Scanning the Resilience of an Organization Employees to Social Engineering Attacks Using Machine Learning Technologies

Abstract

The relevance of the article is due to an increase in the number of social engineering attacks on users of protected information systems of organizations. The increased danger of reducing the resistance of users to social engineering attacks is shown. A great interest in theoretical and practical issues of protecting organizations from social engineering attacks has been revealed. In modern practice, anthropogenic methods of protection against them are widely developed, which are implemented as part of raising awareness in the field of information security and the culture of cybersecurity, but their effectiveness is low. Therefore, there is a need to develop tools to protect organizations from socioengineering attacks. The market for pentesting services in this area is starting to develop. However, in Russia, these services are not cheap for organizations, and consulting companies, as a rule, are interested in the fact that the audit results motivate organizations to use their expensive information protection products. The article substantiates the possibility of solving the problem using machine learning technologies. The results of the development and implementation of an economical tool for internal testing of the organization’s employees with the aim of increasing their resistance to social engineering attacks of various types and forms are described. The scientific novelty and practical significance of the author’s software application lies in its multifunctionality: it allows not only to detect user vulnerabilities, but also to increase their involvement in the process of detecting social engineering attacks and to develop a culture of information security of the organization.