Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior

Eduardo Benavides-Astudillo; Luis Silva-Ordoñez; Ronny Rocohano-Rámos; Walter Fuertes; Félix Fernández-Peña; Sandra Sanchez-Gordon; Rodrigo Bastidas-Chalan

doi:10.1007/978-3-031-03884-6_26

Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior

Eduardo Benavides-Astudillo, Luis Silva-Ordoñez, Ronny Rocohano-Rámos, Walter Fuertes, Félix Fernández-Peña, Sandra Sanchez-Gordon, Rodrigo Bastidas-Chalan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

One of the most effective attacks on cybersecurity is Social Engineering, in which the attacker deceives an end-user to steal its credentials and perpetrate cyber-crimes. There are hardware and software countermeasures to deal with these types of attacks. However, people themselves are the most vulnerable link in this security chain. In addition, there are influencing factors in people’s behavior, which make them more vulnerable. This study aims to determine the most common characteristics that make users vulnerable, either individually or in groups. For this, we conduct an exploratory and descriptive study on administrative, lecturers, and students of a higher education institution on four scales that consider the following behaviors: risk behavior, conservative behavior, exposure to offense, and perception of risk. The results obtained show that users with risky behavior are the most exposed to a Social Engineering attack. We also concluded that the analyzed groups of lecturers and administrators are less likely to be victims of these attacks than students. Finally, we inferred that people who spend more time in front of a computer and are more permissive of risky behaviors are more vulnerable to these attacks.

Original language	English
Title of host publication	Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings
Editors	Miguel Botto-Tobar, Sergio Montes León, Pablo Torres-Carrión, Marcelo Zambrano Vizuete, Benjamin Durakovic
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	351-364
Number of pages	14
ISBN (Print)	9783031038839
DOIs	https://doi.org/10.1007/978-3-031-03884-6_26
State	Published - 2022
Externally published	Yes
Event	3rd International Conference on Applied Technologies, ICAT 2021 - Quito, Ecuador Duration: 27 Oct 2021 → 29 Oct 2021

Publication series

Name	Communications in Computer and Information Science
Volume	1535 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	3rd International Conference on Applied Technologies, ICAT 2021
Country/Territory	Ecuador
City	Quito
Period	27/10/21 → 29/10/21

Bibliographical note

Funding Information:
The authors would like to thank the Universidad de las Fuerzas Armadas-ESPE of Sangolquí, Ecuador, for the resources granted to develop the research project entitled: “Detection and Mitigation of Social Engineering attacks applying Cognitive Security”, coded as PIC-2020-SOCIAL-ENGINEERING.

Publisher Copyright:
© 2022, Springer Nature Switzerland AG.

Keywords

Cybersecurity
Risk
Social Engineering
User behavior
Vulnerabilities

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-031-03884-6_26

Cite this

Benavides-Astudillo, E., Silva-Ordoñez, L., Rocohano-Rámos, R., Fuertes, W., Fernández-Peña, F., Sanchez-Gordon, S., & Bastidas-Chalan, R. (2022). Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior. In M. Botto-Tobar, S. Montes León, P. Torres-Carrión, M. Zambrano Vizuete, & B. Durakovic (Eds.), Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings (pp. 351-364). (Communications in Computer and Information Science; Vol. 1535 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-03884-6_26

Benavides-Astudillo, Eduardo ; Silva-Ordoñez, Luis ; Rocohano-Rámos, Ronny et al. / Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior. Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings. editor / Miguel Botto-Tobar ; Sergio Montes León ; Pablo Torres-Carrión ; Marcelo Zambrano Vizuete ; Benjamin Durakovic. Springer Science and Business Media Deutschland GmbH, 2022. pp. 351-364 (Communications in Computer and Information Science).

@inproceedings{d0dd972e27f84185b9304285203ebfc7,

title = "Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior",

abstract = "One of the most effective attacks on cybersecurity is Social Engineering, in which the attacker deceives an end-user to steal its credentials and perpetrate cyber-crimes. There are hardware and software countermeasures to deal with these types of attacks. However, people themselves are the most vulnerable link in this security chain. In addition, there are influencing factors in people{\textquoteright}s behavior, which make them more vulnerable. This study aims to determine the most common characteristics that make users vulnerable, either individually or in groups. For this, we conduct an exploratory and descriptive study on administrative, lecturers, and students of a higher education institution on four scales that consider the following behaviors: risk behavior, conservative behavior, exposure to offense, and perception of risk. The results obtained show that users with risky behavior are the most exposed to a Social Engineering attack. We also concluded that the analyzed groups of lecturers and administrators are less likely to be victims of these attacks than students. Finally, we inferred that people who spend more time in front of a computer and are more permissive of risky behaviors are more vulnerable to these attacks.",

keywords = "Cybersecurity, Risk, Social Engineering, User behavior, Vulnerabilities",

author = "Eduardo Benavides-Astudillo and Luis Silva-Ordo{\~n}ez and Ronny Rocohano-R{\'a}mos and Walter Fuertes and F{\'e}lix Fern{\'a}ndez-Pe{\~n}a and Sandra Sanchez-Gordon and Rodrigo Bastidas-Chalan",

note = "Publisher Copyright: {\textcopyright} 2022, Springer Nature Switzerland AG.; null ; Conference date: 27-10-2021 Through 29-10-2021",

year = "2022",

doi = "10.1007/978-3-031-03884-6_26",

language = "English",

isbn = "9783031038839",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "351--364",

editor = "Miguel Botto-Tobar and {Montes Le{\'o}n}, Sergio and Pablo Torres-Carri{\'o}n and {Zambrano Vizuete}, Marcelo and Benjamin Durakovic",

booktitle = "Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings",

address = "Germany",

}

Benavides-Astudillo, E, Silva-Ordoñez, L, Rocohano-Rámos, R, Fuertes, W, Fernández-Peña, F, Sanchez-Gordon, S & Bastidas-Chalan, R 2022, Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior. in M Botto-Tobar, S Montes León, P Torres-Carrión, M Zambrano Vizuete & B Durakovic (eds), Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings. Communications in Computer and Information Science, vol. 1535 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 351-364, 3rd International Conference on Applied Technologies, ICAT 2021, Quito, Ecuador, 27/10/21. https://doi.org/10.1007/978-3-031-03884-6_26

Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior. / Benavides-Astudillo, Eduardo; Silva-Ordoñez, Luis; Rocohano-Rámos, Ronny et al.

Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings. ed. / Miguel Botto-Tobar; Sergio Montes León; Pablo Torres-Carrión; Marcelo Zambrano Vizuete; Benjamin Durakovic. Springer Science and Business Media Deutschland GmbH, 2022. p. 351-364 (Communications in Computer and Information Science; Vol. 1535 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior

AU - Benavides-Astudillo, Eduardo

AU - Silva-Ordoñez, Luis

AU - Rocohano-Rámos, Ronny

AU - Fuertes, Walter

AU - Fernández-Peña, Félix

AU - Sanchez-Gordon, Sandra

AU - Bastidas-Chalan, Rodrigo

PY - 2022

Y1 - 2022

N2 - One of the most effective attacks on cybersecurity is Social Engineering, in which the attacker deceives an end-user to steal its credentials and perpetrate cyber-crimes. There are hardware and software countermeasures to deal with these types of attacks. However, people themselves are the most vulnerable link in this security chain. In addition, there are influencing factors in people’s behavior, which make them more vulnerable. This study aims to determine the most common characteristics that make users vulnerable, either individually or in groups. For this, we conduct an exploratory and descriptive study on administrative, lecturers, and students of a higher education institution on four scales that consider the following behaviors: risk behavior, conservative behavior, exposure to offense, and perception of risk. The results obtained show that users with risky behavior are the most exposed to a Social Engineering attack. We also concluded that the analyzed groups of lecturers and administrators are less likely to be victims of these attacks than students. Finally, we inferred that people who spend more time in front of a computer and are more permissive of risky behaviors are more vulnerable to these attacks.

AB - One of the most effective attacks on cybersecurity is Social Engineering, in which the attacker deceives an end-user to steal its credentials and perpetrate cyber-crimes. There are hardware and software countermeasures to deal with these types of attacks. However, people themselves are the most vulnerable link in this security chain. In addition, there are influencing factors in people’s behavior, which make them more vulnerable. This study aims to determine the most common characteristics that make users vulnerable, either individually or in groups. For this, we conduct an exploratory and descriptive study on administrative, lecturers, and students of a higher education institution on four scales that consider the following behaviors: risk behavior, conservative behavior, exposure to offense, and perception of risk. The results obtained show that users with risky behavior are the most exposed to a Social Engineering attack. We also concluded that the analyzed groups of lecturers and administrators are less likely to be victims of these attacks than students. Finally, we inferred that people who spend more time in front of a computer and are more permissive of risky behaviors are more vulnerable to these attacks.

KW - Cybersecurity

KW - Risk

KW - Social Engineering

KW - User behavior

KW - Vulnerabilities

UR - http://www.scopus.com/inward/record.url?scp=85128489723&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-03884-6_26

DO - 10.1007/978-3-031-03884-6_26

M3 - Conference contribution

AN - SCOPUS:85128489723

SN - 9783031038839

T3 - Communications in Computer and Information Science

SP - 351

EP - 364

BT - Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings

A2 - Botto-Tobar, Miguel

A2 - Montes León, Sergio

A2 - Torres-Carrión, Pablo

A2 - Zambrano Vizuete, Marcelo

A2 - Durakovic, Benjamin

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 27 October 2021 through 29 October 2021

ER -

Benavides-Astudillo E, Silva-Ordoñez L, Rocohano-Rámos R, Fuertes W, Fernández-Peña F, Sanchez-Gordon S et al. Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior. In Botto-Tobar M, Montes León S, Torres-Carrión P, Zambrano Vizuete M, Durakovic B, editors, Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 351-364. (Communications in Computer and Information Science). doi: 10.1007/978-3-031-03884-6_26

Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior

Abstract

Publication series

Conference

Bibliographical note

Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this