Never Rely On Information Security Systems Social Engineering Attack

Rand Mohammad Abu Hammour, Yousef Safwan Al Gharaibeh

Abstract


Social Engineering Attack is recently becoming a real threat affecting organizations, whereas 53.9% of such attacks are targeting the banking sector, where the success of this kind of attacks can cause a huge financial loss, customer’s sensitive data damage and a real reputational loss, and although banks are investing their money on security, and spending budgets on securing their hardware and software, but it is the human being factor that is the weakness that can be easily exploited and is still the real security challenge, which will always keep the banking sector under the risk of a successful social engineering attack. In this paper, we applied an information technology governance framework on a certain Jordanian bank to avoid the success of a social engineering attack, and we worked on a case study that mainly focuses on Phishing Attack, which is considered one of the most common threats in banks and the way staff will deal with it. The results show positive improvements in staff awareness and in avoiding such types of attacks, as well as a marked increase in reporting any suspicious activity noticed by employees.

Keywords


Attack; Social Engineering; Phishing; Governance; Banking; Awareness; Digital Shadowing.

References


P.S. Maan and M. Sharma, “Social Engineering: A Partial Technical Attack”, pp 1, 2012.

Anti-Phishing Working Group, APWG Phishing Attack Trends Report, 3Q, 2018.

Ajaegbu & Adesegun, Oreoluwa & Y.A., Adekunle & Oludele, Awodele. (2013). Social Engineering Attack Awarness : Case Study of A Private University in Nigeria.

Mataracioglu, Tolga & Ozkan, Sevgi. (2011). User Awareness Measurement Through Social Engineering.

M .Junger, L. Montoya, F-J. Overink. (2017). Priming and Warnings Are Not Effective To Prevent Social Engineering Attacks. ElSEVIER.

Maher Aburrous • M. A. Hossain • Keshav Dahal. (2010). Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies. Springer.

Monique Bezuidenhout, Francois Mouton & H.S Venter. (2010). Social Engineering Atta.k Detection Model: SEADM. IEEE.

https://securityintelligence.com/three-reasons-social-engineering-still-threatens-companies/, May 13, 2018.

https://fossbytes.com/what-is-social-engineering-types-techniques/, May 13, 2018.

A Kher, Tejasvini & Kariya, Swati. (2016). A Survey on Social Engineering: Techniques and Countermeasures. International journal of Scientific Research and Development. 4. 2321-613.

https://www.isaca.org/, January, 02, 2018.

Central Bank of Jordan, Information and Technology Governance Regulations number (65/2016), 2016.

ScanWave Information Security Consultants Company, Phishing Statistics in Jordan and worldwide




DOI: http://dx.doi.org/10.30630/joiv.3.1.219

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


JOIV : International Journal on Informatics Visualization
Published by Information Technology Department
Politeknik Negeri Padang, Indonesia

© JOIV - ISSN : 2549-9610 | e-ISSN : 2549-9904 

Phone : +62-82386434344
Email  : hidraamnur@live.com | hidra@pnp.ac.id


Creative Commons License is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

View My Stats