SOCIAL ENGINEERING AND CYBER SECURITY

2017 ◽  
Author(s):  
Filipe Breda ◽  
Hugo Barbosa ◽  
Telmo Morais
Keyword(s):  
Cyber Security ◽  
Social Engineering

scholarly journals Cyber operational risk scenarios for insurance companies

2019 ◽  
Vol 24 ◽  
Author(s):  
R. Egan ◽  
S. Cartagena ◽  
R. Mohamed ◽  
V. Gosrani ◽  
J. Grewal ◽  
...  
Keyword(s):  
Cyber Security ◽  
Operational Risk ◽  
Social Engineering ◽  
Insurance Companies ◽  
List Type ◽  
Operational Risks ◽  
Life Insurer ◽  
Cyber Risk ◽  
The Impact ◽  
Over Time

AbstractCyber Operational Risk: Cyber risk is routinely cited as one of the most important sources of operational risks facing organisations today, in various publications and surveys. Further, in recent years, cyber risk has entered the public conscience through highly publicised events involving affected UK organisations such as TalkTalk, Morrisons and the NHS. Regulators and legislators are increasing their focus on this topic, with General Data Protection Regulation (“GDPR”) a notable example of this. Risk actuaries and other risk management professionals at insurance companies therefore need to have a robust assessment of the potential losses stemming from cyber risk that their organisations may face. They should be able to do this as part of an overall risk management framework and be able to demonstrate this to stakeholders such as regulators and shareholders. Given that cyber risks are still very much new territory for insurers and there is no commonly accepted practice, this paper describes a proposed framework in which to perform such an assessment. As part of this, we leverage two existing frameworks – the Chief Risk Officer (“CRO”) Forum cyber incident taxonomy, and the National Institute of Standards and Technology (“NIST”) framework – to describe the taxonomy of a cyber incident, and the relevant cyber security and risk mitigation items for the incident in question, respectively.Summary of Results: Three detailed scenarios have been investigated by the working party:∙Employee leaks data at a general (non-life) insurer: Internal attack through social engineering, causing large compensation costs and regulatory fines, driving a 1 in 200 loss of £210.5m (c. 2% of annual revenue).∙Cyber extortion at a life insurer: External attack through social engineering, causing large business interruption and reputational damage, driving a 1 in 200 loss of £179.5m (c. 6% of annual revenue).∙Motor insurer telematics device hack: External attack through software vulnerabilities, causing large remediation / device replacement costs, driving a 1 in 200 loss of £70.0m (c. 18% of annual revenue).Limitations: The following sets out key limitations of the work set out in this paper:∙While the presented scenarios are deemed material at this point in time, the threat landscape moves fast and could render specific narratives and calibrations obsolete within a short-time frame.∙There is a lack of historical data to base certain scenarios on and therefore a high level of subjectivity is used to calibrate them.∙No attempt has been made to make an allowance for seasonality of renewals (a cyber event coinciding with peak renewal season could exacerbate cost impacts)∙No consideration has been given to the impact of the event on the share price of the company.∙Correlation with other risk types has not been explicitly considered.Conclusions: Cyber risk is a very real threat and should not be ignored or treated lightly in operational risk frameworks, as it has the potential to threaten the ongoing viability of an organisation. Risk managers and capital actuaries should be aware of the various sources of cyber risk and the potential impacts to ensure that the business is sufficiently prepared for such an event. When it comes to quantifying the impact of cyber risk on the operations of an insurer there are significant challenges. Not least that the threat landscape is ever changing and there is a lack of historical experience to base assumptions off. Given this uncertainty, this paper sets out a framework upon which readers can bring consistency to the way scenarios are developed over time. It provides a common taxonomy to ensure that key aspects of cyber risk are considered and sets out examples of how to implement the framework. It is critical that insurers endeavour to understand cyber risk better and look to refine assumptions over time as new information is received. In addition to ensuring that sufficient capital is being held for key operational risks, the investment in understanding cyber risk now will help to educate senior management and could have benefits through influencing internal cyber security capabilities.

Cyber Security and Social Engineering

2021 ◽  
Author(s):  
Barbora Kotkova ◽  
Martin Hromada
Keyword(s):  
Cyber Security ◽  
Social Engineering

Data Security

2019 ◽  
Vol 10 (4) ◽  
pp. 25-39
Author(s):  
Otobong Inieke
Keyword(s):  
Information Systems ◽  
Literature Review ◽  
Cyber Security ◽  
Data Security ◽  
Digital Literacy ◽  
Social Engineering ◽  
Extensive Literature ◽  
Ongoing Research ◽  
Business Information Systems ◽  
Business Information

Data security in the information age is a critical facet in the integrity and reliability of the various information systems making up value structures of businesses, organizations etc. Aside from professionals directly involved with securing data within these systems, the importance of data security is not readily apparent to the everyday user of devices in the information systems. The purpose of this literature review is to highlight challenges related to data security and business information systems in conjunction with digital literacy. An extensive literature review was conducted with the aim of identifying and describing scenarios of technology misuse as well as vulnerabilities in vital business information systems. A gap in awareness continues to plague those who leverage information systems for its myriad uses because everyday users will in most cases dismiss data security advice as alarmist or jargon-laden. This falls in line with a 2018 cyber security survey from Statista which showed that 22% of data security tasks was preventing malware while 17% of tasks were dedicated to preventing social engineering and phishing attacks. This literature review will describe possible data insecurity solutions as well as potential areas of further research. The paper will point out the importance of digital literacy as well as recommendations for its improvement in society and also ongoing research in that regard. The essence of this literature review is to identify certain everyday information systems such as decision support systems and transaction processing systems; while pointing out vulnerabilities and threat nature i.e. technical or non-technical and also demonstrating the importance of digital literacy and lack thereof.

scholarly journals Emerging Threats for the Human Element and Countermeasures in Current Cyber Security Landscape

2019 ◽  
pp. 1264-1269 ◽  
Author(s):  
Vladlena Benson ◽  
John McAlaney ◽  
Lara A. Frumkin
Keyword(s):  
Cyber Security ◽  
Social Engineering ◽  
Human Behaviour ◽  
Human Element ◽  
Emerging Trends ◽  
Starting Point ◽  
Online Behaviour ◽  
Emerging Issues ◽  
Research Questions

The chapter presents an overview of emerging issues in the psychology of human behaviour and the evolving nature of cyber threats. It reflects on the role of social engineering as the entry point of many sophisticated attacks and highlights the relevance of the human element as the starting point of implementing cyber security programmes in organisations as well as securing individual online behaviour. Issues associated with the emerging trends in human behaviour research and ethics are presented for further discussion. The chapter concludes with a set of open research questions warranting immediate academic attention to avoid the exponential growth of information breaches in the future.

scholarly journals The Great New Zealand Botnet: Broadband to the Door an Asset  or Security Issue?

2021 ◽  
Author(s):  
◽  
Kyle Gibson
Keyword(s):  
New Zealand ◽  
Cyber Security ◽  
Online Survey ◽  
Social Engineering ◽  
Mitigation Strategies ◽  
Security Awareness ◽  
Security Issue ◽  
Security Strategy ◽  
Online Security ◽  
Internet Users

<p>This research explores the level of security awareness, of domestic Internet users in New Zealand. Awareness and online security are the top priorities of the New Zealand Cyber Security Strategy, but little research has been conducted to gauge the current level of security awareness in context with common mitigation strategies. The majority of the literature on the subject is primarily focused on organisational technology security and awareness so this had to be put in context with domestic users. A sample set of Facebook friends of the researcher were asked to respond to an online survey. The survey explored the respondents' attitude and selfevaluated level of security awareness, and their awareness of a subset of mitigation strategies from the Australian Defence Signals Directorates' 'Strategies to Mitigate Targeted Cyber Intrusions'. The respondents demonstrated a good level of security awareness regarding patching and anti-virus, but there is a need for more education regarding access control and social engineering.</p>

scholarly journals Avoid being a victim of social engineering attack during the COVID-19 pandemic

2021 ◽  
Author(s):  
S M Nazmuz Sakib
Keyword(s):  
Digital Media ◽  
Human Behavior ◽  
Cyber Security ◽  
Social Engineering ◽  
Disease Outbreak ◽  
Social Technology ◽  
Internet Connectivity ◽  
Cyber Threats ◽  
Safety Knowledge ◽  
Number Of Individuals

Several professional routines were moved to Digital media because of the prevalent circumstances of the COVID 19 disease outbreak. This resulted in a spike in the number of individuals on all these sites and also saw current members leap into the period consumed digitally. This rise in folk's internet connectivity often never precedes cyber security awareness and the different forms of threats that can happen to a daily Web user. This makes this particular circumstance ready for use by malicious hackers and social engineering attacks (SEA) are indeed the main kind. The assaults on social engineering are a category of advanced cyber threats that manipulate the inherent human behavior and thus violate most security mechanisms. This article addresses how the COVID-19 disease outbreak has laid the groundwork for an increased social technology assault, the implications of these threats as well as some strategies for countering these challenges. This report would assist entities and enterprises through an examination of the several known threats on coronaviruses and suggestions. The study also investigated social engineering philosophy and proposes safety knowledge as a solution for reducing the risk of threats of being the victim of social engineering.

scholarly journals Individual Cyber Security: Empowering Employees to Resist Spear Phishing to Prevent Identity Theft and Ransomware Attacks

2018 ◽  
Vol 13 (6) ◽  
pp. 1 ◽  
Author(s):  
Jason E. Thomas
Keyword(s):  
Subject Matter ◽  
Cyber Security ◽  
Social Engineering ◽  
Identity Theft ◽  
Difficult Problem ◽  
Future Research ◽  
Subject Matter Experts ◽  
Point Of Entry ◽  
Value Propositions ◽  
Cyber Crimes

One of the most difficult challenges in information security today is phishing. Phishing is a difficult problem to address because there are many permutations, messages, and value propositions that can be sent to targets. Spear phishing is also associated with social engineering, which can be difficult for even trained or savvy employees to detect. This makes the user the critical point of entry for miscreants seeking to perpetrate cyber crimes such as identity theft and ransomware propagation, which cause billions of dollars in losses each year. Researchers are exploring many avenues to address this problem, including educating users and making them aware of the repercussions of becoming victims of phishing. The purpose of this study was to interview security professionals to gain better insight on preventing users and employees from succumbing to phishing attack. Seven subject-matter experts were interviewed, revealing nine themes describing traits that identify users as vulnerable to attack or strongly resistive to attack, as well as training suggestions to empower users to resist spear phishing attacks. Suggestions are made for practitioners in the field and future research.

Sign in / Sign up

Export Citation Format

Share Document