A Practical Assessment of Social Engineering Vulnerabilities
نویسندگان
چکیده
Social engineering refers to the selection of techniques that exploit human weaknesses and manipulate people into breaking normal security procedures. This may involve convincing people to perform atypical actions or divulge confidential information. It remains a popular method of bypassing security because attacks focus on the weakest link in the security architecture: the staff of the organization, instead of directly targeting technical controls, such as firewalls or authentication systems. This paper investigates the level of susceptibility to social engineering amongst staff within a cooperating organisation. An email-based experiment was conducted, in which 152 staff members were sent a message asking them to follow a link and install a claimed software update. The message utilised a number of social engineering techniques, but was also designed to convey signs of a deception in order to alert security-aware users. In spite of a short window of operation for the experiment, the results revealed that 23% of recipients were successfully snared by the attack, suggesting that many users lack a baseline level of security awareness that is useful to protect them online.
منابع مشابه
An Assessment of People’s Vulnerabilities in Relation to Personal and Sensitive Data
Social engineering refers to a number of techniques that are used to exploit human vulnerabilities and manipulate people into breaking normal security procedures. Evidence suggests that this problem is rapidly increasing and cyber criminals are using a magnitude of different avenues to reach their intended victims. This paper presents an assessment of people’s vulnerabilities in relation to per...
متن کاملSystem Engineering Approach in Tactical Wireless RF Network Analysis with Vulnerability Assessment using Bayesian Networks
Apply systems engineering approaches to measure and analysis vulnerabilities of military tactical RF wireless networks. Develop smart and innovative performance matrixes through EW modeling and simulation scenarios. Systematic utilize of systems engineering approaches with RF electronic warfare modeling and simulation scenarios to support research in vulnerability analysis. RF electronic warfar...
متن کاملDevelopment and validation of a practical model for quantitative assessment of HSE performance of municipalities using the impact of urban management system components
Introduction: Throughout the world, many efforts have been made to provide suitable tools for achieving sustainable urban development and the achievement of a sustainable city. Establishing a Health, Safety and Environment Management System (HSE-MS) is one of the tools for achieving sustainable urban development. Measuring the performance of an organization in the HSE area is a precondition for...
متن کاملThe Assessment of the Community Capacity on the Urban Vulnerability Based on Community Disaster Risk Management (CBDRM) (Case Study : Yousef-Abad, Tehran City)
Disaster Management and current approaches in this field in one hand only has focused to physicalvulnerabilities and in the other hand has included consequential action to reduce vulnerability and improve physicalpreparation as well as resistance institutional insignificant during the disaster. Therefore, these approaches usually haveignored the capabilities and capacities of residents to reduc...
متن کاملThe recognition of the necessity of for community-based disaster risk management to reduce the risk of vulnerability to earthquake disaster (case study: YousefAbad neighborhood of Tehran)
Disaster management and current attitudes in this area only focus on this areachr('39')s physical vulnerabilities, raising urban residentschr('39') exposure to these challenges in front of the earthquake. On the other hand, Incidental actions include reducing the vulnerability and the physical strengthening and promotion of poor organization during the disaster; they ignored the capabilities an...
متن کامل