Next Article in Journal
An Overview on Push-Based Communication Models for Information-Centric Networking
Next Article in Special Issue
eHealth Integrity Model Based on Permissioned Blockchain
Previous Article in Journal
Environmental Hazards: A Coverage Response Approach
Previous Article in Special Issue
Smart System for Prediction of Accurate Surface Electromyography Signals Using an Artificial Neural Network
Article Menu
Issue 3 (March) cover image

Export Article

Open AccessReview
Future Internet 2019, 11(3), 73; https://doi.org/10.3390/fi11030073

Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues

School of Electrical Engineering and Computing, University of Newcastle, Newcastle 2308, Australia
*
Authors to whom correspondence should be addressed.
Received: 7 February 2019 / Revised: 11 March 2019 / Accepted: 13 March 2019 / Published: 18 March 2019
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
  |  
PDF [551 KB, uploaded 18 March 2019]
  |  

Abstract

The idea and perception of good cyber security protection remains at the forefront of many organizations’ information and communication technology strategy and investment. However, delving deeper into the details of its implementation reveals that organizations’ human capital cyber security knowledge bases are very low. In particular, the lack of social engineering awareness is a concern in the context of human cyber security risks. This study highlights pitfalls and ongoing issues that organizations encounter in the process of developing the human knowledge to protect from social engineering attacks. A detailed literature review is provided to support these arguments with analysis of contemporary approaches. The findings show that despite state-of-the-art cyber security preparations and trained personnel, hackers are still successful in their malicious acts of stealing sensitive information that is crucial to organizations. The factors influencing users’ proficiency in threat detection and mitigation have been identified as business environmental, social, political, constitutional, organizational, economical, and personal. Challenges with respect to both traditional and modern tools have been analyzed to suggest the need for profiling at-risk employees (including new hires) and developing training programs at each level of the hierarchy to ensure that the hackers do not succeed. View Full-Text
Keywords: cyber security social engineering; training and awareness programs challenges; information security awareness programs cyber security social engineering; training and awareness programs challenges; information security awareness programs
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Aldawood, H.; Skinner, G. Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues. Future Internet 2019, 11, 73.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top