To read this content please select one of the options below:

Social engineering defence mechanisms and counteracting training strategies

Peter Schaab (Department of Software Engineering, Technische Universitat Munchen Fakultat fur Informatik, Garching, Bayern, Germany)
Kristian Beckers (Department of Software Engineering, Technische Universitat Munchen Fakultat fur Informatik, Garching, Bayern, Germany)
Sebastian Pape (Business Informatics and Information Economics, Goethe-Universitat Frankfurt am Main Fachbereich 02 Wirtschaftswissenschaften, Frankfurt am Main, Hessen, Germany)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 12 June 2017

1941

Abstract

Purpose

This paper aims to outline strategies for defence against social engineering that are missing in the current best practices of information technology (IT) security. Reason for the incomplete training techniques in IT security is the interdisciplinary of the field. Social engineering is focusing on exploiting human behaviour, and this is not sufficiently addressed in IT security. Instead, most defence strategies are devised by IT security experts with a background in information systems rather than human behaviour. The authors aim to outline this gap and point out strategies to fill the gaps.

Design/methodology/approach

The authors conducted a literature review from viewpoint IT security and viewpoint of social psychology. In addition, they mapped the results to outline gaps and analysed how these gaps could be filled using established methods from social psychology and discussed the findings.

Findings

The authors analysed gaps in social engineering defences and mapped them to underlying psychological principles of social engineering attacks, for example, social proof. Furthermore, the authors discuss which type of countermeasure proposed in social psychology should be applied to counteract which principle. The authors derived two training strategies from these results that go beyond the state-of-the-art trainings in IT security and allow security professionals to raise companies’ bars against social engineering attacks.

Originality/value

The training strategies outline how interdisciplinary research between computer science and social psychology can lead to a more complete defence against social engineering by providing reference points for researchers and IT security professionals with advice on how to improve training.

Keywords

Citation

Schaab, P., Beckers, K. and Pape, S. (2017), "Social engineering defence mechanisms and counteracting training strategies", Information and Computer Security, Vol. 25 No. 2, pp. 206-222. https://doi.org/10.1108/ICS-04-2017-0022

Publisher

:

Emerald Publishing Limited

Copyright © 2017, Emerald Publishing Limited

Related articles