Search results

Social engineering is crucial in today’s digital landscape. As technology advances, malicious individuals exploit human judgment and trust. This study explores how age, education and occupation affect individuals’ awareness, skills and perceptions of social engineering.

A quantitative research approach was used to survey a diverse demographic of Egyptian society. The survey was conducted in February 2023, and the participants were sourced from various Egyptian social media pages covering different topics. The collected data was analyzed using descriptive and inferential statistics, including independent samples t-test and ANOVA, to compare awareness and skills across different groups.

The study revealed that younger individuals and those with higher education tend to research social engineering more frequently. Males display a higher level of awareness but score lower in terms of social and psychological consequences as well as types of attacks when compared to females. The type of attack cannot be predicted based on age. Higher education is linked to greater awareness and ability to defend against attacks. Different occupations have varying levels of awareness, skills, and psychosocial consequences. The study emphasizes the importance of increasing awareness, education and implementing cybersecurity measures.

This study’s originality lies in its focus on diverse Egyptian demographics, innovative recruitment via social media, comprehensive exploration of variables, statistical rigor, practical insights for cybersecurity education and diversity in educational and occupational backgrounds.

The purpose of this paper is to investigate the top three cybersecurity issues in organizations related to social engineering and aggregate solutions for counteracting human deception in social engineering attacks.

A total of 20 experts within Information System Security Association participated in a three-round Delphi study for aggregating and condensing expert opinions. Three rounds moved participants toward consensus for solutions to counteract social engineering attacks in organizations.

Three significant issues: compromised data; ineffective practices; and lack of ongoing education produced three target areas for implementing best practices in countering social engineering attacks. The findings offer counteractions by including education, policies, processes and continuous training in security practices.

Study limitations include lack of prior data on effective social engineering defense. Research implications stem from the psychology of human deception and trust with the ability to detect deception.

Practical implications relate to human judgment in complying with effective security policies and programs and consistent education and training. Future research may include exploring financial, operational and educational costs of implementing social engineering solutions.

Social implications apply across all knowledge workers who benefit from technology and are trusted to protect organizational assets and intellectual property.

This study contributes to the field of cybersecurity with a focus on trust and human deception to investigate solutions to counter social engineering attacks. This paper adds to under-represented cybersecurity research regarding effective implementation for social engineering defense.

One of the key components to fraud prevention is strong internal controls. However, the greatest threat to an organization's information security is the manipulation of employees who are too often the victims of ploys and techniques used by slick con men known as social engineers. The purpose of this paper is to help prevent future incidents by increasing the awareness of social engineering attacks.

A review of the more common social engineering techniques is provided. Emphasis is placed on the fact that it is very easy for someone to become a victim of a social engineer.

While many organizations recognize the importance and value of having strong internal controls, many fail to recognize the dangers associated with social engineering attacks.

Individuals and organizations remain vulnerable to social engineering attacks. The focus on internal controls is simply not enough and is not likely to prevent these attacks. Raising awareness is a good first step to addressing this significant and potentially dangerous problem.

This paper provides a concise summary of the most common social engineering techniques. It provides additional evidence that individuals need to better understand their susceptibility to becoming a victim of a social engineer as victims may expose their organizations to very significant harm.

The aim of this article is to explore how social engineering and social marketing are connected, and how social marketing is a tool used to achieve adherence to social engineering.

Through examination of contemporary and historical thinking around social marketing, we present a conceptual argument that social marketing is another tool of the social engineer, and that social engineering, through methods such as social marketing, is pervasive throughout all societies in positive ways.

We develop a conceptual model of social engineering and social marketing, which goes beyond behaviour change to incorporate the essentials of society and the influencers of those essentials. In doing so, we show that social marketing influenced behaviour lies within the social engineering influenced laws, codes and norms of society, which in turn lie within the morals, values and beliefs of society.

This article provides for the first time a conceptual grounding of social marketing within social engineering, enabling academics and practitioners to contextualise social marketing activities in a broader societal framework.

Social practices of work humor among engineering workers are a lesser studied phenomenon. We examine the social practices of an engineering work team through acts of a peculiar form of humorous expression we identify as installation humor. In these cases of installation humor, an anonymous member of the team created a temporary, inappropriate, yet neutral installation of a physical object to amuse the other members of the team. We provide three mini-cases of installation humor; these installations appeared as the team subtly resisted a managerial initiative. We contribute knowledge to the practices of engineers at work and to the practices of resistive humorous expression.

Qualitative, full-participant ethnographic research with multiple data collection methods and utilizing abductive analysis. During the data collection, one of the researchers was a full member of the engineering team.

We identified anonymous, artefact-based enactments of resistive humorous expression, which we named installation humor. We identify and describe installation humor, which occurred at the intersectionality of work and self-expression and served as momentary artefacts symbolic of engineering worker resistance in a high-tech environment.

Managerial awareness of the unfolding forms of worker-led, fleeting signals of resistance, such as acts of installation humor, would provide another dimension of perception for identifying salient signals surrounding the phenomenon of resistance to managerial-led change initiatives. Further research is needed on engineering humor in the R&D workplace to better understand the complexity and dynamics of phenomena such as worker resistance through humorous acts. We suggest future studies on forms of humor in the engineering workplace, including incidences of installation humor as they exist in other professional work environments and organizations, to understand common and shared practices across professional boundaries.

We advance and extend the understanding of humor as a social practice in the context of professional engineers in their R&D workplace and we identify humorous acts serving as a response to negative emotions (Huber, 2022) toward the organization related to a newly instated form of managerial control. This paper contributes to the studies of social practices of humor and emotions (Fine and De Soucey, 2005) in the engineering workplace (Buch and Andersen, 2013; Buch, 2016; Mazzurco et al., 2021) as unsupervised activity at work (Gabriel, 1995), with the social practice of humor adopting a non-verbal form that we identified as installation humor. We named this specific form of humor that we observed as installation humor and defined its specificity and differences from more traditional methods of humor (t. ex. Fine and De Soucey, 2005; Martin and Ford, 2018), shop floor humor (t. ex. Roy 1959), workplace humor (t. ex. Rosenberg et al., 2021) and engineering student humor (Holmila et al., 2007; Bender, 2011; Berge, 2017).The results of this study also suggest that ethnography for studying humor as a social practice is useful in identifying micro-level occurrences of unfolding engineering humor, including humor as a form of resistance.

The study of humor in high-tech engineering settings enhances the literature of engineering work (t. ex. Mazzurco et al., 2021) and emerging humorous phenomena (Jarzabkowski and Lê, 2017). This case study highlights and extends the understanding of the non-technical competencies of engineers and the role of peer-to-peer humor in the engineering workplace as a form of resistance during managerial initiatives within an organization.

The study extends and contributes new knowledge to research on emotions and humor by engineers at work, including the identification of a peculiar form of humor used by the engineers. This study also contributes to nascent research on the social practices of engineers at work. The research material was gathered as a full-member ethnography, increasing methodological knowledge of researching a site from within.

The purpose of this transcendental phenomenological qualitative research study is to understand the essence of what it is like to be an information systems professional working in the USA while managing and defending against social engineering attacks on an organization. The findings add to the information system (IS) body of literature by uncovering commonly shared attitudes, motivations, experiences and beliefs held by IS professionals who are responsible for protecting their company from social engineering attacks.

This is a qualitative, transcendental phenomenological study that was developed to gain a deeper understanding about the essence of what it is like to be an IS professional defending a US business against social engineering attacks. This research design is used when sharing the experiences of study participants is more important than presenting the interpretations of the researcher. To target participants from the industries identified as regularly targeted by social engineers, purposive sampling was used in conjunction with the snowball sampling technique to find additional participants until saturation was reached.

Ten themes emerged from the data analysis: (1) foster a security culture, (2) prevention means education, (3) layered security means better protection, (4) prepare, defend and move on, (5) wide-ranging responsibilities, (6) laying the pipes, (7) all hands on deck, (8) continuous improvement, (9) attacks will never be eliminated and (10) moving pieces makes it harder. The ten themes, together, reveal the essence of the shared experiences of the participants with the phenomenon.

Understanding how to defend an enterprise from social engineering attacks is an international issue with implications for businesses and IS professionals across the world. The findings revealed that to prevent social engineer attacks, all employees – IS and non-IS professionals alike – must be unified in their desire to protect the organization. This means IS professionals and organizational leadership must establish a strong security culture, not only through layered technology and electronic controls but also through open communication between all departments and continuously engaging, training and reinforcing social engineering education, policies, procedures and practices with all employees.

To explore the distinctions between social marketing and social engineering.

Evaluates alternative definitions proposed in the theoretical literature. Gives examples of the use of social engineering by democratic governments, contrasting this with the use by totalitarian regimes of a process of social fabrication, social engineering and social marketing in the form of propaganda.

The consequences of some individual behaviors don’t just affect that one person. When a widespread individual behavior has a social impact then society – typically the government – has to decide if the impact is bad enough to justify doing something about it. That can mean legislation, but is also likely to use marketing methods such as publicity campaigns to influence behavior. This kind of social marketing is generally seen as a “good thing”. Strange, perhaps, when people usually describe social engineering as a “bad thing”.

Concludes that when the public is fully aware of the links between social marketing and social engineering, people will be better able to appreciate the extent to which their behavior is being influenced.

Argues that marketers have an obligation to assess whether social marketing campaigns in which they participate are consistent with the norms and values of their society.

Describes social engineering as a normal part of the business of government – whether totalitarian or democratically elected.

This paper aims to outline strategies for defence against social engineering that are missing in the current best practices of information technology (IT) security. Reason for the incomplete training techniques in IT security is the interdisciplinary of the field. Social engineering is focusing on exploiting human behaviour, and this is not sufficiently addressed in IT security. Instead, most defence strategies are devised by IT security experts with a background in information systems rather than human behaviour. The authors aim to outline this gap and point out strategies to fill the gaps.

The authors conducted a literature review from viewpoint IT security and viewpoint of social psychology. In addition, they mapped the results to outline gaps and analysed how these gaps could be filled using established methods from social psychology and discussed the findings.

The authors analysed gaps in social engineering defences and mapped them to underlying psychological principles of social engineering attacks, for example, social proof. Furthermore, the authors discuss which type of countermeasure proposed in social psychology should be applied to counteract which principle. The authors derived two training strategies from these results that go beyond the state-of-the-art trainings in IT security and allow security professionals to raise companies’ bars against social engineering attacks.

The training strategies outline how interdisciplinary research between computer science and social psychology can lead to a more complete defence against social engineering by providing reference points for researchers and IT security professionals with advice on how to improve training.

Recently, the role of human behavior has become a focal point in the study of information security countermeasures. However, few empirical studies have been conducted to test social engineering theory and the reasons why people may or may not fall victim, and even fewer have tested recommended treatments. Building on theory using threat control factors, the purpose of this paper is to compare the efficacy of recommended treatment protocols.

A confirmatory factor analysis of a threat control model was conducted, followed by a randomized assessment of treatment effects using the model. The data were gathered using a questionnaire containing antecedent factors, and samples of social engineering security behaviors were observed.

It was found that threat assessment, commitment, trust, and obedience to authority were strong indicators of social engineering threat success, and that treatment efficacy depends on which factors are most prominent.

This empirical study provides evidence for certain posited theoretical factors, but also shows that treatment efficacy for social engineering depends on targeting the appropriate factor. Researchers should investigate methods for factor assessment, and practitioners must develop interventions accordingly.

The purpose of this paper is to investigate what are perceived to be the main challenges associated with the integration of social sustainability into engineering education at the KTH Royal Institute of Technology, Stockholm.

Semi-structured interviews were conducted with programme leaders and teachers from four engineering programmes. The paper focuses on how the concept of social sustainability is defined and operationalised in the selected engineering programmes, how social sustainability is integrated and taught, and what resources are required to support teachers and programme leaders as social sustainability educators.

The findings show that programme leaders and teachers at KTH struggle to understand the concept of social sustainability. The vague and value-laden nature of the concept is considered a challenge when operationalising educational policy goals on social sustainability into effective learning outcomes and activities. A consequence is that the responsibility for lesson content ultimately falls on the individual teacher. Study visits and role-play are seen as the most effective tools when integrating social sustainability into the engineering curriculum. Allocation of specific resources including supplementary sustainability training for teachers and economic incentives are considered crucial to successful integration of social sustainability. The findings indicate that social sustainability education needs to be built on a theoretical foundation. It is therefore suggested that a literature canon be established that clarifies the contours of social sustainability.

The findings of the paper can be used as a basis for discussion regarding measures for improving social sustainability training in engineering education, a subject which has attracted relatively little attention, to date.

There is a noticeable lack of empirical research on how technical universities integrate social sustainability into engineering education. The paper provides an account of how actors directly involved in this work – programme leaders and teachers – define and operationalise the social dimension of sustainable development in their engineering curricula, the pedagogical tools they consider effective when teaching social sustainability issues to engineering students, and the resources they believe are needed to strengthen those efforts.