Cybersecurity Governance on Social Engineering Awareness

Introduction

Security threats, when users surf the internet is growing exponentially. Vulnerabilities that are present in the internet can be exploited by skilled hackers or performing well-crafted social engineering techniques. Breach in cyber security has had massive repercussions in the past in terms of business, liability, reputation staining, customer confidence and productivity (Bradshaw, 2015). Such catastrophic consequences have led to governments and corporations to invest in many resources to build a secured cyberspace thus protecting themselves as well as their users. In terms of social engineering, these resources in training has to be poured unto the employees of the organization especially key personnel as they may poses some vital information of an organization. Leaking of such information can be detrimental for the particular organization in question. Therefore, people with such sensitive information, has to be well versed of the risks they may be of being victims of social engineering as well as other cyber threats. Understanding these risks and knowing how to protect themselves from such scenarios may save an organization secrets. Orhan Sari and Karyda (2017) found that in the first half of 2018, over more than 4.5 billion of records have been breached. Based on Figure 1, most of the breaches (about 56%) occurs in the social media platforms due to the overwhelming usage and also the sophistication of social media attacks. So Orhan Sari and Karyda (2017) stated that these data breaches mostly happen due to human factor and lack of security practices. In addition to that, employees should possess a distinct and clear mind set in order to be able to distinguish potential threats from legitimate contents and their source of originality (Karyda, 2017). Immature perception of employees may lead to massive breaches within the organization (Karlsson et al.,2013). It has to be said that despite stern efforts up to this point, it is quite eminent that knowledge on cyber security still lacks competence. That is the reason why basic security breaches using simple social engineering techniques are still happening to this very date. Adequate knowledge regarding this problem would have seen some improvements of late. However, evidence collected up to this point suggests otherwise. All these factors reflect on how important it is to foster cybersecurity governance in organizations and on social engineering threats.

Figure 1.

Number of records breached by industry first half of 2018

source: Karyda (2017)