Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

Advertisement

Springer Nature Link
Log in

A multi-layered security model to counter social engineering attacks: a learning-based approach

Ein mehrschichtiges Sicherheitsmodell gegen Social-Engineering-Angriffe – ein lernbasierter Ansatz

  • Published:
International Cybersecurity Law Review Aims and scope Submit manuscript

Abstract

Social engineering is a malicious technique that leverages deception and manipulation to exploit the cognitive biases and heuristics of human behaviour, causing severe threats to businesses, as it can result in data breaches, reputational damage, as well as legal and regulatory consequences. This paper explores the historical development of social engineering techniques, from traditional methods like impersonation or persuasion to sophisticated tactics leveraging digital platforms and psychological profiling, especially the security model/framework to mitigate social engineering attacks. The model adopts a multi-layered approach, addressing technological vulnerabilities and human factors. It uses learning modules to serve as the central component of the model to ensure an interactive and engaging platform that suits the needs of any organisation. First, it expresses the need for robust cyber-security measures, effective network security, encryption protocols, and access controls. Secondly, the model emphasises employee education and awareness training, promoting a vigilant and security-conscious workforce. Thirdly, the proposed framework emphasises the integration of behavioural analytical data or even AI-driven/-based systems to detect and mitigate social engineering attempts in real-time.

Zusammenfassung

Social Engineering ist ein heimtückisches Verfahren, bei dem mithilfe von Täuschung und Manipulation kognitive Verzerrungen und Heuristiken des menschlichen Verhaltens ausgenutzt werden. Es stellt eine ernste Bedrohung für Unternehmen dar, da es zu Datenlecks führen, das Ansehen beschädigen sowie auch rechtliche und behördliche Konsequenzen haben kann. Im vorliegenden Beitrag wird die geschichtliche Entwicklung von Social-Engineering-Methoden untersucht, von herkömmlichen Ansätzen wie dem Vortäuschen einer Identität oder der Überredung bis hin zu ausgefeilten Taktiken unter Nutzung digitaler Plattformen und Anfertigung psychologischer Profile. Insbesondere wird das Sicherheitsmodell bzw. der Sicherheitsrahmen für die Unterbindung von Social-Engineering-Angriffen thematisiert. Das Modell folgt einem mehrschichtigen Ansatz unter Berücksichtigung technischer Schwachstellen und menschlicher Faktoren. Als zentraler Bestandteil werden Lernmodule herangezogen, um eine interaktive und ansprechende Plattform zu schaffen, die den Bedürfnissen jeder Organisation entspricht. Zunächst wird die Notwendigkeit von widerstandsfähigen Cybersicherheitsmaßnahmen, effektiver Netzwerksicherheit, Verschlüsselungsprotokollen und Zugangskontrollen betont. Des Weiteren unterstreicht das Modell die Schulung der Mitarbeiter und die Schärfung des Problembewusstseins, wodurch eine wachsame und sicherheitsbewusste Belegschaft gefördert wird. Zuletzt legt das vorgeschlagene Rahmenwerk einen Schwerpunkt auf die Integration verhaltensanalytischer Daten oder sogar KI-gesteuerter bzw. -basierter Systeme, um Social-Engineering-Versuche in Echtzeit zu erkennen und zu unterbinden (KI künstliche Intelligenz).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Teichmann F (2023) Ransomware attacks in the context of generative artificial intelligence—an experimental study. Int Cybersecur Law Rev: 1–16

  2. Teichmann F, Boticiu SR, Sergi BS (2023) The evolution of ransomware attacks in light of recent cyber threats. how can geopolitical conflicts influence the cyber climate? Int Cybersecur Law Rev: 1–22

  3. Aldawood H, Skinner G (2018) Educating and raising awareness on cyber security social engineering: A literature review. in, vol 2018. IEEE, international conference on teaching, assessment, and learning for engineering (TALE), IEEE, pp 62–68

    Google Scholar 

  4. Hadnagy C (2010) Social engineering: The art of human hacking. John Wiley & Sons

    Google Scholar 

  5. Hadnagy C (2018) Social engineering. Sci Hum Hacking Indianap Wiley

  6. Fan W, Kevin L, Rong R (2017) Social engineering: Ie based model of human weakness for attack and defense investigations, IJ Computer Network and. Inf Secur 9(1):1–11

    Google Scholar 

  7. D. (Ariu, E. Frumento, G. Fumera, Social engineering 2.0: A foundational work: Invited paper, Proceedings of the Computing Frontiers Conference (2017)).

  8. Oest A, Safei Y (2018) A. Doupe’, G.-J. . Ahn, B. Wardman, G. Warner, Inside a phisher’s mind: Understanding the anti-phishing ecosystem through phishing kit analysis, 2018 APWG Symposium on Electronic Crime Research (eCrime) (05. https://ieeexplore-ieee-org.ezproxy.tees.ac.uk/stamp/stamp.jsp?tp=&arnumber=8376206

  9. MS (2022) Department for Digital, Culture, Cyber security breaches survey 2022 (03. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022

  10. Tandale KD, Pawar SN (2020) Different types of phishing attacks and detection techniques: A review. in, vol 2020. IEEE, International Conference on Smart Innovations in Design, Environment, Management, Planning and Computing (ICSIDEMPC), pp 295–299

    Google Scholar 

  11. Syafitri W, Shukur Z, Asma’Mokhtar U, Sulaiman R, Ibrahim MA (2022) Social engineering attacks prevention: A systematic literature review. IEEE Access 10:39325–39343

    Article  Google Scholar 

  12. Conteh NY, Schmick PJ (2021) Cybersecurity risks, vulnerabilities, and countermeasures to prevent social engineering attacks, in: Ethical hacking techniques and countermeasures for cybercrime prevention. IGI Global, pp 19–31

    Google Scholar 

  13. P. Tulkarm, A survey of social engineering attacks: Detection and prevention tools, Journal of Theoretical and Applied Information Technology 99 (18) (2021).

  14. Salahdine F, Kaabouch N (2019) Social engineering attacks: A survey. Future Internet 11(4):89

    Article  Google Scholar 

  15. Zulkurnain AU, Hamidy A, Husain AB, Chizari H (2015) Social engineering attack mitigation, International Journal of Mathematics and Computational. Science 1(4):188–198

    Google Scholar 

  16. Saylor A (2023) An overview of social engineering: Mitigation techniques, cyber. https://learn.saylor.org/mod/book/view.php?id=29612&chapterid=5170

  17. Morgan J (2019) How to develop a strong callback process. https://www.jpmorgan.com/insights/cybersecurity/ransomware/develop-strong-callback-process

  18. A. Bhardwaj, F. Al-Turjman, V. Sapra, M. Kumar, T. Stephan, Privacy-aware detection framework to mitigate new-age phishing attacks, Computers Electrical Engineering 96 (2021) 107546. https://doi.org/10.1016/j.compeleceng.2021.107546. URL https://www.sciencedirect.com/science/article/pii/S0045790621004912

  19. Sharevski F (2022) Phishing with malicious qr codes, Proceedings of the. Eur Symp Usable Secur 2022:

  20. Gamage D (2021) The emergence of deepfakes and its societal implications: A systematic review, Conference for Truth and Trust. Online 2021:

  21. Damiani J A voice deepfake was used to scam a ceo out of 243, 000 (09 2019). https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/

  22. Luma A (2022) Cybersecurity challenges for organizations, International Conference on. Engineering, Technologies

    Google Scholar 

  23. Kvedar D, Nettis M, Fulton SP (2010) The use of formal social engineering techniques to identify weaknesses during a computer vulnerability competition. J Comput Sci Coll 26(2):80–87

    Google Scholar 

  24. Duderstadt JJ (2010) Engineering for a changing world: A roadmap to the future of american engineering practice, research, and education, Holistic engineering education: Beyond technology, pp 17–35

    Google Scholar 

  25. Mann I (2013) Hacking the human II : the adventures of a social engineer. Consilience Media

  26. Schaab P, Beckers K, Pape S (2017) Social engineering defence mechanisms and counteracting training strategies. Inf Comput Secur 25:206–222. https://doi.org/10.1108/ics-04-2017-0022

    Article  Google Scholar 

  27. Beckers K (2016) A serious game for eliciting social engineering security requirements, International Conference on Requirements. Engineering

    Google Scholar 

  28. Mishra S, Soni D (2021) Dsmishsms—a system to detect smishing sms. Neural Comput Appl. https://doi.org/10.1007/s00521-021-06305-y

    Article  Google Scholar 

  29. S. Biswal, Real-time intelligent vishing prediction and awareness model (rivpam) (06 2021). https://doi.org/10.1109/CyberSA52016.2021.9478240. URL https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9478240

  30. ICO, Information commissioner’s office (03 2019). https://ico.org.uk/

  31. Bederna Z, Rajnai Z (2022) Analysis of the cybersecurity ecosystem in the european union. Int Cybersecur Law Rev 3(1):35–49

    Article  Google Scholar 

  32. Bitsight, Vendor cyber risk management framework best practices (11 2019). https://www.bitsight.com/blog/how-to-develop-a-vendor-cyber-risk-management-framework

  33. (2019) A. , Easily create responsive courses for every device. https://articulate.com/360/rise

  34. S. PN, The impact of information security initiatives on supply chain robustness and performance: an empirical study, Information & Computer Security 29 (2) (2021) 365–391.

Download references

Author information

Authors and Affiliations

  1. Teesside University, Middlesbrough, UK

    Luke Edwards, Muhammad Zahid Iqbal & Mahmudul Hassan

Authors
  1. Luke Edwards
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Zahid Iqbal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mahmudul Hassan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammad Zahid Iqbal.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Edwards, L., Zahid Iqbal, M. & Hassan, M. A multi-layered security model to counter social engineering attacks: a learning-based approach. Int. Cybersecur. Law Rev. 5, 313–336 (2024). https://doi.org/10.1365/s43439-024-00119-z

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1365/s43439-024-00119-z

Keywords

Schlüsselwörter