The Rise in Cybercrime and the Dynamics of Exploiting the Human Vulnerability Factor
Keywords:
Social Engineering, Cybercrime, Cyber theft, Network Intrusions, Preventive Measures.Abstract
This paper is primarily intended to firstly define and review the literature in cybersecurity and vividly shed light on the mechanisms involved in the social engineering phenomenon. It will discuss the various attempts at network intrusion and the steps typically taken in the implementation of cyber-thefts. The paper will provide the rationale behind the justification of why humans are considered to be the weakest link in these attacks. The study will also explain the reasons for the rise in cybercrimes and their impact on Organizations. In closing, the paper will put forward some recommendations to serve as preventative measures and solutions to the threats and vulnerabilities posed by cyber-attacks. Finally, measures, such as conducting regular, thorough, and relevant awareness training, frequent drills and realistic tests will be addressed with a view to maintaining a steady focus on the overall discipline of the organization thereby hardening that component of the network that is the softest by nature—the human vulnerability factor.
References
Braiker, H. B. (2004). Who’s pulling your strings?: How to break the cycle of manipulation and regain control of your life. New York, NY: McGraw-Hill.
Curry, S. J. J. (2013). Instant-messaging security. In J. Vacca (Ed.), Computer and information security handbook (2nd ed., p. 727). Boston, MA: Morgan Kaufmann.
Enterprise Risk Management. (2009, November). Social engineering: People hacking. Retrieved from http://www.emrisk.com/sites/default/files/newsletters/ERMNewsletter_november_2009.pdf
Felson, M., & Clarke, R. V. (1998). Opportunity makes the thief: Practical theory for crime prevention (Police Research Series Paper 98). Retrieved from http://webarchive.nationalarchives.gov.uk/20110218135832/rds.homeoffice.gov.uk/rds/prgpdfs/fprs98.pdf
Granger, S. (2010, November 3). Social engineering fundamentals, part 1: Hacker tactics. Retrieved from http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics
Grover, R., Hosenball, M., & Finkle, J. (2014, December 3). Sony Pictures struggles to recover eight days after cyber attack. Retrieved from http://www.reuters.com/article/2014/12/03/us-sony-cybersecurity-investigation-idUSKCN0JG27B20141203
References marked with an asterisk indicate studies included in the meta-analysis.
*Internet Live Stats. (2014, July 1). Internet users in the world. Retrieved from http://www.internetlivestats.com/internet-users/
Kim, P. (2014). The hacker playbook: Practical guide to penetration testing. North Charleston, SC: Secure Planet.
Mitnick, K. D., & Simon, W. L. (2011). Ghost in the wires: My adventures as the world’s most wanted hacker. New York, NY: Back Bay Books.
Pagliery, J. (2014, May 28). Half of American adults hacked this year. Retrieved from http://money.cnn.com/2014/05/28/technology/security/hack-data-breach/
*Ponemon Institute. (2015, May). 2015 Cost of data breach study: United States. Retrieved from IBM website: http://public.dhe.ibm.com/common/ssi/ecm/se/en/sew03055usen/SEW03055USEN.PDF
Simon, G. K. (2010). In sheep’s clothing: Understanding and dealing with manipulative people (2nd ed.). Little Rock, AR: Parkurst Brothers.
*Statista. (2015, August). Number of compromised data records in selected data breaches as of August 2015. Retrieved from http://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/
Yang, J. L., & Jayakumar, A. (2014, January 10). Target says up to 70 million more customers were hit by December data breach. Retrieved from http://www.washingtonpost.com/business/economy/target-says-70-million-customers-were-hit-by-dec-data-breach-more-than-first-reported/2014/01/10/0ada1026-79fe-11e3-8963-b4b654bcc9b2_story.html
Works Consulted
Al-Johani, A. A., & Al-Msloum, A. S. (2013, November). Social engineering risks in the contemporary reality and methods of fighting these risks. International Journal of Academic Research, 5(6), 265-272. http://dx.doi.org/10.7813/2075-4124.2013/5-6/A.33
Allen, M. (2006, June). Social engineering: A means to violate a computer system. Retrieved from https://www.sans.org/reading-room/whitepapers/engineering/social-engineering-means-violate-computer-system-529
Bavisi, S. (2013). Penetration testing. In J. Vacca (Ed.), Computer and information security handbook (2nd ed., p. 535). Boston, MA: Morgan Kaufmann.
Bidgoli, H (Ed.). (2006). Handbook of information security: Threats, vulnerabilities, prevention, and management. Hoboken, NJ: John Wiley & Sons.
CBS. (2015, March 3). These cybercrime statistics will make you think twice about your password: Where’s the CSI cyber team when you need them? Retrieved from http://www.cbs.com/shows/csi-cyber/news/1003888/these-cybercrime-statistics-will-make-you-think-twice-about-your-password-where-s-the-csi-cyber-team-when-you-need-them-/
Chen, T., & Walsh, P. (2013). Guarding against network intrusions. In J. Vacca (Ed.), Computer and information security handbook (2nd ed., p. 83). Boston, MA: Morgan Kaufmann.
Crank, C. (2014, June 30). Social engineering: How it’s used to gain cyber information. Retrieved from http://www.scmagazine.com/social-engineering-how-its-used-to-gain-cyber-information/article/358339/
Criddle, L. (2015). What is social engineering? Retrieved from http://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering
DiBello, A. (2014, December 29). Social engineering will ramp up in 2015. Retrieved from http://www.scmagazine.com/social-engineering-will-ramp-up-in-2015/article/389169/
El Emary, I., Shalhoub, M., Arif, M., Alsereihy, H., Shalhoub, L., & Al-Sahhaf, N. (2013, January). Social engineering and its effective role in securing and defending the knowledge community. International Journal of Academic Research, 5(1), 95-100. http://dx.doi.org/10.7813/2075-4124.2013/5-1/A.15
Goodrich, M., & Tamassia, R. (2011). Introduction to computer security. Boston, MA: Pearson.
Greabu-Serban, V., & Serban, O. (2014). Social engineering a general approach. Informatica Economica, 18(2), 5-14. http://dx.doi.org/10.12948/issn14531305/18.2.2014.01
Hadnagy, C. (2010). Social engineering: The art of human hacking. Indianapolis, IN: Wiley
Hadnagy, C. (2014). Unmasking the social engineer: The human element of security. Indianapolis, IN: John Wiley & Sons.
Harley, D. (1998). Re-floating the Titanic: Dealing with social engineering attacks. In EICAR 98 Conference Proceedings [Compact disk]. EICAR. Retrieved from http://cluestick.info/hoax/harley_eicar98.htm
Harman, P. (2015, May 13). Businesses beware: Social engineering fraud could cost you millions. Claims Magazine, 63(6), 12-13. Retrieved from http://www.propertycasualty360.com/2015/05/13/businesses-beware-social-engineering-fraud-could-c
Harman, P. (2015, August 7). Social engineering scams: How hackers are stealing from your clients. Retrieved from http://www.propertycasualty360.com/2015/08/07/social-engineering-scams-how-hackers-are-stealing
Harman, P. (2015, October 2). Cyber crime: The gift that keeps on giving. Retrieved from http://www.propertycasualty360.com/2015/10/02/cyber-crime-the-gift-that-keeps-on-giving
Honan, B. (2015, August 6). Ubiquiti Networks victim of $39 million social engineering attack. Retrieved from http://www.csoonline.com/article/2961066/supply-chain-security/ubiquiti-networks-victim-of-39-million-social-engineering-attack.html
*IBM Security. (2015). IBM 2015 cyber security intelligence index. Retrieved from IBM website: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03073USEN&attachment=SEW03073USEN.PDF
Lascano, S. (2014, September 4). Malware bypasses Chrome extension security feature. Retrieved from http://blog.trendmicro.com/trendlabs-security-intelligence/malware-bypasses-chrome-extension-security-feature/
Lieu, C. (2002). Social engineering - attacking the weakest link. Retrieved from https://www.giac.org/paper/gsec/2082/social-engineering-attacking-weakest-link/103563
Mitnick, K. D., & Simon, W. L. (2003). The art of deception: Controlling the human element of security. Indianapolis, IN: Wiley.
Patil, H., Wing, D., & Chen, T. (2013). VoIP security. In J. Vacca (Ed.), Computer and information security handbook (2nd ed., pp. 877-878). Boston, MA: Morgan Kaufmann.
Peters, S. (2015, March 17). The 7 best social engineering attacks ever. Retrieved from http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411
Social-Engineer.Org. (2014, April 28). The social engineering infographic. Retrieved from http://www.social-engineer.org/social-engineering/social-engineering-infographic/
Swanson, C., Chamelin, N., Territo, L., & Taylor, R. (2011). Criminal investigation (11th ed.). New York, NY: McGraw-Hill.
Valacich, J., & Schneider, C. (2014). Information systems today: Managing in the digital world (6th ed.). Boston, MA: Pearson.
Walker, D. (2014, May 29). Iranian spies bait U.S. officials in years-long social engineering scheme. Retrieved from http://www.scmagazine.com/iranian-spies-bait-us-officials-in-years-long-social-engineering-scheme/article/349079/
Walker, D. (2014, June 11). Clandestine Fox attack op uses social engineering to woo new victims. Retrieved from http://www.scmagazine.com/clandestine-fox-attack-op-uses-social-engineering-to-woo-new-victims/article/355318/
Webopedia. (n.d.). Social engineering. Retrieved from
http://www.webopedia.com/TERM/S/social_engineering.html
Weise, E. (2014, September 24). 43% of companies had a data breach in the past year. Retrieved from http://www.usatoday.com/story/tech/2014/09/24/data-breach-companies-60/16106197/
Downloads
Published
How to Cite
Issue
Section
License
Authors who submit papers with this journal agree to the following terms.