Does Awareness of Social Engineering Make Employees More Secure?

Hussain Aldawood, Tawfiq Alashoor, Geoffrey Skinner

Research output: Contribution to journalJournal articleResearchpeer-review

467 Downloads (Pure)

Abstract

Social engineering has become one of the biggest security threats facing organizations. Rather than relying upon information security technical-related shortcomings to break into computer networks, social engineers make use of employees’ individual and organizational traits to deceive them. In such a scenario, it is crucial for organizations to ensure that their employees not only possess sound knowledge about information security but also about the concept of social engineering and threats emerging from social engineering attacks. This study aims to test whether awareness of social engineering can predict and explain individuals’ security-protective practices. We conducted a survey of 265 employees working in different organizations in Saudi Arabia. The results suggest that awareness of social engineering is a positive predictor of security-protective practices above and beyond the predictability power of possessing information security knowledge. Thus, to reduce the probability of potential consequences of social engineering attacks, our study suggests that organizations should not only strive to enhance employees’ security knowledge but should also invest in increasing employees’ awareness of social engineering.
Original languageEnglish
JournalInternational Journal of Computer Applications
Volume177
Issue number38
Pages (from-to)45-49
Number of pages5
ISSN0975-8887
DOIs
Publication statusPublished - Feb 2020
Externally publishedYes

Keywords

  • Cyber security
  • Information security
  • Social engineering
  • Social engineering attacks
  • Social engineering awareness
  • Information security awareness
  • Security awareness programs
  • Information security awareness programs

Cite this