Common Techniques, Success Attack Factors and Obstacles to Social Engineering: A Systematic Literature Review

Q1 Multidisciplinary
António Lopes, H. Mamede, Leonilde Reis, Arnaldo Santos
{"title":"Common Techniques, Success Attack Factors and Obstacles to Social Engineering: A Systematic Literature Review","authors":"António Lopes, H. Mamede, Leonilde Reis, Arnaldo Santos","doi":"10.28991/esj-2024-08-02-025","DOIUrl":null,"url":null,"abstract":"Knowledge of Social Engineering is crucial to prevent potential attacks related to organizational Information Security. The objective of this paper aims to identify the most common social engineering techniques, success attack factors, and obstacles, as well as the good practices and frameworks that could be adopted concerning their mitigation. As an analysis methodology, a Systematic Literature Review was carried out. The findings revealed that the discussion about SE attacks has increased and that the most imminent threat is phishing. Exploiting human vulnerabilities is a growing threat when the attack is not carried out directly through technical means. There continue to be more technical attacks than non-technical attacks. Encouraging organizational security prevention, like training, education, technical controls, process development, defense in detail, and the development of security policies, should be considered mitigating factors for the negative impact of SE attacks. Most SE frameworks/models are focused on attack techniques and methods, mostly on technical components, decorating human factor. As a novelty, we found the opportunity to develop a new framework that could improve coverage of the gaps found, supported on security international standards, that could help and support researchers in developing their work, understanding open research topics, and providing a clearer understanding of this type of threat. Doi: 10.28991/ESJ-2024-08-02-025 Full Text: PDF","PeriodicalId":11586,"journal":{"name":"Emerging Science Journal","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Emerging Science Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.28991/esj-2024-08-02-025","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Multidisciplinary","Score":null,"Total":0}
引用次数: 0

Abstract

Knowledge of Social Engineering is crucial to prevent potential attacks related to organizational Information Security. The objective of this paper aims to identify the most common social engineering techniques, success attack factors, and obstacles, as well as the good practices and frameworks that could be adopted concerning their mitigation. As an analysis methodology, a Systematic Literature Review was carried out. The findings revealed that the discussion about SE attacks has increased and that the most imminent threat is phishing. Exploiting human vulnerabilities is a growing threat when the attack is not carried out directly through technical means. There continue to be more technical attacks than non-technical attacks. Encouraging organizational security prevention, like training, education, technical controls, process development, defense in detail, and the development of security policies, should be considered mitigating factors for the negative impact of SE attacks. Most SE frameworks/models are focused on attack techniques and methods, mostly on technical components, decorating human factor. As a novelty, we found the opportunity to develop a new framework that could improve coverage of the gaps found, supported on security international standards, that could help and support researchers in developing their work, understanding open research topics, and providing a clearer understanding of this type of threat. Doi: 10.28991/ESJ-2024-08-02-025 Full Text: PDF
社会工程学的常用技术、成功攻击因素和障碍:系统文献综述
社会工程学知识对于防止与组织信息安全有关的潜在攻击至关重要。本文旨在确定最常见的社会工程学技术、成功攻击因素和障碍,以及在缓解这些问题方面可采用的良好做法和框架。作为分析方法,本文进行了系统的文献综述。研究结果表明,关于社会性攻击的讨论越来越多,而最紧迫的威胁是网络钓鱼。当攻击不是直接通过技术手段进行时,利用人的弱点是一种日益严重的威胁。技术攻击仍然多于非技术攻击。鼓励组织安全预防,如培训、教育、技术控制、流程开发、细节防御和制定安全策略,应被视为减轻 SE 攻击负面影响的因素。大多数 SE 框架/模型都侧重于攻击技术和方法,主要是技术部分,而忽略了人的因素。作为一个新事物,我们发现有机会开发一个新的框架,该框架可以在安全国际标准的支持下,改善所发现差距的覆盖范围,帮助和支持研究人员开展工作,了解开放式研究课题,并提供对此类威胁的更清晰的认识。Doi: 10.28991/ESJ-2024-08-02-025 全文:PDF
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Emerging Science Journal
Emerging Science Journal Multidisciplinary-Multidisciplinary
CiteScore
5.40
自引率
0.00%
发文量
155
审稿时长
10 weeks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信