Corradini I., Nardelli E. (2019)
Abstract. In the field of cybersecurity human factor is considered one of the most critical elements. Security experts know well the importance of people’s security behaviors such as managing passwords, avoiding phishing attacks and similar. However, organizations still lack a strong cybersecurity culture to manage security risks related in particular to the human factor. In this paper we describe the results of a study involving 212 employees belonging to two companies operating in the service sector. Within a cybersecurity awareness project executed in each company, employees participated in workshop sessions and were asked to evaluate the credibility and the success probability of a list of the most common security risk scenarios based on social engineering techniques. Cyber-attacks based on these techniques are considered among the most successful because use psychological principles to manipulate people’s perception and obtain valuable information. The comparison of results obtained in the two companies shows that awareness training programs pay off in terms of raising people’s attention to cyber-risks.
Date of publication: June 2019
DOI:10.1007/978-3-030-20488-4_6
In book: Advances in Human Factors in Cybersecurity, Proceedings of the AHFE 2019 International Conference on Human Factors in Cybersecurity, July 24-28, 2019, Washington D.C., USA (pp.59-65)
How to cite this paper: Corradini, I., Nardelli, E. (2020). Social Engineering and the Value of Data: The Need of Specific Awareness Programs. In: Ahram, T., Karwowski, W. (eds) Advances in Human Factors in Cybersecurity. AHFE 2019. Advances in Intelligent Systems and Computing, vol 960. Springer, Cham. https://doi.org/10.1007/978-3-030-20488-4_6