A FRAMEWORK TO SECURE BUSINESS ASSETS AGAINST SOCIAL ENGINEERING ATTACKS IN STATE CORPORATIONS IN KENYA
Автор: John Maiyo, Dr. Satwinder Singh Rupra, and Dr. Daniel Otanga
Организация: Masinde Muliro University of Science and Technology
Категория:
Ключевые слова: Social Engineering attacks, cybersecurity, State Corporations, phishing, incidents, business assets
Аннотация. In the current era of technology and the internet, businesses are gradually relying on information technology to operate and manage their business assets. As such, social engineering (SE) has become one of the greatest ingenious approaches to gain illegitimate access to systems and obtaining confidential data. These attacks employ human mindset to deceive people into revealing confidential data or executing activities that compromise security. Knowledge of SE attacks is essential to deter possible cybersecurity attacks related to the organizational information security. More technical SE attacks have continued to be realized than non-technical SE attacks. The study reveals that SE attacks have increased and that the most looming SE attack is phishing. The study focuses on developing a framework to secure business assets against social engineering attacks in State Corporations in Kenya. The outcomes from this study points out that the level of employee IS awareness and training hold a significant position for managing social engineering attacks in state corporations in Kenya. The developed framework is recommended to be utilized in state corporations in Kenya and it act as a guide ensuring that business assets are secured against social engineering attacks.
Библиография:
ENISA 2021. ‘Social Engineering: Exploiting the weakest links’. Enisa.europa.eu. Retrieved from: http://www.enisa.europa.eu/publications/archive/social-engineering. 14/06/2024.
Jamshed, and Jahangir 2021. ‘Cultural Implications of China Pakistan Economic Corridor’. Vol. 2. no. 4.
Carey, B. 2017. ‘Protect or disclose? Confidential information in the Cayman Islands’. Trusts and Trustees. ttw229. doi:10.1093
Garcia-Alfaro, J., and Navarro-Arribas, G. 2009. ‘A Survey on Cross-Site Scripting Attacks’. Retrieved from: http://arxiv.org/abs/0905.4850
Krombholz, K., Hobel, H., Huber, M., and Weippl, E. 2015. ‘Advanced social engineering attacks’. Vol. 22. Journal of Information Security and Applications. doi:10.1016/j.jisa.2014.09.005
Pathak et. al 2014. ‘E-governance, Corruption and Public Service Delivery: A Comparative Study of Fiji and Ethiopia’. Joaag, vol. 3. no. 1
Cheruiyot, K. 2023. ‘CS Owalo admits cyberattack on eCitizen portal insists data secure’. Daily Nation. Retrieved from: https://www.nation.africa
Gooding, M. 2023. ‘Anonymous Sudan DDoS cyberattacks cripple Kenya’s new e-Citizen digital infrastructure’. Retrieved from https://techmonitor.ai/technology/cybersecurity/anonymous-sudan-kenya-ddos-cyberattack-ecitizen
Matthews, B., and Ross, L. 2014. ‘Research methods’. Pearson Higher Ed.
Berg, B. 2009. ‘Qualitative Research Methods’. 7 ed. Boston: Allyn and Bacon.
Cooper, C. R., and Schindler, P. S. 2008. ‘Business Research Methods’. 10 ed. McGraw-Hill.
Kombo, D. K., and Tromp, D. L. 2006. ‘Proposal and thesis writing: An introduction’. Nairobi: Paulines Publications Africa. pp10-45.
Tongco, M. D. 2007. ‘Purposive sampling as a tool for informant selection’. vol. 5. Ethnobotany Research and applications
Mugenda, O. and Mugenda, A. 2019. ‘Research methods: quantitative and qualitative approaches’.
Padgett, D. K. 2016. ‘Qualitative methods in social work research’. vol. 36. Sage Publications.
Anastasiadou, S. D. 2011. ‘Reliability and Validity Testing of a New Scale for Measuring Attitudes Toward Learning Statistics with Technology’. Acta Didactica Napocensia. vol. 4. no. 1. pp 1–10.
Fienberg, S. E. 2012. ‘Statistics for Social and Behavioral’.
Creswell, J. W. and Clark, V. P. 2007. ‘Designing and conducting mixed methods research’.
Nunnally, J. 1978. ‘Psychometric theory’. 2nd ed. New York: McGraw-Hill.
Miryala, N., and Gupta, D. 2022. ‘Data Security Challenges and Industry Trends’. International Journal of Advanced Research in Computer and Communication Engineering. https://doi.org/10.17148/ijarcce.2022.111160
Mphatheni, M., and Maluleke, W. 2022. ‘Cybersecurity as a Response to Combating Cybercrime’. International Journal of Research in Business and Social Science
Casey, E. 2011. ‘Digital evidence and computer crime: Forensic science, computers, and the internet’. Academic press
Mitnick, K., and Simon, W. 2011. ‘The Art of Deception: Controlling the Human Element of Security.’ Wiley, New York.
Mang'ira, R. 2014. ‘Towards establishment of a full-fledged disaster management department for Moi University libraries’.
Javaheri, D., Fahmideh, M., Chizari, H., Lalbakhsh, P., and Hur, J. 2024. ‘Cybersecurity Threats in Fintech: A Systematic Review. Expert Systems with Applications’. 241, Article ID: 122697.
Aldawood, H., and Skinner, G. 2020. ‘Contemporary Cyber Security Social Engineering Solutions, Measures, Policies, Tools and Applications: A Critical Appraisal. 26th International Conference on Systems Engineering. Sydney, 8-20 December, 1-6. https://doi.org/10.1109/ICSENG.2018.8638166.
Alshaikh, M. 2020. ‘Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers and Security. vol. 98. Retrieved from: https://doi.org/10.1016/j.cose.2020.102003
Kimwele, M. M. 2011. ‘Information Technology (IT) Security Framework for Kenyan Small and Medium Enterprises (SMEs)’. vol. 5. Int. J. Comput. Sci. Secur.
Peltier, T. R. 2005. ‘Implementing an Information Security Awareness Program’. Information Systems Security. Vol. 14. no. 2. pp 37-49
Hu, Q. D. 2012. ‘Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture. Decision Sciences. vol 43. no. 4. pp 615-660.
Casey, E. 2011. ‘Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet’. Academic Press.
Меню