Abstract
It is a well known fact that the weakest link in a cyber secure system is the people who configure, manage or use it. Security breaches are persistently being attributed to human error. Social engineered based attacks are becoming more sophisticated to such an extent where they are becoming increasingly more difficult to detect. Companies implement strong security policies as well as provide specific training for employees to minimise phishing attacks, however these practices rely on the individual adhering to them. This paper explores fuzzy logic and in particular a Mamdani type fuzzy inference system to determine an employees susceptibility to phishing attacks. To negate and identify the susceptibility levels of employees to social engineering attacks a Fuzzy Inference System FIS was created through the use of fuzzy logic. The utilisation of fuzzy logic is a novel way in determining susceptibility due to its ability to resemble human reasoning in order to solve complex inputs, or its Interpretability and simplicity to be able to compute with words. This proposed fuzzy inference system is based on a number of criteria which focuses on attributes relating to the individual employee as well as a companies practices and procedures and through this an extensive rule base was designed. The proposed scoring mechanism is a first attempt towards a holistic solution. To accurately predict an employees susceptibility to phishing attacks will in any future system require a more robust and relatable set of human characteristics in relation to the employee and the employer.
Highlights
It is well established that humans are the weakest link in any secure system and where there is human/computer interaction it can undoubtedly lead to security breaches [1,2,3]
A key issue concerning a human workforce is their vulnerability to social engineering attacks
Millions of pounds are spent by companies securing their systems in an attempt to evade cyber related attacks, this protection can often be undone by a single employee that is either unaware or has not been trained to identify social engineering tactics
Summary
It is well established that humans are the weakest link in any secure system and where there is human/computer interaction it can undoubtedly lead to security breaches [1,2,3]. There are several factors that contribute to weak cyber security awareness in employees [4,5]. Businesses can find themselves vulnerable to attacks which result in security or system breaches, this often leads to the release of personal and sensitive data that results in damage to reputation and reduction in consumer confidence as well as monetary fines [6,7]. During the COVID-19 crisis, employees are encouraged to increase teleworking while at the same time most products and services have become available over the web. The COVID-19 epidemic has resulted in a significant increase of fraudulent mails
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
