Avoid being a victim of social engineering attack during the COVID-19 pandemic

Mapping Intimacies ◽

10.31219/osf.io/w5t4d ◽

2021 ◽

Author(s):

S M Nazmuz Sakib

Keyword(s):

Digital Media ◽

Human Behavior ◽

Cyber Security ◽

Social Engineering ◽

Disease Outbreak ◽

Social Technology ◽

Internet Connectivity ◽

Cyber Threats ◽

Safety Knowledge ◽

Number Of Individuals

Several professional routines were moved to Digital media because of the prevalent circumstances of the COVID 19 disease outbreak. This resulted in a spike in the number of individuals on all these sites and also saw current members leap into the period consumed digitally. This rise in folk's internet connectivity often never precedes cyber security awareness and the different forms of threats that can happen to a daily Web user. This makes this particular circumstance ready for use by malicious hackers and social engineering attacks (SEA) are indeed the main kind. The assaults on social engineering are a category of advanced cyber threats that manipulate the inherent human behavior and thus violate most security mechanisms. This article addresses how the COVID-19 disease outbreak has laid the groundwork for an increased social technology assault, the implications of these threats as well as some strategies for countering these challenges. This report would assist entities and enterprises through an examination of the several known threats on coronaviruses and suggestions. The study also investigated social engineering philosophy and proposes safety knowledge as a solution for reducing the risk of threats of being the victim of social engineering.

Download Full-text

КІБЕРБЕЗПЕКА В ЦИФРОВОМУ НАВЧАЛЬНОМУ СЕРЕДОВИЩІ

Information Technologies and Learning Tools ◽

10.33407/itlt.v70i2.2876 ◽

2019 ◽

Vol 70 (2) ◽

pp. 313

Author(s):

Valeriy Yu. Bykov ◽

Oleksandr Yu. Burov ◽

Nina P. Dementievska

Keyword(s):

Cyber Security ◽

Weak Link ◽

Social Engineering ◽

Cyber Attacks ◽

Educational Process ◽

Cyber Threats ◽

Current State ◽

Psychological Tools ◽

Process Learning ◽

Cognitive Experience

The article discusses the problems of cyber-security of participants of the educational process, emphasizes the fact that these problems are not limited to the technical aspects of the protection of information resources, they must include in their entirety the following types of protection: legal, technical, informational, organizational and psychological. Among the psychological tools for securing cyber-security, it is proposed to distinguish cognitive ones, as the general population, and especially children and youth, increasingly become targets of cyber-attacks, first of all, their cognitive sphere, becoming the most vulnerable (weak) link in the network. In anthropocentric networks, which make up an ever-increasing share among common networks, the network itself acquires new properties, acting as an independent component (in addition to factors such as the network node, interface and links). Threats to participants in the educational process from the cyberspace should be regarded as passive and active, developing adequate means of protection and viability of the system "subject of educational process-learning-environment". The most significant among cyber-threats for the participants of the educational process are the social engineering methods, which knowledge and resistance can be the most effective for providing cyber-security. As part of the training of participants in the educational process on cyber-security, it is proposed to use "cyber vaccination", that is the formation of a conscious cognitive experience of staying under the influence of a cyber threat and counteracting it as a system of training activities that include, in addition to traditional methods, training of "cyber attacks", as well as the formation of knowledge and skills of resilience (recovery) in relation to cyber-threats. Further research is suggested to focus on the detailed development of types of threats to participants in the education process, as well as methods of counteraction. A special place should be a problem of resistance to cyber-threats, which can use the experience of training operators in emergent industries, including assessing the current state of the person and necessary adjustments in order to optimize its performance.

Download Full-text

Individual awareness of cyber-security vulnerability - Citizen and public servant

Central and Eastern European eDem and eGov Days ◽

10.24989/ocg.v325.34 ◽

2018 ◽

Vol 325 ◽

pp. 411-422

Author(s):

Krisztina Győrffy ◽

Ferenc Leitold ◽

Anthony Arrott

Keyword(s):

Cyber Security ◽

Social Engineering ◽

Well Being ◽

Security Awareness ◽

User Behaviour ◽

Individual User ◽

Cyber Threats ◽

Individual Vulnerability ◽

Public Servant ◽

Monitoring Tools

Cyber-security is not concerned so much with average or median vulnerability in an organization. Rather more important is identifying the weakest links. Individual user susceptibility and user behaviour risk assessment are key to measuring the effectiveness of cyber-security awareness programs and policies. Increasingly, it has been demonstrated that managing individual user susceptibility is as critical to organization well-being as maintaining patched IT infrastructure or responding to specific immediate cyber-threat alerts. Despite IT systems audits, human factor studies, training courses, user policies, and user documentation, managing user cyber-security awareness remains one of the weakest links in protecting organizations from cyber-threats. Most employees are not aware of the cyber-threats they are most likely to encounter while performing their work. They are susceptible to malicious manipulation (social engineering threats) and they tend not to follow standard procedures (either through ignorance or in attempting to circumvent security procedures to achieve more productivity). Typically, employees only recognize the importance of cyber-security policies and practices after an incident has happened to themselves. With the increasing availability and utility of IT network traffic analysis tools and active user behaviour probes (e.g., fake-phishing), employees can be given direct and individual feedback to increase their cyber-security awareness and improve their cyber-security practices. Beyond an organization’s employees, the same holds for a country’s citizens, or a government’s public servants. At their best, these user behaviour monitoring tools can be used in an open and transparent way to increase awareness of individual vulnerability before actual incidents occur. In addition to presenting results from the application of user behaviour monitoring tools to cybersecurity, this paper examines the efficacy of the privacy protection safeguards that they incorporate. These results are applied to public sector approaches to: (a) public awareness of citizen cyber-health; (b) securing online pubic services; and (c) public servant awareness of their own vulnerability to cyber-threats.

Download Full-text

Aviation cyber security: legal aspects of cyber threats

Journal of Transportation Security ◽

10.1007/s12198-021-00232-8 ◽

2021 ◽

Author(s):

Michal Klenka

Keyword(s):

Cyber Security ◽

Legal Aspects ◽

Cyber Threats

Download Full-text

Cyber operational risk scenarios for insurance companies

British Actuarial Journal ◽

10.1017/s1357321718000284 ◽

2019 ◽

Vol 24 ◽

Cited By ~ 1

Author(s):

R. Egan ◽

S. Cartagena ◽

R. Mohamed ◽

V. Gosrani ◽

J. Grewal ◽

...

Keyword(s):

Cyber Security ◽

Operational Risk ◽

Social Engineering ◽

Insurance Companies ◽

List Type ◽

Operational Risks ◽

Life Insurer ◽

Cyber Risk ◽

The Impact ◽

Over Time

AbstractCyber Operational Risk: Cyber risk is routinely cited as one of the most important sources of operational risks facing organisations today, in various publications and surveys. Further, in recent years, cyber risk has entered the public conscience through highly publicised events involving affected UK organisations such as TalkTalk, Morrisons and the NHS. Regulators and legislators are increasing their focus on this topic, with General Data Protection Regulation (“GDPR”) a notable example of this. Risk actuaries and other risk management professionals at insurance companies therefore need to have a robust assessment of the potential losses stemming from cyber risk that their organisations may face. They should be able to do this as part of an overall risk management framework and be able to demonstrate this to stakeholders such as regulators and shareholders. Given that cyber risks are still very much new territory for insurers and there is no commonly accepted practice, this paper describes a proposed framework in which to perform such an assessment. As part of this, we leverage two existing frameworks – the Chief Risk Officer (“CRO”) Forum cyber incident taxonomy, and the National Institute of Standards and Technology (“NIST”) framework – to describe the taxonomy of a cyber incident, and the relevant cyber security and risk mitigation items for the incident in question, respectively.Summary of Results: Three detailed scenarios have been investigated by the working party:∙Employee leaks data at a general (non-life) insurer: Internal attack through social engineering, causing large compensation costs and regulatory fines, driving a 1 in 200 loss of £210.5m (c. 2% of annual revenue).∙Cyber extortion at a life insurer: External attack through social engineering, causing large business interruption and reputational damage, driving a 1 in 200 loss of £179.5m (c. 6% of annual revenue).∙Motor insurer telematics device hack: External attack through software vulnerabilities, causing large remediation / device replacement costs, driving a 1 in 200 loss of £70.0m (c. 18% of annual revenue).Limitations: The following sets out key limitations of the work set out in this paper:∙While the presented scenarios are deemed material at this point in time, the threat landscape moves fast and could render specific narratives and calibrations obsolete within a short-time frame.∙There is a lack of historical data to base certain scenarios on and therefore a high level of subjectivity is used to calibrate them.∙No attempt has been made to make an allowance for seasonality of renewals (a cyber event coinciding with peak renewal season could exacerbate cost impacts)∙No consideration has been given to the impact of the event on the share price of the company.∙Correlation with other risk types has not been explicitly considered.Conclusions: Cyber risk is a very real threat and should not be ignored or treated lightly in operational risk frameworks, as it has the potential to threaten the ongoing viability of an organisation. Risk managers and capital actuaries should be aware of the various sources of cyber risk and the potential impacts to ensure that the business is sufficiently prepared for such an event. When it comes to quantifying the impact of cyber risk on the operations of an insurer there are significant challenges. Not least that the threat landscape is ever changing and there is a lack of historical experience to base assumptions off. Given this uncertainty, this paper sets out a framework upon which readers can bring consistency to the way scenarios are developed over time. It provides a common taxonomy to ensure that key aspects of cyber risk are considered and sets out examples of how to implement the framework. It is critical that insurers endeavour to understand cyber risk better and look to refine assumptions over time as new information is received. In addition to ensuring that sufficient capital is being held for key operational risks, the investment in understanding cyber risk now will help to educate senior management and could have benefits through influencing internal cyber security capabilities.

Download Full-text

Cyber Security and Social Engineering

10.1109/cscc53858.2021.00031 ◽

2021 ◽

Author(s):

Barbora Kotkova ◽

Martin Hromada

Keyword(s):

Cyber Security ◽

Social Engineering

Download Full-text

Cyber Attacks on Critical Infrastructure

Civil and Environmental Engineering ◽

10.4018/978-1-4666-9619-8.ch018 ◽

2016 ◽

pp. 448-465

Author(s):

Ana Kovacevic ◽

Dragana Nikolic

Keyword(s):

Control Systems ◽

Cyber Security ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Cyber Attack ◽

Future Directions ◽

Infrastructure Systems ◽

Cyber Threats ◽

Scada Systems ◽

Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Download Full-text

Cybersecurity Policy and Its Implementation in Indonesia

Journal of ASEAN Studies ◽

10.21512/jas.v4i1.967 ◽

2016 ◽

Vol 4 (1) ◽

pp. 61 ◽

Cited By ~ 1

Author(s):

Muhamad Rizal ◽

Yanyan Yani

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

The State ◽

Nation State ◽

Counter Measures ◽

Cyber Threats ◽

Unitary State ◽

The Republic ◽

The Government ◽

State Defense

The purpose of state defense is to protect and to save the integrity of the Unitary State of the Republic of Indonesia, the sovereignty of the state, as well as its security from all kinds of threats, whether they are military or non-military ones. One of the non-military threats that potentially threatens the sovereignty and security of the nation-state is the misuse of technology and information in cyberspace. The threat of irresponsible cyber attacks can be initiated by both state and non-state actors. The actors may be an individual, a group of people, a faction, an organization, or even a country. Therefore, the government needs to anticipate cyber threats by formulating cyber security strategies and determining comprehensive steps to defend against cyber attacks; its types and the scale of counter-measures, as well as devising the rules of law.

Download Full-text

Awareness and Following of Information Security Policies as the Main Rule to Protect Against Threats in Digital Communication Processes. Cybersecurity as the Arena of Modern Warfare

Social Communication ◽

10.2478/sc-2021-0012 ◽

2021 ◽

Vol 7 (1) ◽

pp. 124-142

Author(s):

Piotr Łuczuk

Keyword(s):

Cyber Security ◽

Digital Communication ◽

Technological Development ◽

Popular Literature ◽

Communication Process ◽

Security Policies ◽

Cyber Threats ◽

Communication Processes ◽

State Administration ◽

Modern Warfare

Abstract Nowadays, due to the benefits of technological development and the spread of the Internet, various threats have started to be recognized. Still, the awareness of society, especially politicians and state administration in this area is insufficient. This is also evidenced by the fact that initially this topic was not discussed at all in the scientific and even popular literature. The author of the article poses a question: is there, then, an effective method of defense against cyber threats, since their effects can be so disturbing? According to the author, the key to cyber security is the awareness of users of the digital communication process, both at the administrative and social levels.

Download Full-text