Measuring Awareness of Social Engineering in the Educational Sector in the Kingdom of Saudi Arabia

Abstract

Social engineering is one of the most inventive methods of gaining unauthorized access to information systems and obtaining sensitive information. This type of cybersecurity threat requires minimal technical knowledge because it relies on the organization’s human element. Social engineers use various techniques, such as phishing, to manipulate users into either granting them access to various systems or disclosing their private data and information. Social engineering attacks can cost organizations more than 100,000 USD per instance. Therefore, it is necessary for organizations to increase their users’ awareness of social engineering attacks to mitigate the problem. The aim of this study is to provide a measurement of social engineering awareness in the Saudi educational sector. To achieve the aim of this study, a questionnaire was developed and evaluated. A total of 465 respondents completed the survey and answered questions related to measuring their knowledge of social engineering. The results show that 34% of participants (158 participants) had previous knowledge of social engineering approaches. The results also indicate that there are significant differences between participants with prior knowledge of social engineering and those with no such knowledge in terms of their security practices and skills. The implication of this study is that training is an essential factor in increasing the awareness of social engineering attacks in the Saudi educational sector.