One of the most effective attacks on cybersecurity is Social Engineering, in which the attacker deceives an end-user to steal its credentials and perpetrate cyber-crimes. There are hardware and software countermeasures to deal with these types of attacks. However, people themselves are the most vulnerable link in this security chain. In addition, there are influencing factors in people’s behavior, which make them more vulnerable. This study aims to determine the most common characteristics that make users vulnerable, either individually or in groups. For this, we conduct an exploratory and descriptive study on administrative, lecturers, and students of a higher education institution on four scales that consider the following behaviors: risk behavior, conservative behavior, exposure to offense, and perception of risk. The results obtained show that users with risky behavior are the most exposed to a Social Engineering attack. We also concluded that the analyzed groups of lecturers and administrators are less likely to be victims of these attacks than students. Finally, we inferred that people who spend more time in front of a computer and are more permissive of risky behaviors are more vulnerable to these attacks.
|Title of host publication||Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings|
|Editors||Miguel Botto-Tobar, Sergio Montes León, Pablo Torres-Carrión, Marcelo Zambrano Vizuete, Benjamin Durakovic|
|Publisher||Springer Science and Business Media Deutschland GmbH|
|Number of pages||14|
|State||Published - 2022|
|Event||3rd International Conference on Applied Technologies, ICAT 2021 - Quito, Ecuador|
Duration: 27 Oct 2021 → 29 Oct 2021
|Name||Communications in Computer and Information Science|
|Conference||3rd International Conference on Applied Technologies, ICAT 2021|
|Period||27/10/21 → 29/10/21|
Bibliographical noteFunding Information:
The authors would like to thank the Universidad de las Fuerzas Armadas-ESPE of Sangolquí, Ecuador, for the resources granted to develop the research project entitled: “Detection and Mitigation of Social Engineering attacks applying Cognitive Security”, coded as PIC-2020-SOCIAL-ENGINEERING.
© 2022, Springer Nature Switzerland AG.
- Social Engineering
- User behavior