An Assessment of People’s Vulnerabilities in Relation to Personal and Sensitive Data

Standards bodies and industry organisations spend a considerable amount of time, effort and money on the development and deployment of next generation solutions that address network security issues. However it is becoming increasingly apparent that people are in fact the main weakness with regards to the protection of personal and sensitive data. This paper explores in detail the areas in which personal and sensitive data was socially engineered. The study investigated people’s attitudes to security, their risk taking ability and their awareness regarding online and offline security. The analysis supports the theory that the security of data is entirely dependent on the security awareness and knowledge of individuals. In addition the study revealed that students who had undertaken one or more security modules at University had a greater awareness of security vulnerabilities, yet had limited knowledge regarding social engineering exploits. The paper concludes that a number of individuals had little awareness and understanding regarding basic computer security and the need for such security. The results showed a distinct lack of respect and awareness amongst demographics in relation to online security and the security of others. These respondents were unaware of the potential consequences of disrespecting implemented security measures and as such were considered more vulnerable. The study also revealed that none of the respondents could correctly differentiate between a legitimate and illegitimate (Phishing) email which consequently increased the possibility of exploitation. In addition it was revealed that many individuals were making themselves increasingly vulnerable to social engineering attacks by posting personal and sensitive information on social networking websites.