Reducing the risk of social engineering attacks using SOAR measures in a real world environment: A case study

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-09-28 DOI:10.1016/j.cose.2024.104137

Sandro Waelchli , Yoshija Walter

{"title":"Reducing the risk of social engineering attacks using SOAR measures in a real world environment: A case study","authors":"Sandro Waelchli , Yoshija Walter","doi":"10.1016/j.cose.2024.104137","DOIUrl":null,"url":null,"abstract":"<div><div>The global cost of successful cyberattacks is increasing annually, with there being a shift towards social engineering threats in recent years. Cybercriminals are increasingly targeting humans rather than technical systems, recognizing data as a critical resource, especially in the finance industry where breaches can lead to substantial losses and reputational damage. The present case study proposes measures to reduce human susceptibility to social engineering attacks, leveraging SOAR (Security Automation, Orchestration, and Response) technology for incident response automation. The study covers various issues in cybersecurity, SOAR, and social engineering, through analyzing interviews with expert practitioners in the field, addressing cybersecurity skills shortages and current cyber threats. Four social engineering vignettes were developed, representing real threats, along with specific SOAR measures implemented using Microsoft Sentinel. These measures were simulated to demonstrate their effectiveness by reducing the employee's vulnerability to social engineering attacks. The risk of social engineering attacks was successfully reduced by implementing a responsive approach through the developed SOAR measures. Some of the measures reduced the risk by locking user accounts or forcing password changes after a detected cyber incident while another measure was developed for awareness enhancements. Given the current shortage of cybersecurity professionals, technologies like SOAR are becoming increasingly relevant for security teams. However, SOAR alone cannot address all challenges posed by social engineering and should be viewed as a complementary measure rather than a standalone solution.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104137"},"PeriodicalIF":4.8000,"publicationDate":"2024-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004425","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The global cost of successful cyberattacks is increasing annually, with there being a shift towards social engineering threats in recent years. Cybercriminals are increasingly targeting humans rather than technical systems, recognizing data as a critical resource, especially in the finance industry where breaches can lead to substantial losses and reputational damage. The present case study proposes measures to reduce human susceptibility to social engineering attacks, leveraging SOAR (Security Automation, Orchestration, and Response) technology for incident response automation. The study covers various issues in cybersecurity, SOAR, and social engineering, through analyzing interviews with expert practitioners in the field, addressing cybersecurity skills shortages and current cyber threats. Four social engineering vignettes were developed, representing real threats, along with specific SOAR measures implemented using Microsoft Sentinel. These measures were simulated to demonstrate their effectiveness by reducing the employee's vulnerability to social engineering attacks. The risk of social engineering attacks was successfully reduced by implementing a responsive approach through the developed SOAR measures. Some of the measures reduced the risk by locking user accounts or forcing password changes after a detected cyber incident while another measure was developed for awareness enhancements. Given the current shortage of cybersecurity professionals, technologies like SOAR are becoming increasingly relevant for security teams. However, SOAR alone cannot address all challenges posed by social engineering and should be viewed as a complementary measure rather than a standalone solution.

查看原文本刊更多论文

在现实环境中使用 SOAR 措施降低社会工程学攻击的风险：案例研究

全球网络攻击的成功成本每年都在增加，近年来正向社交工程威胁转变。网络犯罪分子越来越多地将目标对准人类，而不是技术系统，因为他们认识到数据是一种关键资源，尤其是在金融行业，数据泄露会导致重大损失和声誉受损。本案例研究提出了一些措施，利用 SOAR（安全自动化、协调和响应）技术实现事件响应自动化，降低人类对社交工程攻击的易感性。本研究通过分析对该领域专家从业人员的访谈，探讨了网络安全技能短缺和当前网络威胁，涵盖了网络安全、SOAR 和社会工程学方面的各种问题。我们开发了四个社会工程案例，代表了真实的威胁，以及使用 Microsoft Sentinel 实施的具体 SOAR 措施。对这些措施进行了模拟，以展示其有效性，减少员工遭受社交工程攻击的可能性。通过所制定的 SOAR 措施实施响应方法，成功降低了社交工程攻击的风险。其中一些措施通过锁定用户账户或在检测到网络事件后强制更改密码来降低风险，而另一项措施则是为增强意识而制定的。鉴于目前网络安全专业人员的短缺，SOAR 等技术对安全团队的意义日益重大。然而，单靠 SOAR 无法应对社会工程学带来的所有挑战，应将其视为一种补充措施，而非独立的解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.