Evaluation of Measures Taken by Telecommunication Companies in Preventing Social Engineering Attacks in Tanzania

This study aimed to evaluate the measures taken by telecommunication companies in preventing social engineering attacks in Tanzania. The study was guided by the deception theory, the researcher employed a descriptive research design and quantitative approach to conduct this study. Data was collected by using a questionnaire administered to the selected telecommunication companies in Tanzania. Furthermore, the obtained findings were as follows; most of the respondents who participated in this study are aware of social engineering and that they experienced social engineering. The study also revealed that there are common social engineering attacks experienced by the respondents such as business collaboration benefits, alleged wrong remittance of money, sim swaps, SMS phishing and fraudulent SMS from lost or stolen phones, password requisitions and links sharing. The findings of this study went further to reveal that social engineering has effects such as loss of sensitive data, financial loss, reputational damage, disruption of operations as well as legal and compliance issue. The general findings of this study show that most of the respondents said that there is a presence of security measures to prevent social engineering such as the provision of the awareness program, enabling the use of multifactor authentication, there is implementation of policies around social media usage, provision of regular software updates, regular review of security protocols, provision of well-known customer care services number. On the other hand, the study also revealed that telecommunication companies use the following ways to minimize social engineering attacks, provision of security awareness training for employees, implementing security policies and procedures, regularly reviewing and updating security protocols, detecting and responding to social engineering attacks, placing limits on the access each member has in the system, always require a username and password to be configured. On the strategies used to prevent social engineering, the finding of this study showed that telecommunication companies should ensure encrypting data, proper verification of emails or instructions sent to customers, ensure that even if hackers intercept communication they can’t access information contained within, use of SSL certificates from trusted authorities, incorporating phishing and malicious detection solutions into security stack. This study concludes that telecommunications ensure routine reviews of security standards, daily notifications for customers and other system users, and the availability of a well-known customer care services number. Due to the difficulties that information system users face, businesses have been using a variety of protection techniques to avoid social engineering, from putting up multifactor authentication for users' accounts to teaching employees how to spot suspect activity. Hence it is recommended that it is necessary to deploy mechanisms like machine learning-based ways to defend against social engineering-based assaults since cybercriminals exploit human activities to breach security as well as using the security features on messages (filter unknown senders) and calls (silence unknown callers)

The Driving Forces for the Involvement of Higher Learning Institution’s Students in Cybercrime Acts. A Case of Selected Higher Learning Institutions in Tanzania

This study investigates the extent and driving forces of cybercrime acts among students in higher learning institutions. The research digs into common cybercrime involvement and explores potential motives driving students' engagement in such illicit activities. A mixed-methods approach was adopted, involving online surveys and interviews with 308 samples size from a population of 1500 participants from selected higher learning institutions in Tanzania. Institutions involved in this study included Collage of Business Education (CBE), Dar es Salaam Institute of Technology (DIT), Institute of Finance Management (IFM) and Tanzania Institute of Accountancy (TIA). The findings revealed that digital piracy, hacking, computer viruses, spam mailing, computer-related forgery, and cyberbullying were prevalent forms of cybercrime among the participants. Significant associations were identified between cybercrime involvement and factors such as social-economic status, technological changes, peer influence, lack of awareness of cybercrime, individual traits, and internet usage contributing to students' involvement in cybercrime. In light of these findings, the study recommends implementing comprehensive educational programs, strengthening institutional cybersecurity, promoting positive peer influence, enhancing collaboration with law enforcement, and integrating ethical training into the curriculum. These efforts will foster a safe and responsible digital environment within higher learning institutions, protecting students from cybercrime risks and promoting ethical digital citizenship

A Dynamic and Adaptive Information Security Awareness (DAISA) Approach

Information systems fail not only because of problems with technology used and technical incompetence of professionals administering them but also because of lack of security awareness to the end users. In addition, various research results have revealed that security and reliability of IS/IT systems is a function of technology, processes and people. This research has focused on the latter aiming at developing an integrated information security education, training and awareness learning continuum. Particularly, the research has focused on developing countries where a little has been done to address information security learning continuum. The research has been done in two cyclic phases in which cycle one has chiefly addressed security education and training aspects whereas cycle two has mainly focused on security awareness aspects. Based on empirical analysis of security practices in organisations; the thesis proposes a Dynamic and Adaptive Information Security Awareness (DAISA) approach. Founded on six interdependent pillars, the approach delineates high level guidelines for establishing and maintaining information security awareness programs at workplaces