IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v11y2019i3p73-d214791.html
   My bibliography  Save this article

Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues

Author

Listed:
  • Hussain Aldawood

    (School of Electrical Engineering and Computing, University of Newcastle, Newcastle 2308, Australia)

  • Geoffrey Skinner

    (School of Electrical Engineering and Computing, University of Newcastle, Newcastle 2308, Australia)

Abstract

The idea and perception of good cyber security protection remains at the forefront of many organizations’ information and communication technology strategy and investment. However, delving deeper into the details of its implementation reveals that organizations’ human capital cyber security knowledge bases are very low. In particular, the lack of social engineering awareness is a concern in the context of human cyber security risks. This study highlights pitfalls and ongoing issues that organizations encounter in the process of developing the human knowledge to protect from social engineering attacks. A detailed literature review is provided to support these arguments with analysis of contemporary approaches. The findings show that despite state-of-the-art cyber security preparations and trained personnel, hackers are still successful in their malicious acts of stealing sensitive information that is crucial to organizations. The factors influencing users’ proficiency in threat detection and mitigation have been identified as business environmental, social, political, constitutional, organizational, economical, and personal. Challenges with respect to both traditional and modern tools have been analyzed to suggest the need for profiling at-risk employees (including new hires) and developing training programs at each level of the hierarchy to ensure that the hackers do not succeed.

Suggested Citation

  • Hussain Aldawood & Geoffrey Skinner, 2019. "Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues," Future Internet, MDPI, vol. 11(3), pages 1-16, March.
    • Handle: RePEc:gam:jftint:v:11:y:2019:i:3:p:73-:d:214791
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/11/3/73/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/11/3/73/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Xin Luo & Richard Brody & Alessandro Seazzu & Stephen Burd, 2011. "Social Engineering: The Neglected Human Factor for Information Security Management," Information Resources Management Journal (IRMJ), IGI Global, vol. 24(3), pages 1-8, July.
    2. Abraham, Sherly & Chengalur-Smith, InduShobha, 2010. "An overview of social engineering malware: Trends, tactics, and implications," Technology in Society, Elsevier, vol. 32(3), pages 183-196.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Guangxu Wang & Daniel Tse & Yuanshuo Cui & Hantao Jiang, 2022. "An Exploratory Study on Sustaining Cyber Security Protection through SETA Implementation," Sustainability, MDPI, vol. 14(14), pages 1-13, July.
    2. Saad Alahmari & Karen Renaud & Inah Omoronyia, 2023. "Moving beyond cyber security awareness and training to engendering security knowledge sharing," Information Systems and e-Business Management, Springer, vol. 21(1), pages 123-158, March.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Asad Hussain & Sunila Fatima Ahmad & Mishal Tanveer & Ansa Sameen Iqbal, 2022. "Computer Malware Classification, Factors, and Detection Techniques: A Systematic Literature Review (SLR)," International Journal of Innovations in Science & Technology, 50sea, vol. 4(3), pages 899-918, August.
    2. Nguyen, Phan Dinh & Tran, Lobel Trong Thuy & Baker, John, 2021. "Driving university brand value through social media," Technology in Society, Elsevier, vol. 65(C).
    3. Guma Ali & Mussa Ally Dida & Anael Elikana Sam, 2020. "Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures," Future Internet, MDPI, vol. 12(10), pages 1-27, September.
    4. Rickard, Amelia & Wagner, Jeffrey & Schull, Jonathan, 2017. "Observations on the technology and economics of digital emissions," Technology in Society, Elsevier, vol. 48(C), pages 28-32.
    5. Straub, Jeremy, 2021. "Defining, evaluating, preparing for and responding to a cyber Pearl Harbor," Technology in Society, Elsevier, vol. 65(C).
    6. Naci Akdemir & Serkan Yenal, 2021. "How Phishers Exploit the Coronavirus Pandemic: A Content Analysis of COVID-19 Themed Phishing Emails," SAGE Open, , vol. 11(3), pages 21582440211, July.
    7. Hayes, Darren R. & Cappa, Francesco, 2018. "Open-source intelligence for risk assessment," Business Horizons, Elsevier, vol. 61(5), pages 689-697.
    8. Moustaka, Vaia & Theodosiou, Zenonas & Vakali, Athena & Kounoudes, Anastasis & Anthopoulos, Leonidas G., 2019. "Εnhancing social networking in smart cities: Privacy and security borderlines," Technological Forecasting and Social Change, Elsevier, vol. 142(C), pages 285-300.
    9. T. V. Tulupieva, 2022. "Psychological Aspects of the Organization’s Information Security in the Context of Socio-engineering Attacks," Administrative Consulting, Russian Presidential Academy of National Economy and Public Administration. North-West Institute of Management., issue 2.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:11:y:2019:i:3:p:73-:d:214791. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.