Speaker
Description
Social engineering is generally explained as the practice of trapping, manipulating, or misleading a victim. Novice Information Technology users are one of the targeted victims. Such users are mainly affected by phishing attacks that are the greatest popular type of social engineering attack. Through malicious websites or infected email attachments, phishing attempts characteristically to use human error as a means of credential harvesting or virus distribution. There have continuously been social engineering techniques, and there will always be more of them. Just as stratagems attempt to deceive decision makers, social engineering does the same. Even though security awareness training may not fully eliminate this vulnerability, it is essentially difficult to completely get rid of social engineering vulnerabilities. Social engineering poses a constant danger to cybersecurity because it takes advantage of human vulnerabilities instead of computer system security weaknesses. The novice users are the main victims of this. The main question of the study is:
How can social engineering techniques be redefined to improve security risks among novice IT users?
This study proposes that applying more relevant social engineering techniques that could educate novice IT users to be more secure when online. Using online secondary data, the study is based on publicly available open-source datasets and novice users’ experiences.
Findings show that novice users are exposed and prone to data security breaches and risk. Studies have found that novice users seem to be overconfident in understanding social engineering attacks but hold incorrect beliefs. Novice users had major misunderstanding of what constitutes social engineering, and the risks of these attacks.
Key Words: Social engineering, novice users, data management, cybersecurity, mobile users
