire to protect the organization. This means IS professionals and organizational leadership must establish a strong security culture, not only through layered technology and electronic controls but also through open communication between all departments and continuously engaging, training and reinforcing social engineering education, policies, procedures and practices with all employees.

To explore the distinctions between social marketing and social engineering.

Evaluates alternative definitions proposed in the theoretical literature. Gives examples of the use of social engineering by democratic governments, contrasting this with the use by totalitarian regimes of a process of social fabrication, social engineering and social marketing in the form of propaganda.

The consequences of some individual behaviors don’t just affect that one person. When a widespread individual behavior has a social impact then society – typically the government – has to decide if the impact is bad enough to justify doing something about it. That can mean legislation, but is also likely to use marketing methods such as publicity campaigns to influence behavior. This kind of social marketing is generally seen as a “good thing”. Strange, perhaps, when people usually describe social engineering as a “bad thing”.

Concludes that when the public is fully aware of the links between social marketing and social engineering, people will be better able to appreciate the extent to which their behavior is being influenced.

Argues that marketers have an obligation to assess whether social marketing campaigns in which they participate are consistent with the norms and values of their society.

Describes social engineering as a normal part of the business of government – whether totalitarian or democratically elected.

This paper aims to outline strategies for defence against social engineering that are missing in the current best practices of information technology (IT) security. Reason for the incomplete training techniques in IT security is the interdisciplinary of the field. Social engineering is focusing on exploiting human behaviour, and this is not sufficiently addressed in IT security. Instead, most defence strategies are devised by IT security experts with a background in information systems rather than human behaviour. The authors aim to outline this gap and point out strategies to fill the gaps.

The authors conducted a literature review from viewpoint IT security and viewpoint of social psychology. In addition, they mapped the results to outline gaps and analysed how these gaps could be filled using established methods from social psychology and discussed the findings.

The authors analysed gaps in social engineering defences and mapped them to underlying psychological principles of social engineering attacks, for example, social proof. Furthermore, the authors discuss which type of countermeasure proposed in social psychology should be applied to counteract which principle. The authors derived two training strategies from these results that go beyond the state-of-the-art trainings in IT security and allow security professionals to raise companies’ bars against social engineering attacks.

The training strategies outline how interdisciplinary research between computer science and social psychology can lead to a more complete defence against social engineering by providing reference points for researchers and IT security professionals with advice on how to improve training.

Recently, the role of human behavior has become a focal point in the study of information security countermeasures. However, few empirical studies have been conducted to test social engineering theory and the reasons why people may or may not fall victim, and even fewer have tested recommended treatments. Building on theory using threat control factors, the purpose of this paper is to compare the efficacy of recommended treatment protocols.

A confirmatory factor analysis of a threat control model was conducted, followed by a randomized assessment of treatment effects using the model. The data were gathered using a questionnaire containing antecedent factors, and samples of social engineering security behaviors were observed.

It was found that threat assessment, commitment, trust, and obedience to authority were strong indicators of social engineering threat success, and that treatment efficacy depends on which factors are most prominent.

This empirical study provides evidence for certain posited theoretical factors, but also shows that treatment efficacy for social engineering depends on targeting the appropriate factor. Researchers should investigate methods for factor assessment, and practitioners must develop interventions accordingly.

The purpose of this paper is to investigate what are perceived to be the main challenges associated with the integration of social sustainability into engineering education at the KTH Royal Institute of Technology, Stockholm.

Semi-structured interviews were conducted with programme leaders and teachers from four engineering programmes. The paper focuses on how the concept of social sustainability is defined and operationalised in the selected engineering programmes, how social sustainability is integrated and taught, and what resources are required to support teachers and programme leaders as social sustainability educators.

The findings show that programme leaders and teachers at KTH struggle to understand the concept of social sustainability. The vague and value-laden nature of the concept is considered a challenge when operationalising educational policy goals on social sustainability into effective learning outcomes and activities. A consequence is that the responsibility for lesson content ultimately falls on the individual teacher. Study visits and role-play are seen as the most effective tools when integrating social sustainability into the engineering curriculum. Allocation of specific resources including supplementary sustainability training for teachers and economic incentives are considered crucial to successful integration of social sustainability. The findings indicate that social sustainability education needs to be built on a theoretical foundation. It is therefore suggested that a literature canon be established that clarifies the contours of social sustainability.

The findings of the paper can be used as a basis for discussion regarding measures for improving social sustainability training in engineering education, a subject which has attracted relatively little attention, to date.

There is a noticeable lack of empirical research on how technical universities integrate social sustainability into engineering education. The paper provides an account of how actors directly involved in this work – programme leaders and teachers – define and operationalise the social dimension of sustainable development in their engineering curricula, the pedagogical tools they consider effective when teaching social sustainability issues to engineering students, and the resources they believe are needed to strengthen those efforts.

The purpose of this paper is to show how macro‐social marketing and social engineering can be integrated and to illustrate their use by governments as part of a positive social engineering intervention with examples from the Canadian anti‐smoking campaign.

This is a conceptual paper that uses the case of the Canadian anti‐smoking campaign to show that macro‐social marketing, as part of a wider systems approach, is a positive social engineering intervention.

The use of macro‐social marketing by governments is most effective when it is coupled with other interventions such as regulations, legislation, taxation, community mobilization, research, funding and education. When a government takes a systems approach to societal change, such as with the Canadian anti‐smoking campaign, this is positive use of social engineering.

The social marketer can understand their role within the system and appreciate that they are potentially part of precipitating circumstances that make society susceptible to change. Social marketers further have a role in creating societal motivation to change, as well as promoting social flexibility, creating desirable images of change, attitudinal change and developing individual's skills, which contribute to macro‐level change.

Social marketers need to understand the structural and environmental factors contributing to the problem behavior and focus on the implementers and controllers of society‐wide strategic interventions.

Eliminating all factors which enable problem behaviors creates an environmental context where it is easy for consumers to change behavior and maintain that change.

The value of this paper is in extending the literature on macro‐social marketing by governments and identifying the broader strategy they may be undertaking using positive social engineering. It is also in showing how marketers may use this information.

This paper aims to identify challenges and opportunities for social enterprises (SE) in civil engineering in Brazil.

Starting from the transformative social innovation theory and inspired by grounded theory principles, this paper conducts three-stage exploratory research. First, this paper mapped the Brazilian SE civil engineering ecosystem. Next, this paper classified the SE initiatives along with an organizing framework. Finally, this paper conducted 11 interviews with key ecosystem actors and analyzed data through iterative, parallel and interrelated content analysis procedures.

The 37 SE found were classified along “Sustainability,” “Housing,” “Transportation” and “Sanitation” pillars, which are aligned with the United Nations’ social development goals. This paper found 50 challenges and opportunities, which were aggregated along seven dimensions. Three elements are particularly relevant as opportunities: opportunities for SE with ecosystem supporters, specialized investors and partnership with major companies; while government and early investment are the most relevant challenges.

Research findings and conclusions cannot be extended to other sectors and countries. Usual limitations associated with exploratory qualitative research must also be highlighted.

The government should offer financial and technical support for civil engineering in working in partnership with ecosystem supporters. Academy could use SE content and ecosystem for its students and should offer diverse resources for network creation.

Focusing on civil engineering SE in Brazil, this study sheds light on a high-impact sector that has not been studied yet.