In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016)
Title: A Systematic Gap Analysis of Social Engineering Defence Mechanisms Considering Social Psychology
Author(s): Peter Schaab, Kristian Beckers, Sebastian Pape
Keywords: social engineering, security management, persuasion, human-centred defence mechanisms
Abstract: Social engineering is the acquisition of information about computer systems by methods that deeply include non-technical means. While technical security of most critical systems is high,the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) can be used by anyone, (iii) is cheap.
Traditional penetration testing approaches often focus on vulnerabilities in network or software systems. Few approaches even consider the exploitation of humans via social engineering.
While the amount of social engineering attacks and the damage they cause rise every year, the defences against social engineering do not evolve accordingly. Hence, the security awareness of these attacks by employees remains low.
We examined the psychological principles of social engineering and which psychological techniques induce resistance to persuasion applicable for social engineering. The techniques examined are an enhancement of persuasion knowledge, attitude bolstering and influencing the decision making. While research exists elaborating on security awareness, the integration of
resistance against persuasion has not been done. Therefore, we analysed current defence mechanisms and provide a gap analysis based on research in social psychology. Based on our findings we provide guidelines of how to improve social engineering defence mechanisms such as security awareness programs.
Download count: 911
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.