SlideShare a Scribd company logo

Social Engineering threats and Countermeasures in SHCT

Download as DOCX, PDF
I
ijcnes

Computers have become such a big part of everyday life everywhere - Computer security and threat prevention is essential for individuals and organizations. And organizations are taking computer security more seriously to protect their information systems at different levels starting from physical, Personal, procedural and/up to technical level. The measures at all these levels have made the business world more effective (but not completely) at blocking inside and outside threats. These measures have made it increasingly difficult for hackers or viruses to penetrate systems. The threat to the organization is more from insiders than outsiders, in this paper we will analyze what are the internal threats in organizations, why are we defenseless and allow threats to realize and the best practices to secure our organization�s data from inside threats

Engineering
1 of 3
Integrated Intelligent Research (IIR) International Journal of Business Intelligents Volume: 06 Issue: 01 June 2017 Page No.06-08 ISSN: 2278-2400 6 Social Engineering threats and Countermeasures in SHCT Syed Mehr Ali shah, Aijaz Ahmed, Mir Abid Ali I.T Dept. Shinas College of Technology, Shinas, Oman Email: Syed.mehr@shct.edu.om, Aijaz.Ahmed@shct.edu.om, mir.ali@shct.edu.om Abstract — Computers have become such a big part of everyday life everywhere - Computer security and threat prevention is essential for individuals and organizations. And organizations are taking computer security more seriously to protect their information systems at different levels starting from physical, Personal, procedural and/up to technical level. The measures at all these levels have made the business world more effective (but not completely) at blocking inside and outside threats. These measures have made it increasingly difficult for hackers or viruses to penetrate systems. The threat to the organization is more from insiders than outsiders, in this paper we will analyze what are the internal threats in organizations, why are we defenseless and allow threats to realize and the best practices to secure our organization’s data from inside threats’. Keywords — Social engineering; Threats, Viruses I. INTRODUCTION Social Engineering utilizes personal error or oversight to gain and entry to any system in spite of the layers of defensive security controls that have been implemented via software or hardware [7]. The technology based and the human based deceptions are the two main types in which all social engineering strive can be grouped. Trespassers and hackers are on the lookout for ways to gain and entry to pricey resources such as computer systems or corporate or personal information that can be used by them maliciously for personal gain. A notable proportion of computer and organizational security professionals believe insider threat is the greatest risk to their enterprise, and more than 40% report that their greatest security concern is employees accidentally risk security through data leaks or similar mistake [AlgoSec 2013][3]. A previous report by the CERT® Insider Threat team, part of Carnegie Mellon University’s Software Engineering Institute, provided an initial examination of this problem. The infamous hacker “Kevin Mitnick”, in an interview with the BBC News Online [1], told that: The biggest hazard to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall. In fact, the biggest threat could be human. What I found personally to be true was that it's easier to manipulate people rather than technology. Most of the time organizations overlook that human element. So, the ultimate security wall is the human being, and if that person is duped, the gates are wide open for the intruder to take complete control over the computer which might have an important information. Safety specialist concur when it comes to identifying where security negligence can occur, and who causes them. Over time, the experts have come to the conclusion that despite the impression of the hacker being an outsider wanting to get ‘in’, the majority of violations are caused by either disgruntled employees or non-employees who have legitimate system access because of their job in the organization [8]. According to the FBI nearly 80% of all attacks are caused by such authorized users [4]. Hence, it is concluded that a proper training is needed for the inside people of an organization or an institution. II. OVERVIEW Research is the careful and critical enquiry in seeking facts for principles [6]. It can also say that research is the combination of both experience and reasoning and must be regarded as the most successful approach to discover the truth. And methodology is the set of criteria followed in a particular discipline. There are different research methods for investigation, for example Observation, Questionnaire, Interview, Analysis of records, Case study etc. These Methods and Techniques are used in performing research operation i.e. collection of data, statistical processing and analysis (test), to evaluate the accuracy of the results obtained. But we use a systematic approach for investigation that is based on mixed methodology as elaborated by Creswell [1]. In this mixed approach we use qualitative and quantitative method of research. In quantitative approach, measured and expressed in term of quantity. Quantitative research helps in précised measurement and knowing trends and changes over the time. The quantitative research is mainly concerned with quantifying relationship or to compare two or more groups [1]. The qualitative research is concerned with studying object in their natural setting. A qualitative research is attempted to
Integrated Intelligent Research (IIR) International Journal of Business Intelligents Volume: 06 Issue: 01 June 2017 Page No.06-08 ISSN: 2278-2400 7 interpret a phenomenon based on explanation that people brins to them [2]. This research will be taken in different segments. In first segment, a detailed and comprehensive literature study will be carried out to understand the Social engineer and its importance in any organization. In second phase that we select some methods and techniques for evaluation of the social engineer awareness in any organization or institution, there are different methods and techniques available for assessment but the we selected the questionnaires [3] and think aloud technique for testing. After performing the questionnaire which was distributed online to all end-users after that we took the interview from the selected end-users, in that way the result compiled qualitatively [5], for more validating this research the we conducted interviews with SHCT staff [Figure 1] illustrated the overview of the research methodology. The questionnaire consists of questions related to the amount of knowledge that the responders knew about Phishing, Strong Password requirements and viruses, these questions are of vital importance to find out if they are aware of new attack methods and thus vulnerable to these new types of attacks. We asked the respondents 3 questions related to Phishing. Questions which we asked to the respondent, 1. If they were aware of Phishing attack, 2. If they were aware of Phishing mail and 3. If they were aware of Phishing website. The average 52% of the respondents have answered “Yes”, and the remaining 48% have answered ‘NO’. The result shows that large number of respondents are not aware of Phishing We used another set of questions to find out if participants knowledge about importance password security. We asked them questions like “1. Which of the following meets the strong password requirement?”, “2. Do you use the same passwords for your work accounts as you do for your personal accounts at home, such as Facebook, Twitter or your personal email accounts?” The response shows that, 62% of the respondents do not know the requirements of the strong password and 32% of the respondents use the same password for different accounts. Finally, we wanted to know the respondent’s knowledge about viruses and Trojans. And we asked them few important questions like “1. How often do you read or update yourself regarding most destructive computer virus?”, “2. Have you ever found a virus or Trojan on your computer at work?”, “Do you know who to contact in case if your computer is infected?”. The result analysis shows that, 52% respondents were rarely update themselves and 12% did not update themselves at all. For the second question asked, 90% of the respondent answered that, their computer was infected, and 46% of the respondents do not know whom to contact if their computer is infected. We also conducted interviews with users in the college. We have shown interviewees the login page of a fake website which has the look and feel of a face book login page and asked them “have you ever seen this page”. The 100% interviewees answered that it is Facebook login page without checking the URL of the page. We gave the interviewees a scenario that, a mail from helpdesk asking you to reply with your personal details along with username and password of your email account within a stipulated time, otherwise your email account will be deleted. And we asked them “what should they do?”. 30% of the interviewees said that they will reply them back with the details. We gave the interviewee the following scenario. “We saw a case a while back where someone used their yahoo account at a computer lab on campus. She made sure her yahoo account was no longer open in the browser window before leaving the lab. Someone came in behind her and used the same browser to re-access her account. They started sending emails from it and caused all sorts of mayhem.”. And we asked them “what they think might
Integrated Intelligent Research (IIR) International Journal of Business Intelligents Volume: 06 Issue: 01 June 2017 Page No.06-08 ISSN: 2278-2400 8 have happened?” 100% of the interviewees are not aware that she saved her password in the browser for her account. To know the interviewees knowledge about the viruses, we have shown them the screenshots of the destructive viruses and asked them that, have they ever seen this on any computer or heard about it?”. Surprisingly 84% of the interviewees have answered that they have not seen or heard about these destructive viruses. Counter measures: In this research paper we come to this conclusion in order to counter measure the Social engineering attacks where the end- users are the easy target to eavesdropped the institutional information, so to minimize this social engineering attack we should conduct the user training and security awareness program which are as follows. Campus training programs Campus tanning program should be conducted frequently to bring the awareness about the social engineering attack Online Curses: Online courses are particularly useful because they can be updated in a regular basis, they require less personal and they can be adapted to every employee schedule Screen Savers: Screen Savers can be used to show small significant advertisements with regard to social engineering attack in employees’ computers Posters: Colorful posters or displays can be used to highlight important information in order to bring awareness to employees Inspections and Audits: Inspections and Audits are vital to raise awareness among employees being audited Another possibility mentioned in [9] is that security personal periodically demonstrate social engineering by attempting to request passwords to selected users. Users who refuse to give information would be rewarded and users who fail would be instructed that they have failed a random test. Risks: All end-user of the institute should be informed about the risks in information security and how to recognize these risks. Examples of this could be how to recognize Spyware in an infected PC by showing a practical case, how to recognize a forged website used in a Phishing attack and also show demo of SPAM e-mail. Countermeasures: When the end-user of the institute has been trained with regard to the social engineering risks they should be attentive how to react to these risks, it contains; procedures for using information in a safe way, training in security policies like password management or institute information handling. Responsibilities: The training should also direct what are the responsibilities of every end-user in the task of protecting institutional information and resources. All end-users should be informed that every person is responsible in one way or another in securing the information. Contact Information: Last but not least, the point to cover in every security awareness program is to include the contact information for the reporting person in the event of a security break. End-users must be updated of the procedures for reporting security incidents, who and how should be informed and what to do when this type of events happens III. CONCLUSION In order to counter measure social engineering attack where employees/end-users are the main target and to minimize internal attacks we recommend to educate and to bring awareness with regard to the social engineering attacks. Based on our results, we conclude that, a very large number of users are not aware of Phishing and importance of having a strong password and they do not update themselves with latest viruses. We propose that user training and security awareness program need to be conducted frequently and to develop or revisit the security policy covering all aspects of information security and end user should be aware about it. It would be essential to do analyze the users’ practices, their working mechanisms and the style towards computers usage after and before training and awareness about social engineering and in particular terms of security and internal threats by performing security audits and penetration tests. Acknowledgement In the name of Allah, the most gracious and ever merciful. We are thankful to Almighty Allah who blessed us to complete this research within the time frame. We would like to thank those who took part in empirical methodology of this research. It could not be possible to complete this research without their participation and support. References [1] Mitnick, Kevin, “How to Hack People.” BBC NewsOnline, October 14, 2002. [2] J.Creswell. Qualitative, quantitative and mixed method approaches, Sage Publications Ltd 2014. [3] Firewall Analysis Saves Time Keeping Application Paths Clearhttps://www.algosec.com/wp- content/uploads/2016/03/Ogren-Group-Firewall-Analysis- Market-2013-ALGOSEC-VERSION.pdf [4] National Security Institute’s (www.nsi.org) online ‘Employee Information Awareness Service’ web page content as of August 2003. URL: http://nsi.org/SSWebSite/TheService.htm. [5] M.N.David. ―Usability and open source software‖ First Monday, Vol 8, 2002. [6] Brace, I. “How to Plan, Structure and Write Survey Material for Effective Market Research”, London, Market Research in Practice Series in 2004. [7] R. Dhamija, J.D. Tygar and M. Hearst “Why Phishing Works”, dept. Comp and Soc.,Harvard Univ. 2006. [8] QualitativeMethods,https://www.socialresearchmethods.ne t/kb/qualval.php visited 25 Feb 2017 [9] Clifford Woody ,The Values of Educational Research to the Classroom Teacher The Journal of Educational Research Vol. 16, No. 3 (Oct., 1927), pp. 172-178 [10] Cyber Security Planning Guid Federal Communication Commission https://transition.fcc.gov/cyber/cyberplanner.pdf visit 25/2/2017 [11] On Cyberwarfare DCAF HORIZON WORKING PAPER No. 7 2015 [12] S. Bosworth and M.E. Kabay, Computer Security Handbook, 6th ed. New york: John Wiley, 2014.

Recommended

CHI abstract camera ready
CHI abstract camera readyCHI abstract camera ready
CHI abstract camera ready
Mark Sinclair
 
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
IJNSA Journal
 
204
204204
204
vivatechijri
 
Appling tracking game system to measure user behavior toward cybersecurity p...
Appling tracking game system to measure user behavior toward cybersecurity p...Appling tracking game system to measure user behavior toward cybersecurity p...
Appling tracking game system to measure user behavior toward cybersecurity p...
IJECEIAES
 
Healthcares Vulnerability to Ransomware AttacksResearch questio
Healthcares Vulnerability to Ransomware AttacksResearch questioHealthcares Vulnerability to Ransomware AttacksResearch questio
Healthcares Vulnerability to Ransomware AttacksResearch questio
SusanaFurman449
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
IJERA Editor
 
PROJECT DESIGNWORKSHEETpage 1Name of Project Engage-Explore.docx
PROJECT DESIGNWORKSHEETpage 1Name of Project Engage-Explore.docxPROJECT DESIGNWORKSHEETpage 1Name of Project Engage-Explore.docx
PROJECT DESIGNWORKSHEETpage 1Name of Project Engage-Explore.docx
woodruffeloisa
 
A Review Paper On Cyber Harassment Detection Using Machine Learning Algorithm...
A Review Paper On Cyber Harassment Detection Using Machine Learning Algorithm...A Review Paper On Cyber Harassment Detection Using Machine Learning Algorithm...
A Review Paper On Cyber Harassment Detection Using Machine Learning Algorithm...
Lisa Muthukumar
 

Recommended

CHI abstract camera ready
CHI abstract camera readyCHI abstract camera ready
CHI abstract camera ready
Mark Sinclair
 
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
IJNSA Journal
 
204
204204
204
vivatechijri
 
Appling tracking game system to measure user behavior toward cybersecurity p...
Appling tracking game system to measure user behavior toward cybersecurity p...Appling tracking game system to measure user behavior toward cybersecurity p...
Appling tracking game system to measure user behavior toward cybersecurity p...
IJECEIAES
 
Healthcares Vulnerability to Ransomware AttacksResearch questio
Healthcares Vulnerability to Ransomware AttacksResearch questioHealthcares Vulnerability to Ransomware AttacksResearch questio
Healthcares Vulnerability to Ransomware AttacksResearch questio
SusanaFurman449
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
IJERA Editor
 
PROJECT DESIGNWORKSHEETpage 1Name of Project Engage-Explore.docx
PROJECT DESIGNWORKSHEETpage 1Name of Project Engage-Explore.docxPROJECT DESIGNWORKSHEETpage 1Name of Project Engage-Explore.docx
PROJECT DESIGNWORKSHEETpage 1Name of Project Engage-Explore.docx
woodruffeloisa
 
A Review Paper On Cyber Harassment Detection Using Machine Learning Algorithm...
A Review Paper On Cyber Harassment Detection Using Machine Learning Algorithm...A Review Paper On Cyber Harassment Detection Using Machine Learning Algorithm...
A Review Paper On Cyber Harassment Detection Using Machine Learning Algorithm...
Lisa Muthukumar
 
How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness
mark-smith
 
Analysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docxAnalysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docx
daniahendric
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
ramsetl
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
honey690131
 
Social media platform and Our right to privacy
Social media platform and Our right to privacySocial media platform and Our right to privacy
Social media platform and Our right to privacy
vivatechijri
 
Credential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social EngineeringCredential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social Engineering
ijtsrd
 
Anti-Phishing Phil
Anti-Phishing PhilAnti-Phishing Phil
Anti-Phishing Phil
Jasmine Dixon
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every Organization
April Dillard
 
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
Puneeth Puni
 
Post 1Many of you have heard the popular slogans and taglines .docx
Post 1Many of you have heard the popular slogans and taglines .docxPost 1Many of you have heard the popular slogans and taglines .docx
Post 1Many of you have heard the popular slogans and taglines .docx
stilliegeorgiana
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
Russell Publishing
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
FireEye, Inc.
 
ISSC451 Cybercrime.docx
ISSC451 Cybercrime.docxISSC451 Cybercrime.docx
ISSC451 Cybercrime.docx
stirlingvwriters
 
Detecting Unknown Insider Threat Scenarios
Detecting Unknown Insider Threat Scenarios Detecting Unknown Insider Threat Scenarios
Detecting Unknown Insider Threat Scenarios
ijcsa
 
All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...
Gina Rizzo
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats Modeling
IJNSA Journal
 
Junyan Wu Healthcare information security control on insider threat proposal
Junyan Wu Healthcare information security control on insider threat proposalJunyan Wu Healthcare information security control on insider threat proposal
Junyan Wu Healthcare information security control on insider threat proposal
Junyan Wu
 
Ponemon Institute Data Breaches and Sensitive Data Risk
Ponemon Institute Data Breaches and Sensitive Data RiskPonemon Institute Data Breaches and Sensitive Data Risk
Ponemon Institute Data Breaches and Sensitive Data Risk
Fiona Lew
 
A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdfA Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
Katie Naple
 
A Survey of Ontology-based Information Extraction for Social Media Content An...
A Survey of Ontology-based Information Extraction for Social Media Content An...A Survey of Ontology-based Information Extraction for Social Media Content An...
A Survey of Ontology-based Information Extraction for Social Media Content An...
ijcnes
 
Economic Growth of Information Technology (It) Industry on the Indian Economy
Economic Growth of Information Technology (It) Industry on the Indian EconomyEconomic Growth of Information Technology (It) Industry on the Indian Economy
Economic Growth of Information Technology (It) Industry on the Indian Economy
ijcnes
 

More Related Content

Similar to Social Engineering threats and Countermeasures in SHCT

Analysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docxAnalysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docx
daniahendric
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
ramsetl
 
Social media platform and Our right to privacy
Social media platform and Our right to privacySocial media platform and Our right to privacy
Social media platform and Our right to privacy
vivatechijri
 
Credential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social EngineeringCredential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social Engineering
ijtsrd
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every Organization
April Dillard
 
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
Puneeth Puni
 
Post 1Many of you have heard the popular slogans and taglines .docx
Post 1Many of you have heard the popular slogans and taglines .docxPost 1Many of you have heard the popular slogans and taglines .docx
Post 1Many of you have heard the popular slogans and taglines .docx
stilliegeorgiana
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
Russell Publishing
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
FireEye, Inc.
 
Detecting Unknown Insider Threat Scenarios
Detecting Unknown Insider Threat Scenarios Detecting Unknown Insider Threat Scenarios
Detecting Unknown Insider Threat Scenarios
ijcsa
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats Modeling
IJNSA Journal
 
Junyan Wu Healthcare information security control on insider threat proposal
Junyan Wu Healthcare information security control on insider threat proposalJunyan Wu Healthcare information security control on insider threat proposal
Junyan Wu Healthcare information security control on insider threat proposal
Junyan Wu
 
Ponemon Institute Data Breaches and Sensitive Data Risk
Ponemon Institute Data Breaches and Sensitive Data RiskPonemon Institute Data Breaches and Sensitive Data Risk
Ponemon Institute Data Breaches and Sensitive Data Risk
Fiona Lew
 

Similar to Social Engineering threats and Countermeasures in SHCT (20)

How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness
 
Analysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docxAnalysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docx
 
Social engineering
Social engineering Social engineering
Social engineering
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
 
Social media platform and Our right to privacy
Social media platform and Our right to privacySocial media platform and Our right to privacy
Social media platform and Our right to privacy
 
Credential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social EngineeringCredential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social Engineering
 
Anti-Phishing Phil
Anti-Phishing PhilAnti-Phishing Phil
Anti-Phishing Phil
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every Organization
 
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
 
Post 1Many of you have heard the popular slogans and taglines .docx
Post 1Many of you have heard the popular slogans and taglines .docxPost 1Many of you have heard the popular slogans and taglines .docx
Post 1Many of you have heard the popular slogans and taglines .docx
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
 
ISSC451 Cybercrime.docx
ISSC451 Cybercrime.docxISSC451 Cybercrime.docx
ISSC451 Cybercrime.docx
 
Detecting Unknown Insider Threat Scenarios
Detecting Unknown Insider Threat Scenarios Detecting Unknown Insider Threat Scenarios
Detecting Unknown Insider Threat Scenarios
 
All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats Modeling
 
Junyan Wu Healthcare information security control on insider threat proposal
Junyan Wu Healthcare information security control on insider threat proposalJunyan Wu Healthcare information security control on insider threat proposal
Junyan Wu Healthcare information security control on insider threat proposal
 
Ponemon Institute Data Breaches and Sensitive Data Risk
Ponemon Institute Data Breaches and Sensitive Data RiskPonemon Institute Data Breaches and Sensitive Data Risk
Ponemon Institute Data Breaches and Sensitive Data Risk
 
A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdfA Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
 

More from ijcnes

A Survey of Ontology-based Information Extraction for Social Media Content An...
A Survey of Ontology-based Information Extraction for Social Media Content An...A Survey of Ontology-based Information Extraction for Social Media Content An...
A Survey of Ontology-based Information Extraction for Social Media Content An...
ijcnes
 
Economic Growth of Information Technology (It) Industry on the Indian Economy
Economic Growth of Information Technology (It) Industry on the Indian EconomyEconomic Growth of Information Technology (It) Industry on the Indian Economy
Economic Growth of Information Technology (It) Industry on the Indian Economy
ijcnes
 
An analysis of Mobile Learning Implementation in Shinas College of Technology...
An analysis of Mobile Learning Implementation in Shinas College of Technology...An analysis of Mobile Learning Implementation in Shinas College of Technology...
An analysis of Mobile Learning Implementation in Shinas College of Technology...
ijcnes
 
A Survey on the Security Issues of Software Defined Networking Tool in Cloud ...
A Survey on the Security Issues of Software Defined Networking Tool in Cloud ...A Survey on the Security Issues of Software Defined Networking Tool in Cloud ...
A Survey on the Security Issues of Software Defined Networking Tool in Cloud ...
ijcnes
 
Power Management in Micro grid Using Hybrid Energy Storage System
Power Management in Micro grid Using Hybrid Energy Storage SystemPower Management in Micro grid Using Hybrid Energy Storage System
Power Management in Micro grid Using Hybrid Energy Storage System
ijcnes
 
Holistic Forecasting of Onset of Diabetes through Data Mining Techniques
Holistic Forecasting of Onset of Diabetes through Data Mining TechniquesHolistic Forecasting of Onset of Diabetes through Data Mining Techniques
Holistic Forecasting of Onset of Diabetes through Data Mining Techniques
ijcnes
 
A Survey on Disease Prediction from Retinal Colour Fundus Images using Image ...
A Survey on Disease Prediction from Retinal Colour Fundus Images using Image ...A Survey on Disease Prediction from Retinal Colour Fundus Images using Image ...
A Survey on Disease Prediction from Retinal Colour Fundus Images using Image ...
ijcnes
 
Feature Extraction in Content based Image Retrieval
Feature Extraction in Content based Image RetrievalFeature Extraction in Content based Image Retrieval
Feature Extraction in Content based Image Retrieval
ijcnes
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
ijcnes
 
Detection of Node Activity and Selfish & Malicious Behavioral Patterns using ...
Detection of Node Activity and Selfish & Malicious Behavioral Patterns using ...Detection of Node Activity and Selfish & Malicious Behavioral Patterns using ...
Detection of Node Activity and Selfish & Malicious Behavioral Patterns using ...
ijcnes
 
Optimal Channel and Relay Assignment in Ofdmbased Multi-Relay Multi-Pair Two-...
Optimal Channel and Relay Assignment in Ofdmbased Multi-Relay Multi-Pair Two-...Optimal Channel and Relay Assignment in Ofdmbased Multi-Relay Multi-Pair Two-...
Optimal Channel and Relay Assignment in Ofdmbased Multi-Relay Multi-Pair Two-...
ijcnes
 
An Effective and Scalable AODV for Wireless Ad hoc Sensor Networks
An Effective and Scalable AODV for Wireless Ad hoc Sensor NetworksAn Effective and Scalable AODV for Wireless Ad hoc Sensor Networks
An Effective and Scalable AODV for Wireless Ad hoc Sensor Networks
ijcnes
 
Secured Seamless Wi-Fi Enhancement in Dynamic Vehicles
Secured Seamless Wi-Fi Enhancement in Dynamic VehiclesSecured Seamless Wi-Fi Enhancement in Dynamic Vehicles
Secured Seamless Wi-Fi Enhancement in Dynamic Vehicles
ijcnes
 
Virtual Position based Olsr Protocol for Wireless Sensor Networks
Virtual Position based Olsr Protocol for Wireless Sensor NetworksVirtual Position based Olsr Protocol for Wireless Sensor Networks
Virtual Position based Olsr Protocol for Wireless Sensor Networks
ijcnes
 
Mitigation and control of Defeating Jammers using P-1 Factorization
Mitigation and control of Defeating Jammers using P-1 FactorizationMitigation and control of Defeating Jammers using P-1 Factorization
Mitigation and control of Defeating Jammers using P-1 Factorization
ijcnes
 
An analysis and impact factors on Agriculture field using Data Mining Techniques
An analysis and impact factors on Agriculture field using Data Mining TechniquesAn analysis and impact factors on Agriculture field using Data Mining Techniques
An analysis and impact factors on Agriculture field using Data Mining Techniques
ijcnes
 
A Study on Code Smell Detection with Refactoring Tools in Object Oriented Lan...
A Study on Code Smell Detection with Refactoring Tools in Object Oriented Lan...A Study on Code Smell Detection with Refactoring Tools in Object Oriented Lan...
A Study on Code Smell Detection with Refactoring Tools in Object Oriented Lan...
ijcnes
 
Priority Based Multi Sen Car Technique in WSN
Priority Based Multi Sen Car Technique in WSNPriority Based Multi Sen Car Technique in WSN
Priority Based Multi Sen Car Technique in WSN
ijcnes
 
Semantic Search of E-Learning Documents Using Ontology Based System
Semantic Search of E-Learning Documents Using Ontology Based SystemSemantic Search of E-Learning Documents Using Ontology Based System
Semantic Search of E-Learning Documents Using Ontology Based System
ijcnes
 

More from ijcnes (20)

A Survey of Ontology-based Information Extraction for Social Media Content An...
A Survey of Ontology-based Information Extraction for Social Media Content An...A Survey of Ontology-based Information Extraction for Social Media Content An...
A Survey of Ontology-based Information Extraction for Social Media Content An...
 
Economic Growth of Information Technology (It) Industry on the Indian Economy
Economic Growth of Information Technology (It) Industry on the Indian EconomyEconomic Growth of Information Technology (It) Industry on the Indian Economy
Economic Growth of Information Technology (It) Industry on the Indian Economy
 
An analysis of Mobile Learning Implementation in Shinas College of Technology...
An analysis of Mobile Learning Implementation in Shinas College of Technology...An analysis of Mobile Learning Implementation in Shinas College of Technology...
An analysis of Mobile Learning Implementation in Shinas College of Technology...
 
A Survey on the Security Issues of Software Defined Networking Tool in Cloud ...
A Survey on the Security Issues of Software Defined Networking Tool in Cloud ...A Survey on the Security Issues of Software Defined Networking Tool in Cloud ...
A Survey on the Security Issues of Software Defined Networking Tool in Cloud ...
 
Challenges of E-government in Oman
Challenges of E-government in OmanChallenges of E-government in Oman
Challenges of E-government in Oman
 
Power Management in Micro grid Using Hybrid Energy Storage System
Power Management in Micro grid Using Hybrid Energy Storage SystemPower Management in Micro grid Using Hybrid Energy Storage System
Power Management in Micro grid Using Hybrid Energy Storage System
 
Holistic Forecasting of Onset of Diabetes through Data Mining Techniques
Holistic Forecasting of Onset of Diabetes through Data Mining TechniquesHolistic Forecasting of Onset of Diabetes through Data Mining Techniques
Holistic Forecasting of Onset of Diabetes through Data Mining Techniques
 
A Survey on Disease Prediction from Retinal Colour Fundus Images using Image ...
A Survey on Disease Prediction from Retinal Colour Fundus Images using Image ...A Survey on Disease Prediction from Retinal Colour Fundus Images using Image ...
A Survey on Disease Prediction from Retinal Colour Fundus Images using Image ...
 
Feature Extraction in Content based Image Retrieval
Feature Extraction in Content based Image RetrievalFeature Extraction in Content based Image Retrieval
Feature Extraction in Content based Image Retrieval
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
Detection of Node Activity and Selfish & Malicious Behavioral Patterns using ...
Detection of Node Activity and Selfish & Malicious Behavioral Patterns using ...Detection of Node Activity and Selfish & Malicious Behavioral Patterns using ...
Detection of Node Activity and Selfish & Malicious Behavioral Patterns using ...
 
Optimal Channel and Relay Assignment in Ofdmbased Multi-Relay Multi-Pair Two-...
Optimal Channel and Relay Assignment in Ofdmbased Multi-Relay Multi-Pair Two-...Optimal Channel and Relay Assignment in Ofdmbased Multi-Relay Multi-Pair Two-...
Optimal Channel and Relay Assignment in Ofdmbased Multi-Relay Multi-Pair Two-...
 
An Effective and Scalable AODV for Wireless Ad hoc Sensor Networks
An Effective and Scalable AODV for Wireless Ad hoc Sensor NetworksAn Effective and Scalable AODV for Wireless Ad hoc Sensor Networks
An Effective and Scalable AODV for Wireless Ad hoc Sensor Networks
 
Secured Seamless Wi-Fi Enhancement in Dynamic Vehicles
Secured Seamless Wi-Fi Enhancement in Dynamic VehiclesSecured Seamless Wi-Fi Enhancement in Dynamic Vehicles
Secured Seamless Wi-Fi Enhancement in Dynamic Vehicles
 
Virtual Position based Olsr Protocol for Wireless Sensor Networks
Virtual Position based Olsr Protocol for Wireless Sensor NetworksVirtual Position based Olsr Protocol for Wireless Sensor Networks
Virtual Position based Olsr Protocol for Wireless Sensor Networks
 
Mitigation and control of Defeating Jammers using P-1 Factorization
Mitigation and control of Defeating Jammers using P-1 FactorizationMitigation and control of Defeating Jammers using P-1 Factorization
Mitigation and control of Defeating Jammers using P-1 Factorization
 
An analysis and impact factors on Agriculture field using Data Mining Techniques
An analysis and impact factors on Agriculture field using Data Mining TechniquesAn analysis and impact factors on Agriculture field using Data Mining Techniques
An analysis and impact factors on Agriculture field using Data Mining Techniques
 
A Study on Code Smell Detection with Refactoring Tools in Object Oriented Lan...
A Study on Code Smell Detection with Refactoring Tools in Object Oriented Lan...A Study on Code Smell Detection with Refactoring Tools in Object Oriented Lan...
A Study on Code Smell Detection with Refactoring Tools in Object Oriented Lan...
 
Priority Based Multi Sen Car Technique in WSN
Priority Based Multi Sen Car Technique in WSNPriority Based Multi Sen Car Technique in WSN
Priority Based Multi Sen Car Technique in WSN
 
Semantic Search of E-Learning Documents Using Ontology Based System
Semantic Search of E-Learning Documents Using Ontology Based SystemSemantic Search of E-Learning Documents Using Ontology Based System
Semantic Search of E-Learning Documents Using Ontology Based System
 

Recently uploaded

Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
tanu pandey
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 

Recently uploaded (20)

Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf
 

Social Engineering threats and Countermeasures in SHCT

  • 1. Integrated Intelligent Research (IIR) International Journal of Business Intelligents Volume: 06 Issue: 01 June 2017 Page No.06-08 ISSN: 2278-2400 6 Social Engineering threats and Countermeasures in SHCT Syed Mehr Ali shah, Aijaz Ahmed, Mir Abid Ali I.T Dept. Shinas College of Technology, Shinas, Oman Email: Syed.mehr@shct.edu.om, Aijaz.Ahmed@shct.edu.om, mir.ali@shct.edu.om Abstract — Computers have become such a big part of everyday life everywhere - Computer security and threat prevention is essential for individuals and organizations. And organizations are taking computer security more seriously to protect their information systems at different levels starting from physical, Personal, procedural and/up to technical level. The measures at all these levels have made the business world more effective (but not completely) at blocking inside and outside threats. These measures have made it increasingly difficult for hackers or viruses to penetrate systems. The threat to the organization is more from insiders than outsiders, in this paper we will analyze what are the internal threats in organizations, why are we defenseless and allow threats to realize and the best practices to secure our organization’s data from inside threats’. Keywords — Social engineering; Threats, Viruses I. INTRODUCTION Social Engineering utilizes personal error or oversight to gain and entry to any system in spite of the layers of defensive security controls that have been implemented via software or hardware [7]. The technology based and the human based deceptions are the two main types in which all social engineering strive can be grouped. Trespassers and hackers are on the lookout for ways to gain and entry to pricey resources such as computer systems or corporate or personal information that can be used by them maliciously for personal gain. A notable proportion of computer and organizational security professionals believe insider threat is the greatest risk to their enterprise, and more than 40% report that their greatest security concern is employees accidentally risk security through data leaks or similar mistake [AlgoSec 2013][3]. A previous report by the CERT® Insider Threat team, part of Carnegie Mellon University’s Software Engineering Institute, provided an initial examination of this problem. The infamous hacker “Kevin Mitnick”, in an interview with the BBC News Online [1], told that: The biggest hazard to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall. In fact, the biggest threat could be human. What I found personally to be true was that it's easier to manipulate people rather than technology. Most of the time organizations overlook that human element. So, the ultimate security wall is the human being, and if that person is duped, the gates are wide open for the intruder to take complete control over the computer which might have an important information. Safety specialist concur when it comes to identifying where security negligence can occur, and who causes them. Over time, the experts have come to the conclusion that despite the impression of the hacker being an outsider wanting to get ‘in’, the majority of violations are caused by either disgruntled employees or non-employees who have legitimate system access because of their job in the organization [8]. According to the FBI nearly 80% of all attacks are caused by such authorized users [4]. Hence, it is concluded that a proper training is needed for the inside people of an organization or an institution. II. OVERVIEW Research is the careful and critical enquiry in seeking facts for principles [6]. It can also say that research is the combination of both experience and reasoning and must be regarded as the most successful approach to discover the truth. And methodology is the set of criteria followed in a particular discipline. There are different research methods for investigation, for example Observation, Questionnaire, Interview, Analysis of records, Case study etc. These Methods and Techniques are used in performing research operation i.e. collection of data, statistical processing and analysis (test), to evaluate the accuracy of the results obtained. But we use a systematic approach for investigation that is based on mixed methodology as elaborated by Creswell [1]. In this mixed approach we use qualitative and quantitative method of research. In quantitative approach, measured and expressed in term of quantity. Quantitative research helps in précised measurement and knowing trends and changes over the time. The quantitative research is mainly concerned with quantifying relationship or to compare two or more groups [1]. The qualitative research is concerned with studying object in their natural setting. A qualitative research is attempted to
  • 2. Integrated Intelligent Research (IIR) International Journal of Business Intelligents Volume: 06 Issue: 01 June 2017 Page No.06-08 ISSN: 2278-2400 7 interpret a phenomenon based on explanation that people brins to them [2]. This research will be taken in different segments. In first segment, a detailed and comprehensive literature study will be carried out to understand the Social engineer and its importance in any organization. In second phase that we select some methods and techniques for evaluation of the social engineer awareness in any organization or institution, there are different methods and techniques available for assessment but the we selected the questionnaires [3] and think aloud technique for testing. After performing the questionnaire which was distributed online to all end-users after that we took the interview from the selected end-users, in that way the result compiled qualitatively [5], for more validating this research the we conducted interviews with SHCT staff [Figure 1] illustrated the overview of the research methodology. The questionnaire consists of questions related to the amount of knowledge that the responders knew about Phishing, Strong Password requirements and viruses, these questions are of vital importance to find out if they are aware of new attack methods and thus vulnerable to these new types of attacks. We asked the respondents 3 questions related to Phishing. Questions which we asked to the respondent, 1. If they were aware of Phishing attack, 2. If they were aware of Phishing mail and 3. If they were aware of Phishing website. The average 52% of the respondents have answered “Yes”, and the remaining 48% have answered ‘NO’. The result shows that large number of respondents are not aware of Phishing We used another set of questions to find out if participants knowledge about importance password security. We asked them questions like “1. Which of the following meets the strong password requirement?”, “2. Do you use the same passwords for your work accounts as you do for your personal accounts at home, such as Facebook, Twitter or your personal email accounts?” The response shows that, 62% of the respondents do not know the requirements of the strong password and 32% of the respondents use the same password for different accounts. Finally, we wanted to know the respondent’s knowledge about viruses and Trojans. And we asked them few important questions like “1. How often do you read or update yourself regarding most destructive computer virus?”, “2. Have you ever found a virus or Trojan on your computer at work?”, “Do you know who to contact in case if your computer is infected?”. The result analysis shows that, 52% respondents were rarely update themselves and 12% did not update themselves at all. For the second question asked, 90% of the respondent answered that, their computer was infected, and 46% of the respondents do not know whom to contact if their computer is infected. We also conducted interviews with users in the college. We have shown interviewees the login page of a fake website which has the look and feel of a face book login page and asked them “have you ever seen this page”. The 100% interviewees answered that it is Facebook login page without checking the URL of the page. We gave the interviewees a scenario that, a mail from helpdesk asking you to reply with your personal details along with username and password of your email account within a stipulated time, otherwise your email account will be deleted. And we asked them “what should they do?”. 30% of the interviewees said that they will reply them back with the details. We gave the interviewee the following scenario. “We saw a case a while back where someone used their yahoo account at a computer lab on campus. She made sure her yahoo account was no longer open in the browser window before leaving the lab. Someone came in behind her and used the same browser to re-access her account. They started sending emails from it and caused all sorts of mayhem.”. And we asked them “what they think might
  • 3. Integrated Intelligent Research (IIR) International Journal of Business Intelligents Volume: 06 Issue: 01 June 2017 Page No.06-08 ISSN: 2278-2400 8 have happened?” 100% of the interviewees are not aware that she saved her password in the browser for her account. To know the interviewees knowledge about the viruses, we have shown them the screenshots of the destructive viruses and asked them that, have they ever seen this on any computer or heard about it?”. Surprisingly 84% of the interviewees have answered that they have not seen or heard about these destructive viruses. Counter measures: In this research paper we come to this conclusion in order to counter measure the Social engineering attacks where the end- users are the easy target to eavesdropped the institutional information, so to minimize this social engineering attack we should conduct the user training and security awareness program which are as follows. Campus training programs Campus tanning program should be conducted frequently to bring the awareness about the social engineering attack Online Curses: Online courses are particularly useful because they can be updated in a regular basis, they require less personal and they can be adapted to every employee schedule Screen Savers: Screen Savers can be used to show small significant advertisements with regard to social engineering attack in employees’ computers Posters: Colorful posters or displays can be used to highlight important information in order to bring awareness to employees Inspections and Audits: Inspections and Audits are vital to raise awareness among employees being audited Another possibility mentioned in [9] is that security personal periodically demonstrate social engineering by attempting to request passwords to selected users. Users who refuse to give information would be rewarded and users who fail would be instructed that they have failed a random test. Risks: All end-user of the institute should be informed about the risks in information security and how to recognize these risks. Examples of this could be how to recognize Spyware in an infected PC by showing a practical case, how to recognize a forged website used in a Phishing attack and also show demo of SPAM e-mail. Countermeasures: When the end-user of the institute has been trained with regard to the social engineering risks they should be attentive how to react to these risks, it contains; procedures for using information in a safe way, training in security policies like password management or institute information handling. Responsibilities: The training should also direct what are the responsibilities of every end-user in the task of protecting institutional information and resources. All end-users should be informed that every person is responsible in one way or another in securing the information. Contact Information: Last but not least, the point to cover in every security awareness program is to include the contact information for the reporting person in the event of a security break. End-users must be updated of the procedures for reporting security incidents, who and how should be informed and what to do when this type of events happens III. CONCLUSION In order to counter measure social engineering attack where employees/end-users are the main target and to minimize internal attacks we recommend to educate and to bring awareness with regard to the social engineering attacks. Based on our results, we conclude that, a very large number of users are not aware of Phishing and importance of having a strong password and they do not update themselves with latest viruses. We propose that user training and security awareness program need to be conducted frequently and to develop or revisit the security policy covering all aspects of information security and end user should be aware about it. It would be essential to do analyze the users’ practices, their working mechanisms and the style towards computers usage after and before training and awareness about social engineering and in particular terms of security and internal threats by performing security audits and penetration tests. Acknowledgement In the name of Allah, the most gracious and ever merciful. We are thankful to Almighty Allah who blessed us to complete this research within the time frame. We would like to thank those who took part in empirical methodology of this research. It could not be possible to complete this research without their participation and support. References [1] Mitnick, Kevin, “How to Hack People.” BBC NewsOnline, October 14, 2002. [2] J.Creswell. Qualitative, quantitative and mixed method approaches, Sage Publications Ltd 2014. [3] Firewall Analysis Saves Time Keeping Application Paths Clearhttps://www.algosec.com/wp- content/uploads/2016/03/Ogren-Group-Firewall-Analysis- Market-2013-ALGOSEC-VERSION.pdf [4] National Security Institute’s (www.nsi.org) online ‘Employee Information Awareness Service’ web page content as of August 2003. URL: http://nsi.org/SSWebSite/TheService.htm. [5] M.N.David. ―Usability and open source software‖ First Monday, Vol 8, 2002. [6] Brace, I. “How to Plan, Structure and Write Survey Material for Effective Market Research”, London, Market Research in Practice Series in 2004. [7] R. Dhamija, J.D. Tygar and M. Hearst “Why Phishing Works”, dept. Comp and Soc.,Harvard Univ. 2006. [8] QualitativeMethods,https://www.socialresearchmethods.ne t/kb/qualval.php visited 25 Feb 2017 [9] Clifford Woody ,The Values of Educational Research to the Classroom Teacher The Journal of Educational Research Vol. 16, No. 3 (Oct., 1927), pp. 172-178 [10] Cyber Security Planning Guid Federal Communication Commission https://transition.fcc.gov/cyber/cyberplanner.pdf visit 25/2/2017 [11] On Cyberwarfare DCAF HORIZON WORKING PAPER No. 7 2015 [12] S. Bosworth and M.E. Kabay, Computer Security Handbook, 6th ed. New york: John Wiley, 2014.