The Rise in Cybercrime and the Dynamics of Exploiting the Human Vulnerability Factor
This paper is primarily intended to firstly define and review the literature in cybersecurity and vividly shed light on the mechanisms involved in the social engineering phenomenon. It will discuss the various attempts at network intrusion and the steps typically taken in the implementation of cyber-thefts. The paper will provide the rationale behind the justification of why humans are considered to be the weakest link in these attacks. The study will also explain the reasons for the rise in cybercrimes and their impact on Organizations. In closing, the paper will put forward some recommendations to serve as preventative measures and solutions to the threats and vulnerabilities posed by cyber-attacks. Finally, measures, such as conducting regular, thorough, and relevant awareness training, frequent drills and realistic tests will be addressed with a view to maintaining a steady focus on the overall discipline of the organization thereby hardening that component of the network that is the softest by nature—the human vulnerability factor.
Braiker, H. B. (2004). Who’s pulling your strings?: How to break the cycle of manipulation and regain control of your life. New York, NY: McGraw-Hill.
Curry, S. J. J. (2013). Instant-messaging security. In J. Vacca (Ed.), Computer and information security handbook (2nd ed., p. 727). Boston, MA: Morgan Kaufmann.
Enterprise Risk Management. (2009, November). Social engineering: People hacking. Retrieved from http://www.emrisk.com/sites/default/files/newsletters/ERMNewsletter_november_2009.pdf
Felson, M., & Clarke, R. V. (1998). Opportunity makes the thief: Practical theory for crime prevention (Police Research Series Paper 98). Retrieved from http://webarchive.nationalarchives.gov.uk/20110218135832/rds.homeoffice.gov.uk/rds/prgpdfs/fprs98.pdf
Granger, S. (2010, November 3). Social engineering fundamentals, part 1: Hacker tactics. Retrieved from http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics
Grover, R., Hosenball, M., & Finkle, J. (2014, December 3). Sony Pictures struggles to recover eight days after cyber attack. Retrieved from http://www.reuters.com/article/2014/12/03/us-sony-cybersecurity-investigation-idUSKCN0JG27B20141203
References marked with an asterisk indicate studies included in the meta-analysis.
*Internet Live Stats. (2014, July 1). Internet users in the world. Retrieved from http://www.internetlivestats.com/internet-users/
Kim, P. (2014). The hacker playbook: Practical guide to penetration testing. North Charleston, SC: Secure Planet.
Mitnick, K. D., & Simon, W. L. (2011). Ghost in the wires: My adventures as the world’s most wanted hacker. New York, NY: Back Bay Books.
Pagliery, J. (2014, May 28). Half of American adults hacked this year. Retrieved from http://money.cnn.com/2014/05/28/technology/security/hack-data-breach/
*Ponemon Institute. (2015, May). 2015 Cost of data breach study: United States. Retrieved from IBM website: http://public.dhe.ibm.com/common/ssi/ecm/se/en/sew03055usen/SEW03055USEN.PDF
Simon, G. K. (2010). In sheep’s clothing: Understanding and dealing with manipulative people (2nd ed.). Little Rock, AR: Parkurst Brothers.
*Statista. (2015, August). Number of compromised data records in selected data breaches as of August 2015. Retrieved from http://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/
Yang, J. L., & Jayakumar, A. (2014, January 10). Target says up to 70 million more customers were hit by December data breach. Retrieved from http://www.washingtonpost.com/business/economy/target-says-70-million-customers-were-hit-by-dec-data-breach-more-than-first-reported/2014/01/10/0ada1026-79fe-11e3-8963-b4b654bcc9b2_story.html
Al-Johani, A. A., & Al-Msloum, A. S. (2013, November). Social engineering risks in the contemporary reality and methods of fighting these risks. International Journal of Academic Research, 5(6), 265-272. http://dx.doi.org/10.7813/2075-4124.2013/5-6/A.33
Allen, M. (2006, June). Social engineering: A means to violate a computer system. Retrieved from https://www.sans.org/reading-room/whitepapers/engineering/social-engineering-means-violate-computer-system-529
Bavisi, S. (2013). Penetration testing. In J. Vacca (Ed.), Computer and information security handbook (2nd ed., p. 535). Boston, MA: Morgan Kaufmann.
Bidgoli, H (Ed.). (2006). Handbook of information security: Threats, vulnerabilities, prevention, and management. Hoboken, NJ: John Wiley & Sons.
CBS. (2015, March 3). These cybercrime statistics will make you think twice about your password: Where’s the CSI cyber team when you need them? Retrieved from http://www.cbs.com/shows/csi-cyber/news/1003888/these-cybercrime-statistics-will-make-you-think-twice-about-your-password-where-s-the-csi-cyber-team-when-you-need-them-/
Chen, T., & Walsh, P. (2013). Guarding against network intrusions. In J. Vacca (Ed.), Computer and information security handbook (2nd ed., p. 83). Boston, MA: Morgan Kaufmann.
Crank, C. (2014, June 30). Social engineering: How it’s used to gain cyber information. Retrieved from http://www.scmagazine.com/social-engineering-how-its-used-to-gain-cyber-information/article/358339/
Criddle, L. (2015). What is social engineering? Retrieved from http://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering
DiBello, A. (2014, December 29). Social engineering will ramp up in 2015. Retrieved from http://www.scmagazine.com/social-engineering-will-ramp-up-in-2015/article/389169/
El Emary, I., Shalhoub, M., Arif, M., Alsereihy, H., Shalhoub, L., & Al-Sahhaf, N. (2013, January). Social engineering and its effective role in securing and defending the knowledge community. International Journal of Academic Research, 5(1), 95-100. http://dx.doi.org/10.7813/2075-4124.2013/5-1/A.15
Goodrich, M., & Tamassia, R. (2011). Introduction to computer security. Boston, MA: Pearson.
Greabu-Serban, V., & Serban, O. (2014). Social engineering a general approach. Informatica Economica, 18(2), 5-14. http://dx.doi.org/10.12948/issn14531305/18.2.2014.01
Hadnagy, C. (2010). Social engineering: The art of human hacking. Indianapolis, IN: Wiley
Hadnagy, C. (2014). Unmasking the social engineer: The human element of security. Indianapolis, IN: John Wiley & Sons.
Harley, D. (1998). Re-floating the Titanic: Dealing with social engineering attacks. In EICAR 98 Conference Proceedings [Compact disk]. EICAR. Retrieved from http://cluestick.info/hoax/harley_eicar98.htm
Harman, P. (2015, May 13). Businesses beware: Social engineering fraud could cost you millions. Claims Magazine, 63(6), 12-13. Retrieved from http://www.propertycasualty360.com/2015/05/13/businesses-beware-social-engineering-fraud-could-c
Harman, P. (2015, August 7). Social engineering scams: How hackers are stealing from your clients. Retrieved from http://www.propertycasualty360.com/2015/08/07/social-engineering-scams-how-hackers-are-stealing
Harman, P. (2015, October 2). Cyber crime: The gift that keeps on giving. Retrieved from http://www.propertycasualty360.com/2015/10/02/cyber-crime-the-gift-that-keeps-on-giving
Honan, B. (2015, August 6). Ubiquiti Networks victim of $39 million social engineering attack. Retrieved from http://www.csoonline.com/article/2961066/supply-chain-security/ubiquiti-networks-victim-of-39-million-social-engineering-attack.html
*IBM Security. (2015). IBM 2015 cyber security intelligence index. Retrieved from IBM website: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03073USEN&attachment=SEW03073USEN.PDF
Lascano, S. (2014, September 4). Malware bypasses Chrome extension security feature. Retrieved from http://blog.trendmicro.com/trendlabs-security-intelligence/malware-bypasses-chrome-extension-security-feature/
Lieu, C. (2002). Social engineering - attacking the weakest link. Retrieved from https://www.giac.org/paper/gsec/2082/social-engineering-attacking-weakest-link/103563
Mitnick, K. D., & Simon, W. L. (2003). The art of deception: Controlling the human element of security. Indianapolis, IN: Wiley.
Patil, H., Wing, D., & Chen, T. (2013). VoIP security. In J. Vacca (Ed.), Computer and information security handbook (2nd ed., pp. 877-878). Boston, MA: Morgan Kaufmann.
Peters, S. (2015, March 17). The 7 best social engineering attacks ever. Retrieved from http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411
Social-Engineer.Org. (2014, April 28). The social engineering infographic. Retrieved from http://www.social-engineer.org/social-engineering/social-engineering-infographic/
Swanson, C., Chamelin, N., Territo, L., & Taylor, R. (2011). Criminal investigation (11th ed.). New York, NY: McGraw-Hill.
Valacich, J., & Schneider, C. (2014). Information systems today: Managing in the digital world (6th ed.). Boston, MA: Pearson.
Walker, D. (2014, May 29). Iranian spies bait U.S. officials in years-long social engineering scheme. Retrieved from http://www.scmagazine.com/iranian-spies-bait-us-officials-in-years-long-social-engineering-scheme/article/349079/
Walker, D. (2014, June 11). Clandestine Fox attack op uses social engineering to woo new victims. Retrieved from http://www.scmagazine.com/clandestine-fox-attack-op-uses-social-engineering-to-woo-new-victims/article/355318/
Webopedia. (n.d.). Social engineering. Retrieved from
Weise, E. (2014, September 24). 43% of companies had a data breach in the past year. Retrieved from http://www.usatoday.com/story/tech/2014/09/24/data-breach-companies-60/16106197/
Authors who submit papers with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
- By submitting the processing fee, it is understood that the author has agreed to our terms and conditions which may change from time to time without any notice.
- It should be clear for authors that the Editor In Chief is responsible for the final decision about the submitted papers; have the right to accept\reject any paper. The Editor In Chief will choose any option from the following to review the submitted papers:A. send the paper to two reviewers, if the results were negative by one reviewer and positive by the other one; then the editor may send the paper for third reviewer or he take immediately the final decision by accepting\rejecting the paper. The Editor In Chief will ask the selected reviewers to present the results within 7 working days, if they were unable to complete the review within the agreed period then the editor have the right to resend the papers for new reviewers using the same procedure. If the Editor In Chief was not able to find suitable reviewers for certain papers then he have the right to reject the paper.
- Author will take the responsibility what so ever if any copyright infringement or any other violation of any law is done by publishing the research work by the author
- Before publishing, author must check whether this journal is accepted by his employer, or any authority he intends to submit his research work. we will not be responsible in this matter.
- If at any time, due to any legal reason, if the journal stops accepting manuscripts or could not publish already accepted manuscripts, we will have the right to cancel all or any one of the manuscripts without any compensation or returning back any kind of processing cost.
- The cost covered in the publication fees is only for online publication of a single manuscript.