The Impact of Social Engineering and Phishing on Cybersecurity Systems - Essay Sample

Introduction

The gradual improvement of the system of computer science and technology has increased the complexity of computer systems. As a result, many lawbreakers have been taking advantage of computer system vulnerability, which involves weaknesses within the computer systems, which can be exploited by a threat actor, such as attackers, to cross privilege boundaries within the computer systems (Kamal, 2018). Critical among the lawbreakers employed to gain sensitive organizational information includes social engineering and phishing (Gupta & Kapoor, 2016). Social engineering refers to the art of exploiting human psychology rather than the technical hacking techniques to gain access to buildings' computer systems and data (Hatfield, 2018). The aspect is often enhanced by sending emails to the victims, which contains links and download options (Salahdine & Kaabouch, 2019). On the other hand, phishing is the art of fraudulent attempts to gain sensitive information by disguising legitimate entities and sending emails requesting sensitive data (Tchakaunte & Udagepola, 2019). This case study analyzes the impact of social engineering and phishing on cybersecurity systems.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Problem Statement

There have been increased social engineering cases and phishing among business organizations, which have been propagated in various forms. Social engineering has been highly dependent on human factors, which have been the lawbreakers' weak links and targets (Conteh & Schmich, 2016). One of the critical techniques applied in social engineering is pretexting (Lohani, 2019). This is an attack driven by a fabrication scenario, where the attacker attempts to confirm and steal sensitive information from the victim, mostly employees of the organizations (Breda & Morais, 2017). The attack requires the attacker to build a short story that may leave no doubt about its credibility (Mouton & Venter, 2016). Significantly, the attackers often use fear and urgency while ensuring the building of trust with the victim to exploit their weak points and gain access to sensitive information. Conteh and Schmich assert that the attackers may also apply tailgating as a social engineering technique (2016). The method involves piggybacking to gain access to restricted areas (Fan & Rong, 2017). The strategy targets people with the authority to grant access, where the attackers impersonate them (Nugraha & Andangsari, 2020).

Phishing is another cybersecurity technique that has been extensively applied by attackers. Under this technique, large numbers of untargeted communications are often sent to numerous recipients, hoping that a minority will become victims (Priestman & Sebire, 2019). A critical example of a phishing technique applied by attackers includes baiting, which lures the victims through enticement strategies (Luga & Erola, 2016). The hackers may use the lure of promised goods if the user surrenders the log-in credentials.

Social engineering and phishing have had significant devastating effects on business organizations. For instance, hackers obtain sensitive organizational information and use it for ransomware (Humayun & Ponnusamy, 2020). This is where hackers threaten to publish the victims' data and demand vast amounts of money (Nadir & Bakshi, 2018). The hackers have also been accessing sensitive organizational information to sell them to the organization's competitors at exorbitant prices (Sen & Heim, 2020). The element has greatly affected the performance of business organizations (Kamra & Scott, 2019). As a result, business organizations have a great need to apply preventive measures to strengthen their cybersecurity (Kshetri, 2017).

Research Questions

The study seeks to investigate the damages caused by social engineering and phishing to business organizations. The aspect will be met through the research questions: What is the impact of social engineering and phishing on organizations? What are the techniques that are widely applied by hackers to enhance unauthorized access to sensitive organizational information? The questions' answers will be significant for enabling business organizations to tighten their cybersecurity systems and improve overall performance. Significantly, though the data obtained from the research questions, the organizations will understand the concepts of hacking effectively to prevent them from falling prey to hackers (Patel, 2020).

Methodology

The study will apply the survey technique on various organizations that enhance cybersecurity to enhance data effectiveness and reliability. The survey will take the form of open-ended questionnaires to the employees and the organizational leaders (Malik & Handa, 2016). The questionnaires' open-ended nature will be vital for collecting more data and information from the respondents (Weller & Johnson, 2018). The questionnaires are a useful tool as they ensure that the questions are typed in simple languages easily understood by the respondents (Yeong &Hamzah, 2018). Furthermore, the study will enhance the use of telephones to the respondents and the interviewing of the employees who have been direct victims of social engineering and phishing (Lavrakas & Keeter, 2017). The use of telephones will be crucial for the respondents who are busy or far from studying (Drabble & Korcha, 2016). The element will further reduce the costs that would be incurred in reaching out to them.

On the other hand, the interviews allow the respondents to provide more information, especially on their experiences, enhancing the validity of the research studies (Sheehan, 2018). The study will be conducted within two weeks to enhance the proper analysis of the obtained data. The study will apply practical analysis tools to ensure a reliable report.

Conclusion

Social engineering and phishing have been widely applied techniques by hackers to gain unauthorized access to sensitive data belonging to business organizations. The hackers have been using means such as baiting and pretexting, among others. The effect of the two elements on cybersecurity has been the loss of sensitive information to hackers, ransomware, and the drop in business organizations' performance.

References

Breda, F., Barbosa, H., & Morais, T. (2017, March). Social engineering and cybersecurity. In em Conference: International Technology, Education and Development Conference.

Conteh, N. Y., & Schmick, P. J. (2016). Cybersecurity: risks, vulnerabilities, and countermeasures to prevent social engineering attacks. International Journal of Advanced Computer Research, 6(23), 31. https://www.researchgate.net/profile/Nabie_Conteh/publication/294421084_Cybersecurityrisks_vulnerabilities_and_countermeasures_to_prevent_social_engineering_attacks/links/56e2733408aebc9edb19eebc.pdf

Drabble, L., Trocki, K. F., Salcedo, B., Walker, P. C., & Korcha, R. A. (2016). Conducting qualitative interviews by telephone: Lessons learned from studying alcohol use among sexual minority and heterosexual women. Qualitative Social Work, 15(1), 118-133. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4722874/

Fan, W., Lwakatare, K., & Rong, R. (2017). Social engineering: IE-based model of human weakness for attack and defense investigations. International Journal of Computer Network & Information Security, 9(1).

Gupta, S., Singhal, A., & Kapoor, A. (2016, April). A literature survey on social engineering attacks: Phishing attack. In 2016 international conference on computing, communication, and automation (ICCCA) (pp. 537-540). IEEE.

Hatfield, J. M. (2018). Social engineering in cybersecurity: The evolution of a concept. Computers & Security, 73, 102-113.

Humayun, M., Jhanjhi, N. Z., Alsayat, A., & Ponnusamy, V. (2020). Internet of things and ransomware: Evolution, mitigation, and prevention. Egyptian Informatics Journal. https://www.sciencedirect.com/science/article/pii/S1110866520301304

Kamal, B. A. (2018). Analysis of increasing hacking and cracking techniques. Scientific and practical cybersecurity journal. https://journal.scsa.ge/wp-content/uploads/2018/12/2-bilal-ahmad-kamal_analysis-of-increasing-hacking-and-cracking-techniques.pdf

Kamra, S., & Scott, J. (2019). Impact of Data Breaches to Organizations and Individuals. Available at SSRN 3510590.

Kshetri, N. (2017). Blockchain's roles in strengthening cybersecurity and protecting privacy. Telecommunications policy, 41(10), 1027-1038. https://fardapaper.ir/mohavaha/uploads/2018/12/Fardapaper-Blockchains-roles-in-strengthening-cybersecurity-and-protecting-privacy.pdf

Lavrakas, P. J., Benson, G., Blumberg, S., Buskirk, T., Cervantes, I. F., Christian, L., ... & Keeter, S. (2017). The Future of US General Population Telephone Survey Research. AAPOR Report.

Lohani, S. (2019). Social engineering: Hacking into humans. International Journal of Advanced Studies of Scientific Research, 4(1).

Iuga, C., Nurse, J. R., & Erola, A. (2016). Baiting the hook: factors impacting susceptibility to phishing attacks. Human-centric Computing and Information Sciences, 6(1), 8. https://link.springer.com/article/10.1186/s13673-016-0065-2

Malik, N., Dhar, R. L., & Handa, S. C. (2016). Authentic leadership and its impact on nursing staff's creativity: A cross-sectional survey of Indian nurses and their supervisors. International journal of nursing studies, 63, 28-36.

Mouton, F., Leenen, L., & Venter, H. S. (2016). Social engineering attack examples, templates, and scenarios. Computers & Security, 59, 186-209. https://researchspace.csir.co.za/dspace/bitstream/handle/10204/9185/Mouton_2016.pdf?sequence=1&isAllowed=y

Nadir, I., & Bakhshi, T. (2018, March). Contemporary cybercrime: A taxonomy of ransomware threats & mitigation techniques. In 2018 International Conference on Computing, Mathematics and Engineering Technologies (iCoMET) (pp. 1-7). IEEE. https://www.researchgate.net/profile/Ibrahim_Nadir/publication/322656267_Contemporary_Cybercrime_A_Taxonomy_of_Ransomware_Threats_Mitigation_Techniques/links/5c57f04ba6fdccd6b5e105b8/Contemporary-Cybercrime-A-Taxonomy-of-Ransomware-Threats-Mitigation-Techniques.pdf

Nugraha, M. A., Banglali, N. P., Abraham, J., Ali, M. M., & Andangsari, E. W. (2020). Insights on media literacy and social engineering vulnerability predictors: Lifelong learning gravity. Cypriot Journal of Educational Sciences, 15(5), 955-975. https://un-pub.eu/ojs/index.php/cjes/article/view/5124

Patel, N. (2020). Social Engineering As an Evolutionary Threat to Information Security in Healthcare Organizations. Jurnal Administrasi Kesehatan Indonesia, 8(1).

Priestman, W., Anstis, T., Sebire, I. G., Sridharan, S., & Sebire, N. J. (2019). Phishing is a healthcare organization: threats, mitigation, and approaches. BMJ health & care informatics, 26(1). https://discovery.ucl.ac.uk/id/eprint/10081355/1/e100031.full.pdf

Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. Future Internet, 11(4), 89.

Sen, R., Verma, A., & Heim, G. R. (2020). Impact of Cyberattacks by Malicious Hackers on the Competition in Software Markets. Journal of Management Information Systems, 37(1), 191-216