Abstract
The objective of this paper is to examine a model to identify Social Engineer Attack Phases to improve the security countermeasures by Social-Engineer Involvement. A questionnaire was developed and distributed to a sample of 243 respondents who were actively engaged in 3 Jordanian telecommunication companies. All hypotheses were tested using (PLS-SEM). The results of the study indicate that Social Engineer Attack Phases (Identification the potential target, Target Recognition, Decision approach, and Execution) have a partially mediate and significant impact on improving the security countermeasures by Social-Engineer Involvement. On the other hand, the Social Engineer Attack Phases (Information Aggregations, Analysis and Interpretation, Armament, and Influencing) have a fully mediate and significant impact on improving the security countermeasures by Social-Engineer Involvement. The findings of this study help to provide deep insight to help security professionals prepare better and implement the right and appropriate countermeasures, whether technical or soft measures.
Highlights
Today, the internet is the most important communication and information exchange medium
The research aims to present a new model of Social Engineering (SE) attack consists of eight phases (Identification of potential target, information aggregations, analysis and interpretation, target recognition, decision approach, armament, influence, and execution) on improved security countermeasures by considering SEI as mediating variable
The authors hypothesized the potentially mediating influence of SEI andbased on the topic of this research; this paper concluded that the new SE strategy model would present the broadest analysis of the SE attack process (Identification the potential target, target recognition, decision approach, and execution) to improved security countermeasures by considering SEI as partially mediating variable
Summary
The internet is the most important communication and information exchange medium. Securing information and communication systems is still problematic, and no day goes by without a significant cybersecurity incident occurring throughout the world. A recent survey shows that attacks based on tricking victims into performing an action to the benefit of the attacker or sharing sensitive information are one of the most severe threats in cyberspace (Salahdine and Kaabouch, 2019). The human factor has been exploited by SE based upon the context of information security. SE is used to launch attacks against data using human factors
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have