Counteraction to methods of social engineering as one of the areas of information protection of organizations with varying degrees of state participation

Elena A. Ostanina

doi:10.34069/AI/2021.38.02.11

Elena A. Ostanina Moscow Aviation Institute (National Research University), Moscow, Russia. https://orcid.org/0000-0001-8559-5362

DOI: https://doi.org/10.34069/AI/2021.38.02.11

Keywords: distance learning of staff, information security, countermeasures, social engineering, security threat.

Abstract

The relevance of this topic is due to the constant improvement of technical means of transmission and processing of information, as well as the creation of new technologies for its processing and storage. At the same time, the growth in the value of information as a resource in the modern world and the transition to electronic document management in the activities of organizations is accompanied by the emergence of new methods of illegal access. The purpose of this study is to analyze the most relevant methods of influence and create a training program for staff that would minimize the risks associated with illegal access to information of organizations. The paper presents and analyzes data characterizing the share of the impact of social engineering methods on individuals and legal entities. The study has confirmed that the most effective way to protect against social engineering is to train workers. It is advisable to organize the process periodically in a distance format, adapting the program to the position occupied by the employee. Training, in addition to theoretical lessons on the study of methods of protection, should contain active methods, discussions on the analysis of current information security incidents and solution of case studies.

Downloads

Download data is not yet available.

Author Biography

Elena A. Ostanina, Moscow Aviation Institute (National Research University), Moscow, Russia.

PhD in Pedagogical Sciences, Associate Professor, Moscow Aviation Institute (National Research University), Moscow, Russia.

References

Abass, I. A. M. (2018). Social engineering threat and defense: a literature survey. Journal of Information Security, 9 (04), 257.

Albladi, S. M., & Weir, G. R. (2018). User characteristics that influence judgment of social engineering attacks in social networks. Human-centric Computing and Information Sciences, 8 (1), 1-24.

Algarni, A., Xu, Y., & Chan, T. (2017). An empirical study on the susceptibility to social engineering in social networking sites: the case of Facebook. European Journal of Information Systems, 26(6), 661-687.

Alizar, A. (2019). Social engineering in Russia is more effective than in other countries. Habr. Retrieved March 04, 2021, from https://habr.com/ru/news/t/459278/

Central Bank of Russia (2020). Review of the reporting of information security incidents during the transfer of funds for the 1st and 2nd quarters of 2019 - 2020. Retrieved March 04, 2021, from https://cbr.ru/analytics/ib/review_1q_2q_2020/

Gridin, A. (2010). A brief introduction to social engineering. Habr. Retrieved March 04, 2021, from https://habr.com/ru/post/83415/

ITGLOBAL.COM. (2021). Information security in 2021. Threats, industry trends. Habr. Retrieved March 04, 2021, from https://habr.com/ru/company/itglobalcom/blog/540748/

Karpenko, L. A., Petrovsky, A. V., & Yaroshevsky M. G. (1998) A Brief Psychological Dictionary. Rostov-on-Don: Phoenix. Retrieved March 30, 2021, from http://lib.mgppu.ru/OpacUnicode/app/webroot/index.php?url=/notices/index/IdNotice:12641

Kodeks (2006) State Standart GOST R 50922-2006. Information security. Basic terms and definitions. Standardinform, Moscow, Russian Federation, February 01, 2008. http://docs.cntd.ru/document/gost-r-50922-2006

Kodeks (2008) State Standart GOST R 53114-2008. Information protection. Ensuring information security in the organization. Basic terms and definitions. Standardinform, Moscow, Russian Federation, October 01, 2009. https://internet-law.ru/gosts/gost/48411/

Koyun, A., & Al Janabi, E. (2017). Social engineering attacks. Journal of Multidisciplinary Engineering Science and Technology, 4(6), 7533-7538.

Kuznetsov, M. V., & Simdyanov, I. V. (2007). Social Engineering and Social Hackers. St. Petersburg: BHV-Petersburg.

Mitnick, K. D., & Simon, W. L. (2003). The art of deception: Controlling the human element of security. New York: John Wiley & Sons.

Ostanina, E. A. (2019). Information security in the implementation of the BYOD concept. Human capital, 12(132), 131-141.

Positive Technologies (2019). Research by Positive Technologies. Topical cyber threats Q2 2019. Retrieved March 04, 2021, from https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2019-q2/

Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: a survey. Future Internet, 11(4), 89.

Securitylab.ru (2020). Social Engineering Attacks Increase 147% in 2020. Retrieved March 04, 2021, from https://www.securitylab.ru/news/515178.php

Siadati, H., Nguyen, T., Gupta, P., Jacobsson, M., & Memo, N. (2017). Monitor Your SMS: Mitigating Social Engineering with Second Factor Authentication. Computers and security, 65, 14-28.

Sorenson, J. (2019). Toward a pragmatic and social engineering ethics. Paladyn, Journal of Behavioral Robotics, 10 (1), 207-218.

Tadviser (2020). Social engineering. Retrieved March 04, 2021, from https://www.tadviser.ru/a/521580