TY - JOUR
T1 - A multi-layered security model to counter social engineering attacks: a learning-based approach
AU - Iqbal, Zahid
AU - Hassan, Mahmudul
AU - Edwards, Luke
PY - 2024/4/18
Y1 - 2024/4/18
N2 - Social engineering is a malicious technique that leverages deception and manipulation to exploit the cognitive biases and heuristics of human behaviour, causing severe threats to businesses, as it can result in data breaches, reputational damage, as well as legal and regulatory consequences. This paper explores the historical development of social engineering techniques, from traditional methods like impersonation or persuasion to sophisticated tactics leveraging digital platforms and psychological profiling, especially the security model/framework to mitigate social engineering attacks. The model adopts a multi-layered approach, addressing technological vulnerabilities and human factors. It uses learning modules to serve as the central component of the model to ensure an interactive and engaging platform that suits the needs of any organisation. First, it expresses the need for robust cyber-security measures, effective network security, encryption protocols, and access controls. Secondly, the model emphasises employee education and awareness training, promoting a vigilant and security-conscious workforce. Thirdly, the proposed framework emphasises the integration of behavioural analytical data or even AI-driven/-based systems to detect and mitigate social engineering attempts in real-time.
AB - Social engineering is a malicious technique that leverages deception and manipulation to exploit the cognitive biases and heuristics of human behaviour, causing severe threats to businesses, as it can result in data breaches, reputational damage, as well as legal and regulatory consequences. This paper explores the historical development of social engineering techniques, from traditional methods like impersonation or persuasion to sophisticated tactics leveraging digital platforms and psychological profiling, especially the security model/framework to mitigate social engineering attacks. The model adopts a multi-layered approach, addressing technological vulnerabilities and human factors. It uses learning modules to serve as the central component of the model to ensure an interactive and engaging platform that suits the needs of any organisation. First, it expresses the need for robust cyber-security measures, effective network security, encryption protocols, and access controls. Secondly, the model emphasises employee education and awareness training, promoting a vigilant and security-conscious workforce. Thirdly, the proposed framework emphasises the integration of behavioural analytical data or even AI-driven/-based systems to detect and mitigate social engineering attempts in real-time.
U2 - 10.1365/s43439-024-00119-z
DO - 10.1365/s43439-024-00119-z
M3 - Article
SN - 2662-9739
VL - 5
SP - 313
EP - 336
JO - International Cybersecurity Law Review
JF - International Cybersecurity Law Review
ER -