Date of Award
5-2021
Access Type
Thesis - Open Access
Degree Name
Master of Science in Cybersecurity Engineering
Department
Electrical, Computer, Software, and Systems Engineering
Committee Chair
Laxima Niure Kandel
First Committee Member
Houbing Song
Second Committee Member
Richard S. Stansbury
Abstract
Social engineering attacks (SE-attacks) in enterprises are hastily growing and are becoming increasingly sophisticated. Generally, SE-attacks involve the psychological manipulation of employees into revealing confidential and valuable company data to cybercriminals. The ramifications could bring devastating financial and irreparable reputation loss to the companies. Because SE-attacks involve a human element, preventing these attacks can be tricky and challenging and has become a topic of interest for many researchers and security experts. While methods exist for detecting SE-attacks, our literature review of existing methods identified many crucial factors such as the national cultural, organizational, and personality traits of employees that enable SE-attacks not considered by the other researchers. Thus, this thesis aims to address the gap by identifying and analyzing all the factors that make the SE-attack possible. We have developed a framework that operates in an enterprise environment and can detect the susceptibility of victims to SE-attacks. It relies on mapping Gragg’s psychological triggers of social engineering to three groups of factors, namely the national cultural factors, the organizational factors, and the personality traits of employees. Our analysis demonstrates that there is a correlation between the social engineering triggers and the three-layered factors that make employees susceptible to social engineering attacks. Thus, adding these factors in the proposed framework detects susceptibility of victims. Finally, we introduce a proposed framework that would detect and recognize weaknesses and susceptibility of employees in an organization which can be used for enhancing awareness and employee training to better recognize and prevent SE-attacks.
Scholarly Commons Citation
Alneami, Hashim H., "A Framework to Detect the Susceptibility of Employees to Social Engineering Attacks" (2021). Doctoral Dissertations and Master's Theses. 596.
https://commons.erau.edu/edt/596
Included in
Computer Engineering Commons, Databases and Information Systems Commons, Electrical and Computer Engineering Commons, Information Security Commons, Numerical Analysis and Scientific Computing Commons, OS and Networks Commons, Other Computer Sciences Commons
