Creating a Code of Ethics for Social Engineering in Cybersecurity: A Case Study

The world of cybersecurity is fast growing and has the need of more competent social engineers who can train staff and improve training further in the industry. They can engage with people if they were to either get information out of them or to educate them on their own. They can then further educate their workplace’s cybersecurity posture towards social engineering attacks such as phishing, raising awareness about spyware, and teaching new personnel about the importance of upholding a professional standard while out on client engagements

Employee Awareness on Phishing Threats: A Comparison of Related Frameworks and Models

Data and sensitive information in the public sector are major targets for cyberattacks. Officials in the public sector have developed a wide range of frameworks, models, and technology to help employees understand the risk of phishing attacks. However, these models havent been able to meet the total needs of institutions in terms of security. This study reviews the awareness frameworks and models used to increase users awareness of phishing scams and highlights the problems and drawbacks. Moreover, this study compares the various cybersecurity awareness frameworks and models. The findings show a need to enhance current phishing awareness frameworks and models that can handle phishing attacks in the workplace while also converting them into cybersecurity training input, mainly via a digital learning platform

Reviewing Cybersecurity Awareness Training Tools Used to Address Phishing Attack at the Workplace

Public sector data and sensitive information are a prime target for cyberattacks. There are numerous popular security tools used across the globe to achieve automated network protection. This study reviews the following tools within the current study: KnowBe4, PhishingBox, PhishInsight, PhishThreat, PhishMe, and Gophish. The rationale behind the detailed review is comparing and contrasting various cybersecurity awareness training tools used to address phishing attacks at the workplace. The selected tools can be used as assessment or enhancement awareness tools; this depends on each tools settings and system due to its integrated models and flexibility. Furthermore, social engineering attacks are recurrently evolving, so different security tools strengths and weaknesses could help pick the right instrument for spotting and responding to digital attacks. As a result, this study discusses the drawbacks of the selected tools that can guide developers and services providers in improving the existing phishing awareness tools

Reviewing Cybersecurity Awareness Training Tools Used to Address Phishing Attack at the Workplace

Public sector data and sensitive information are a prime target for cyberattacks. There are numerous popular security tools used across the globe to achieve automated network protection. This study reviews the following tools within the current study: KnowBe4, PhishingBox, PhishInsight, PhishThreat, PhishMe, and Gophish. The rationale behind the detailed review is comparing and contrasting various cybersecurity awareness training tools used to address phishing attacks at the workplace. The selected tools can be used as assessment or enhancement awareness tools; this depends on each tools settings and system due to its integrated models and flexibility. Furthermore, social engineering attacks are recurrently evolving, so different security tools strengths and weaknesses could help pick the right instrument for spotting and responding to digital attacks. As a result, this study discusses the drawbacks of the selected tools that can guide developers and services providers in improving the existing phishing awareness tools

Difference in knowledge and behavior regarding Internet security among healthcare students

Cilj ovog istraživanja bio je usporediti stvarno rizično online ponašanje sa samoprocjenom istog kod studenata zdravstvenih studija te korelirati njihovo ponašanje s njihovom razinom znanja o online rizicima. Ispitanici su studenti 3. godine Preddiplomskog studija medicinsko-laboratorijske dijagnostike te studenti 2. godine Integriranog preddiplomskog i diplomskog studija medicine. Istraživanje je, kao presječna studija, provedeno na Medicinskom fakultetu u Osijeku za potrebe diplomskog rada. U istraživanju je korištena online verzija validiranog Bihevioralno-kognitivnog upitnika internetske sigurnosti (BKUIS). Rezultati su pokazali da nema korelacije između rizičnosti stvarnog i samoprocijenjenog ponašanja studenata (uz koeficijent korelacije vrlo blizu nule). Naprotiv, dobivena je slaba povezanost između veće rizičnosti stvarnog ponašanja i većeg stupnja svjesnosti o postojanju online rizika, što potvrđuje ranije definirani paradoks da se dio svjesnijih online korisnika rizičnije ponaša. Čak tri od pet ispitanika unijelo je svoju lozinku na trik pitanje o njenoj kvaliteti. Generalno, visoka je razina znanja ali visok je i stupanj rizičnosti u njihovom online ponašanju. Od velike je važnosti daljnji rad na podizanju svjesnosti o rizicima, a pogotovo među budućim zdravstvenim djelatnicima koji će pristupati osjetljivim podacima pacijenata unutar zdravstvenog informacijskog sustava.Aim of this research was to compare the actual risky online behavior with the self assessment of it, among healthcare students and to correlate their behavior with their level of knowledge on online risks. The respondents were students of the 3rd year of the Undergraduate study of medical-laboratory diagnostics and students of the 2nd year of the Integrated undergraduate and graduate study of medicine. Research was conducted as a cross-sectional study at the Faculty of Medicine in Osijek for the purposes of a graduate thesis. The online version of the validated Behavioral-Cognitive Internet Security Questionnaire (BKUIS) was used in this research. The results showed that there is no correlation between the riskiness of real and self-assessed behavior among students with a correlation coefficient very close to zero. On the contrary, a weak connection was obtained between higher riskiness of actual behavior and a better degree of awareness regarding online risks, which confirms previously defined paradox that part of more aware online users behave riskier. As many as three out of five respondents entered their password to a trick question about its quality. In general, the level of knowledge is high, however, the level of riskiness in their online behavior is also high. Further work on raising awareness is of great importance, especially among future healthcare professionals who will have access to sensitive patient data within the healthcare information system

Cybersecurity and education. Sensibility and change variables in teaching training educators

[EN] The present study is aimed to analyze the change in university teacher training based on emergent needs to consider cybersecurity as a specific and complementary content. The study involved first course students of the Teacher Training degrees in Early Childhood Education and Primary Education. The research design followed a mixed sequential and concurrent model, using a GLM-RM procedure for the quantitative data-analysis, by means of pre-post contrast during the training; also, a semantic network analysis was used for quantitative data. The results point to two fundamental clues. On the one hand, an increase in sensitivity to risk perception as a consequence of specific training in cybersecurity and, second, the identification of two contrasting groups of perception of change.[ES] Se presenta un estudio de análisis del cambio en la formación del profesorado universitario a partir de la necesidad de considerar la ciberseguridad como un contenido específico y complementario. En el estudio participaron estudiantes de primer curso de las enseñanzas de Magisterio en Educación Infantil y Educación Primaria. El diseño de investigación siguió un modelo mixto secuencial y concurrente, utilizando para el analisis cuantitativo de los datos un procedimiento MLG-MR, mediante contraste pre-post durante la formación y en la capa cualitativa mediante un análisis de redes semánticss. Los resultados apuntan a dos claves fundamentales. Por un lado, un aumento de la sensibilidad en la percepción del riesgo como consecuencia de la formación específica en ciberseguridad y, por otro, la identificación de dos grupos contrastados de percepción al cambio.Herrero-Martín, J.; Rodríguez-Merino, C.; Valdivielso, R.; Amo, D. (2022). Formación en ciberseguridad y educación. Variables de sensibilidad y cambio en la formación del profesorado. En In-Red 2022 - VIII Congreso Nacional de Innovación Educativa y Docencia en Red. Editorial Universitat Politècnica de València. 956-964. https://doi.org/10.4995/INRED2022.2022.1585595696

Social Engineering SWOT Analysis in Government-Owned Commercial Banks and National Private Commercial Banks

This research examines the phenomenon of social engineering at government-owned commercial banks and national private commercial banks. The research method used is descriptive qualitative with a literature study. The research results show the bank's strengths, weaknesses, opportunities, and threats. In addition, several strategies are recommended for banks to prevent social engineering attacks, namely building information technology in banking according to the standards and regulations of the Financial Service Authority (Otoritas Jasa Keuangan), utilizing social media as an educational tool, training employees, monitoring and optimizing data security and banking information technology networks, suppressing the circulation of social issues on behalf of banks that can trigger social engineering, increasing financial literacy and awareness of data security personal customers and employees. To prevent social engineering attacks, banks can implement strategies that are considered adequate