Humans are the most vulnerable points in any kind of security system because of their predictable behaviour and other psychological aspects. Yet, a lot of emphasis related to security is given to implementation of technical security via an antivirus, Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewalls etc ignoring the nontechnical behaviour altogether. This is where, Social Engineering- concept of exploiting computer systems and individuals alike has become a major concern not just for organization but also for common people. This paper introduces the concept of social engineering, different types, common ways of attack and related case studies. In addition, several ways to defend against social engineering by proper education, training, procedures and policies are also discussed. Ultimately, this paper highlights the fact that social engineering has grown to be one of the potent threats to information security and should be given equal importance to its technological counterparts.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....