CHALLENGES OF CYBER SECURITY IN MODERN SOCIETY: THE IMPACT OF SOCIAL ENGINEERING
Authors: Ilona Veitaitė
Affiliation: Vilnius University
Category:
Keywords: Social Engineering, Phishing, Manipulation, Persuasion, Cybersecurity Attack, Psychological Attack, Weapons of Influence
ABSTRACT. Social engineering is a significant cybersecurity vulnerability that exploits human psychology to manipulate individuals into exposing confidential information. Unlike other forms of cyberattacks that target technological weaknesses, social engineering attacks leverage psychological aspects such as emotions, trust, and authority. These tactics often involve the use of “weapons of influence,” which include reciprocity, commitment, social proof, authority, liking, and scarcity. Social engineering can manifest in various forms, such as phishing, pretexting, baiting, and reverse social engineering, where attackers manipulate targets into reaching out to them for assistance. In 2024, statistics show that social engineering remains a prevalent threat, accounting for a significant portion of cybersecurity breaches globally. According to recent reports, nearly 70% of businesses have experienced at least one social engineering attack in the past year. High-profile examples of social engineering attacks include phishing emails disguised as official communications, pretexting to gather personal information under false pretenses, and baiting with enticing offers that lead to malware installation. As cyber threats become more sophisticated, the trends in social engineering are expected to evolve, incorporating advanced techniques such as deep-fake technology and artificial intelligence to enhance their effectiveness. Attackers are leveraging these technologies to create more convincing scenarios, making it increasingly challenging for individuals and organizations to differentiate between legitimate and fraudulent communications. To combat these threats, it is crucial to implement comprehensive training programs focusing on the psychological aspects of social engineering, emphasizing the importance of skepticism and verification before divulging sensitive information. Organizations should also consider employing interactive methods such as short videos to illustrate real-world examples of social engineering attacks, enhancing employee awareness and engagement. By fostering a culture of vigilance and continuous learning, individuals and organizations can better protect themselves against the growing threat of social engineering, ensuring a more secure cyber landscape in the years to come.
References:
Jonathan Lewallen, “Emerging Technologies and Problem Definition Uncertainty: The Case of Cybersecurity,” Regulation & Governance 15, no. 4 (July 14, 2020): 1035–52, https://doi.org/10.1111/rego.12341.
Dan Craigen, Nadia Diakun-Thibault, and Randy Purse, “Defining Cybersecurity,” Technology Innovation Management Review 4, no. 10 (October 30, 2014): 13–21, https://doi.org/10.22215/timreview/835
Daniel Schatz, Rabih Bashroush, and Julie Wall, “Towards a More Representative Definition of Cyber Security,” The Journal of Digital Forensics, Security and Law, January 1, 2017, https://doi.org/10.15394/jdfsl.2017.1476
Robert B, Cialdini, Influence: The Psychology of Persuasion (Rev. ed.; 1st Collins business essentials ed. New York: Harper Collins, 2007).
Christopher Hadnagy, Social Engineering: The Science of Human Hacking (John Wiley & Sons, 2018).
Danesh Irani et al., “Reverse Social Engineering Attacks in Online Social Networks,” in Lecture Notes in Computer Science, 2011, 55–74, https://doi.org/10.1007/978-3-642-22424-9_4
Saul McLeod PhD, “Techniques of Compliance in Psychology,” Simply Psychology, June 14, 2023, https://www.simplypsychology.org/compliance.html
Johannes Van de Merwe, Francois Mouton. “Mapping the anatomy of social engineering attacks to the systems engineering life cycle”. Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017), pp. 24-40
Rosana Montañez, Edward Golob, and Shouhuai Xu, “Human Cognition Through the Lens of Social Engineering Cyberattacks,” Frontiers in Psychology 11 (September 30, 2020), https://doi.org/10.3389/fpsyg.2020.01755
Giampaolo Bella and Giampaolo Bella et al., “A Socio-technical Methodology for the Security and Privacy Analysis of Services,” Workshops 376 (July 1, 2014): 401–6, https://doi.org/10.1109/compsacw.2014.69
Emile Walker, Dave Witkowski, Sarah Benczik, Pilar Jarrin. Cybersecurity –the Human Factor. Prioritizing People Solutions to improve the cyber resiliency of the Federal workforce. Retrieved from https://csrc.nist.gov/CSRC/media/Events/FISSEA-30th-Annual-Conference/documents/FISSEA2017_Witkowski_Benczik_Jarrin_Walker_Materials_Final.pdf
Amy Hetro Washo, “An Interdisciplinary View of Social Engineering: A Call to Action for Research,” Computers in Human Behavior Reports 4 (July 25, 2021): 100126, https://doi.org/10.1016/j.chbr.2021.100126
“CyberPhish: Safeguarding Against Phishing in the Age of 4th Industrial Revolution,” CyberPhish: Safeguarding Against Phishing in the Age of 4th Industrial Revolution, n.d., https://cyberphish.eu/.
Menu