Educating and Raising Awareness on Cyber Security Social Engineering: A Literature Review

• Published in: 2018 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE) pp. 62 - 68
• Main Authors: Aldawood, Hussain, Skinner, Geoffrey
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.12.2018
• Subjects: anti-social engineering; cyber security awareness; information security awareness; Organizations; Phishing; social engineering; Training
• ISSN: 2470-6698
• DOI: 10.1109/TALE.2018.8615162

Social engineering, due in part to the increasing popularity and advancements in information technology and ubiquity of devices, has emerged as one of the most challenging cyber security threats in the contemporary age. In the context of cyber security, social engineering is the practice of taking advantage of human weaknesses through manipulation to accomplish a malicious goal. This literature review identifies various social engineering cyber security threats in diverse environments. Exploiting humans as the weakest security link in such environments, as opposed to technical vulnerabilities and system protocols, has led to increased calls for raising information security awareness among users. One of the most straightforward solutions is through effective training and education programs. As such, the paper details how innovative information security education programs can effectively increase user/employee awareness and ultimately reduce cyber security incidents.