Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior

Eduardo Benavides-Astudillo; Luis Silva-Ordoñez; Ronny Rocohano-Rámos; Walter Fuertes; Félix Fernández-Peña; Sandra Sanchez-Gordon; Rodrigo Bastidas-Chalan

doi:10.1007/978-3-031-03884-6_26

Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior

Eduardo Benavides-Astudillo, Luis Silva-Ordoñez, Ronny Rocohano-Rámos, Walter Fuertes, Félix Fernández-Peña, Sandra Sanchez-Gordon, Rodrigo Bastidas-Chalan

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución de conferencia › revisión exhaustiva

3 Citas (Scopus)

Resumen

One of the most effective attacks on cybersecurity is Social Engineering, in which the attacker deceives an end-user to steal its credentials and perpetrate cyber-crimes. There are hardware and software countermeasures to deal with these types of attacks. However, people themselves are the most vulnerable link in this security chain. In addition, there are influencing factors in people’s behavior, which make them more vulnerable. This study aims to determine the most common characteristics that make users vulnerable, either individually or in groups. For this, we conduct an exploratory and descriptive study on administrative, lecturers, and students of a higher education institution on four scales that consider the following behaviors: risk behavior, conservative behavior, exposure to offense, and perception of risk. The results obtained show that users with risky behavior are the most exposed to a Social Engineering attack. We also concluded that the analyzed groups of lecturers and administrators are less likely to be victims of these attacks than students. Finally, we inferred that people who spend more time in front of a computer and are more permissive of risky behaviors are more vulnerable to these attacks.

Idioma original	Inglés
Título de la publicación alojada	Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings
Editores	Miguel Botto-Tobar, Sergio Montes León, Pablo Torres-Carrión, Marcelo Zambrano Vizuete, Benjamin Durakovic
Editorial	Springer Science and Business Media Deutschland GmbH
Páginas	351-364
Número de páginas	14
ISBN (versión impresa)	9783031038839
DOI	https://doi.org/10.1007/978-3-031-03884-6_26
Estado	Publicada - 2022
Publicado de forma externa	Sí
Evento	3rd International Conference on Applied Technologies, ICAT 2021 - Quito, Ecuador Duración: 27 oct. 2021 → 29 oct. 2021

Serie de la publicación

Nombre	Communications in Computer and Information Science
Volumen	1535 CCIS
ISSN (versión impresa)	1865-0929
ISSN (versión digital)	1865-0937

Conferencia

Conferencia	3rd International Conference on Applied Technologies, ICAT 2021
País/Territorio	Ecuador
Ciudad	Quito
Período	27/10/21 → 29/10/21

Nota bibliográfica

Publisher Copyright:
© 2022, Springer Nature Switzerland AG.

ODS de las Naciones Unidas

Este resultado contribuye a los siguientes Objetivos de Desarrollo Sostenible

Acceder al documento

10.1007/978-3-031-03884-6_26

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

Benavides-Astudillo, E., Silva-Ordoñez, L., Rocohano-Rámos, R., Fuertes, W., Fernández-Peña, F., Sanchez-Gordon, S., & Bastidas-Chalan, R. (2022). Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior. En M. Botto-Tobar, S. Montes León, P. Torres-Carrión, M. Zambrano Vizuete, & B. Durakovic (Eds.), Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings (pp. 351-364). (Communications in Computer and Information Science; Vol. 1535 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-03884-6_26

Benavides-Astudillo, Eduardo ; Silva-Ordoñez, Luis ; Rocohano-Rámos, Ronny et al. / Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior. Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings. editor / Miguel Botto-Tobar ; Sergio Montes León ; Pablo Torres-Carrión ; Marcelo Zambrano Vizuete ; Benjamin Durakovic. Springer Science and Business Media Deutschland GmbH, 2022. pp. 351-364 (Communications in Computer and Information Science).

@inproceedings{d0dd972e27f84185b9304285203ebfc7,

title = "Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior",

abstract = "One of the most effective attacks on cybersecurity is Social Engineering, in which the attacker deceives an end-user to steal its credentials and perpetrate cyber-crimes. There are hardware and software countermeasures to deal with these types of attacks. However, people themselves are the most vulnerable link in this security chain. In addition, there are influencing factors in people{\textquoteright}s behavior, which make them more vulnerable. This study aims to determine the most common characteristics that make users vulnerable, either individually or in groups. For this, we conduct an exploratory and descriptive study on administrative, lecturers, and students of a higher education institution on four scales that consider the following behaviors: risk behavior, conservative behavior, exposure to offense, and perception of risk. The results obtained show that users with risky behavior are the most exposed to a Social Engineering attack. We also concluded that the analyzed groups of lecturers and administrators are less likely to be victims of these attacks than students. Finally, we inferred that people who spend more time in front of a computer and are more permissive of risky behaviors are more vulnerable to these attacks.",

keywords = "Cybersecurity, Risk, Social Engineering, User behavior, Vulnerabilities",

author = "Eduardo Benavides-Astudillo and Luis Silva-Ordo{\~n}ez and Ronny Rocohano-R{\'a}mos and Walter Fuertes and F{\'e}lix Fern{\'a}ndez-Pe{\~n}a and Sandra Sanchez-Gordon and Rodrigo Bastidas-Chalan",

note = "Publisher Copyright: {\textcopyright} 2022, Springer Nature Switzerland AG.; 3rd International Conference on Applied Technologies, ICAT 2021 ; Conference date: 27-10-2021 Through 29-10-2021",

year = "2022",

doi = "10.1007/978-3-031-03884-6_26",

language = "English",

isbn = "9783031038839",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "351--364",

editor = "Miguel Botto-Tobar and {Montes Le{\'o}n}, Sergio and Pablo Torres-Carri{\'o}n and {Zambrano Vizuete}, Marcelo and Benjamin Durakovic",

booktitle = "Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings",

address = "Germany",

}

Benavides-Astudillo, E, Silva-Ordoñez, L, Rocohano-Rámos, R, Fuertes, W, Fernández-Peña, F, Sanchez-Gordon, S & Bastidas-Chalan, R 2022, Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior. En M Botto-Tobar, S Montes León, P Torres-Carrión, M Zambrano Vizuete & B Durakovic (eds.), Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings. Communications in Computer and Information Science, vol. 1535 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 351-364, 3rd International Conference on Applied Technologies, ICAT 2021, Quito, Ecuador, 27/10/21. https://doi.org/10.1007/978-3-031-03884-6_26

Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior. / Benavides-Astudillo, Eduardo; Silva-Ordoñez, Luis; Rocohano-Rámos, Ronny et al.
Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings. ed. / Miguel Botto-Tobar; Sergio Montes León; Pablo Torres-Carrión; Marcelo Zambrano Vizuete; Benjamin Durakovic. Springer Science and Business Media Deutschland GmbH, 2022. p. 351-364 (Communications in Computer and Information Science; Vol. 1535 CCIS).

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución de conferencia › revisión exhaustiva

TY - GEN

T1 - Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior

AU - Benavides-Astudillo, Eduardo

AU - Silva-Ordoñez, Luis

AU - Rocohano-Rámos, Ronny

AU - Fuertes, Walter

AU - Fernández-Peña, Félix

AU - Sanchez-Gordon, Sandra

AU - Bastidas-Chalan, Rodrigo

PY - 2022

Y1 - 2022

N2 - One of the most effective attacks on cybersecurity is Social Engineering, in which the attacker deceives an end-user to steal its credentials and perpetrate cyber-crimes. There are hardware and software countermeasures to deal with these types of attacks. However, people themselves are the most vulnerable link in this security chain. In addition, there are influencing factors in people’s behavior, which make them more vulnerable. This study aims to determine the most common characteristics that make users vulnerable, either individually or in groups. For this, we conduct an exploratory and descriptive study on administrative, lecturers, and students of a higher education institution on four scales that consider the following behaviors: risk behavior, conservative behavior, exposure to offense, and perception of risk. The results obtained show that users with risky behavior are the most exposed to a Social Engineering attack. We also concluded that the analyzed groups of lecturers and administrators are less likely to be victims of these attacks than students. Finally, we inferred that people who spend more time in front of a computer and are more permissive of risky behaviors are more vulnerable to these attacks.

AB - One of the most effective attacks on cybersecurity is Social Engineering, in which the attacker deceives an end-user to steal its credentials and perpetrate cyber-crimes. There are hardware and software countermeasures to deal with these types of attacks. However, people themselves are the most vulnerable link in this security chain. In addition, there are influencing factors in people’s behavior, which make them more vulnerable. This study aims to determine the most common characteristics that make users vulnerable, either individually or in groups. For this, we conduct an exploratory and descriptive study on administrative, lecturers, and students of a higher education institution on four scales that consider the following behaviors: risk behavior, conservative behavior, exposure to offense, and perception of risk. The results obtained show that users with risky behavior are the most exposed to a Social Engineering attack. We also concluded that the analyzed groups of lecturers and administrators are less likely to be victims of these attacks than students. Finally, we inferred that people who spend more time in front of a computer and are more permissive of risky behaviors are more vulnerable to these attacks.

KW - Cybersecurity

KW - Risk

KW - Social Engineering

KW - User behavior

KW - Vulnerabilities

UR - http://www.scopus.com/inward/record.url?scp=85128489723&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-03884-6_26

DO - 10.1007/978-3-031-03884-6_26

M3 - Conference contribution

AN - SCOPUS:85128489723

SN - 9783031038839

T3 - Communications in Computer and Information Science

SP - 351

EP - 364

BT - Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings

A2 - Botto-Tobar, Miguel

A2 - Montes León, Sergio

A2 - Torres-Carrión, Pablo

A2 - Zambrano Vizuete, Marcelo

A2 - Durakovic, Benjamin

PB - Springer Science and Business Media Deutschland GmbH

T2 - 3rd International Conference on Applied Technologies, ICAT 2021

Y2 - 27 October 2021 through 29 October 2021

ER -

Benavides-Astudillo E, Silva-Ordoñez L, Rocohano-Rámos R, Fuertes W, Fernández-Peña F, Sanchez-Gordon S et al. Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior. En Botto-Tobar M, Montes León S, Torres-Carrión P, Zambrano Vizuete M, Durakovic B, editores, Applied Technologies - 3rd International Conference, ICAT 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 351-364. (Communications in Computer and Information Science). doi: 10.1007/978-3-031-03884-6_26

Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior

Resumen

Serie de la publicación

Conferencia

Nota bibliográfica

ODS de las Naciones Unidas

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto