Научная статья на тему 'Social Engineering, Human Factor in Cybersecurity'

Social Engineering, Human Factor in Cybersecurity Текст научной статьи по специальности «Компьютерные и информационные науки»

CC BY
75
13
i Надоели баннеры? Вы всегда можете отключить рекламу.
Ключевые слова
Social engineering / phishing / cyberattacks / cybersecurity / user awareness / financial impact / IT sector / banking sector / Social engineering / phishing / cyberattacks / cybersecurity / user awareness / financial impact / IT sector / banking sector

Аннотация научной статьи по компьютерным и информационным наукам, автор научной работы — Muminov Kamolkhon Ziyodjon O’g’li

This article review analyzes social engineering methods used in cyberattacks from 2020 to 2022, highlighting a rise in incidents from 45% to 61% and attacks increasing from 38,000 to over 45,000. Phishing remains the most prevalent method, responsible for over 60% of attacks, especially in the IT and banking sectors. The financial damage from phishing in banking rose from $34,200 to $48,100 during this period. The study identifies gaps in user awareness and emphasizes the need for improved cyber defenses, combining technological solutions and user education to combat social engineering.

i Надоели баннеры? Вы всегда можете отключить рекламу.
iНе можете найти то, что вам нужно? Попробуйте сервис подбора литературы.
i Надоели баннеры? Вы всегда можете отключить рекламу.

Social Engineering, Human Factor in Cybersecurity

This article review analyzes social engineering methods used in cyberattacks from 2020 to 2022, highlighting a rise in incidents from 45% to 61% and attacks increasing from 38,000 to over 45,000. Phishing remains the most prevalent method, responsible for over 60% of attacks, especially in the IT and banking sectors. The financial damage from phishing in banking rose from $34,200 to $48,100 during this period. The study identifies gaps in user awareness and emphasizes the need for improved cyber defenses, combining technological solutions and user education to combat social engineering.

Текст научной работы на тему «Social Engineering, Human Factor in Cybersecurity»

Muhammad al-Xorazmiy nomidagi TATU Farg'ona filiali "Al-Farg'oniy avlodlari" elektron ilmiy jurnali ISSN 2181-4252 Tom: 1 | Son: 3 | 2024-yil

"Descendants of Al-Farghani" electronic scientific journal of Fergana branch of TATU named after Muhammad al-Khorazmi. ISSN 2181-4252 Vol: 1 | Iss: 3 | 2024 year

Электронный научный журнал "Потомки Аль-Фаргани" Ферганского филиала ТАТУ имени Мухаммада аль-Хоразми ISSN 2181-4252 Том: 1 | Выпуск: 3 | 2024 год

Social Engineering, Human Factor in Cybersecurity

I

Introduction. Social engineering has emerged as one of the most effective methods used by cybercriminals to exploit human vulnerabilities, bypassing traditional technical defenses in cybersecurity. This approach involves manipulating individuals to divulge confidential information or perform actions that compromise organizational security. In recent years, the prevalence of social engineering attacks has risen significantly, particularly through techniques like phishing, which remains a dominant method of attack. Between 2020 and 2022, cyberattacks involving social engineering surged, with incidents increasing from 45% to 61% of all attacks. This rise, combined with a notable growth in the number of attacks and the financial damage inflicted— especially in sectors like banking and IT—highlights the growing threat that social engineering poses. The financial sector has been especially affected, with losses from phishing in banking increasing from $34,200 in 2020 to $48,100 in 2022. This article aims to explore the key social engineering techniques, their impacts on different industries, and the need for comprehensive strategies that combine both technological defenses and human-factor interventions, such as user education and training, to

Muminov Kamolkhon Ziyodjon o'g'li,

Assistant-professor in Information security department in Tashkent university of information technologies named after Muhammad al-Khwarizmi

Fergana branch Kmominov6999@gmail .com

mitigate the rising risks. By examining statistical data and case studies, this work sheds light on the critical role of awareness and preparedness in defending against these sophisticated cyber threats.

Literature review. The study provided a comprehensive analysis of the main social engineering methods used by hackers to carry out cyberattacks, as well as an assessment of the scale of their use in 20202022 based on statistical data from leading cybersecurity companies. It was found that the share of incidents related to social engineering increased over the study period from 45% to 61%. In addition, there was an annual increase in the number of relevant cyberattacks from 38 thousand in 2020 to more than 45 thousand in 2022. It was found that phishing remains the leading method in terms of prevalence, accounting for more than 60% of all attacks, but the role of phishing is growing, especially in the IT sector. Statistics also confirmed an increase in the average damage from incidents involving social engineering, in particular for phishing in the banking sector, from $34.2 thousand in 2020 to $48.1 thousand in 2022. Thus, the results obtained indicate the effectiveness and stable growth of the use of social engineering by hackers, which determines the relevance of developing

149

Abstract. This article review analyzes social engineering methods used in cyberattacks from 2020 to 2022, highlighting a rise in incidents from 45% to 61% and attacks increasing from 38,000 to over 45,000. Phishing remains the most prevalent method, responsible for over 60% of attacks, especially in the IT and banking sectors. The financial damage from phishing in banking rose from $34,200 to $48,100 during this period. The study identifies gaps in user awareness and emphasizes the need for improved cyber defenses, combining technological solutions and user education to combat social engineering.

Keywords: Social engineering, phishing, cyberattacks, cybersecurity, user awareness, financial impact, IT sector, banking sector.

Muhammad al-Xorazmiy nomidagi TATU Farg'ona filiali "Al-Farg'oniy avlodlari" elektron ilmiy jurnali ISSN 2181-4252 Tom: 1 I Son: 3 | 2024-yil

"Descendants of Al-Farghani" electronic scientific journal of Fergana branch of TATU named after Muhammad al-Khorazmi. ISSN 2181-4252 Vol: 1 | Iss: 3 | 2024 year

Электронный научный журнал "Потомки Аль-Фаргани" Ферганского филиала ТАТУ имени Мухаммада аль-Хоразми ISSN 2181-4252 Том: 1 | Выпуск: 3 | 2024 год

comprehensive approaches to its neutralization, taking into account both technological and organizational aspects of cyber defense of organizations. [1]

Social engineering as a method of stealing confidential information is the management of people's actions without the use of technical means, based on the weaknesses of the human factor. In the financial and banking sector, this causes violations of information security that threaten business continuity and security. The relevance of the chosen topic is due to the inadequate level of training of clients in the field of using electronic financial services, which causes mass and individual thefts from accounts. Objectives. Study of the relationship between the actions of services that produce data. Analysis of the ways in which social engineering techniques influence the victim and optimal methods of counteracting this. Development of ways to improve cybersecurity in the context of active use of social engineering methods by fraudsters. Methodology. The work uses mathematical calculations and methods of system analysis of scientific literature in the field of theoretical and applied research. A pedagogical method of studying and generalizing the existing experience is applied. The cause-and-effect relationships "cyber fraudster -victim" are analyzed. Results. Specific examples of social engineering cybercrimes and ways to counter them are presented. The place of traditional education in reducing cybercrime is substantiated. Methods for improving human intellectual abilities, as well as organizational and legal methods aimed at counteracting social engineering methods, have been developed. The relationship between user awareness of social engineering methods and information security breaches has been characterized. Scope. The results of the study can be used by financial and educational organizations to substantiate the dependence of cybercrime on user literacy and to develop methods for improving abilities. Conclusions and significance. The value of this work and the novelty of the results obtained lie in the recommendations for improving the

level of education of DBO users in order to minimize the risks of cybersecurity breaches. [2]

The main methods of protection against social engineering and phishing, analyzing their advantages and disadvantages in the context of current cybersecurity threats. It examines technical and behavioral approaches to preventing attacks, including user training, authentication mechanisms, the use of antivirus software, and more. The author offers readers a deeper understanding of effective protection methods that can help prevent the serious consequences of social engineering and phishing in the modern world of digital technologies. [3]

Results. Study Overview: Social Engineering Cyberattacks (2020-2022)

This study analyzes the main social engineering methods used by hackers, alongside a statistical overview of their prevalence from 2020 to 2022. It evaluates incidents related to social engineering, showing a steady rise in their proportion and number. 1. Trends in Social Engineering Incidents

• Increase in incident share:

Incident share Growth = 61/ 45/ x 100 =

45%

35.56%

o Incident share grew from 45% to 61% over the period.

• Growth in the number of incidents:

/ncident growth fíate =

45,000 - 38,000

x 100

38,000

= 18.42%

o The number of attacks rose from 38,000 in 2020 to more than 45,000 in 2022.

150

Muhammad al-Xorazmiy nomidagi TATU Farg'ona filiali "Al-Farg'oniy avlodlari" elektron ilmiy jurnali ISSN 2181-4252 Tom: 1 | Son: 3 | 2024-yil

"Descendants of Al-Farghani" electronic scientific journal of Fergana branch of TATU named after Muhammad al-Khorazmi. ISSN 2181-4252 Vol: 1 | Iss: 3 | 2024 year

Электронный научный журнал "Потомки Аль-Фаргани" Ферганского филиала ТАТУ имени Мухаммада аль-Хоразми ISSN 2181-4252 Том: 1 | Выпуск: 3 | 2024 год

Figure 1. Bar graph representation of cybercrimes and losses reported in CANADA, from 2016 to 2020. The cybercrime and losses reported (in $) are based on cyber complaints to Canadian Anti-Fraud Center

2. Phishing as the Leading Social Engineering Method

• Phishing remains the leading method with over 60% prevalence.

• Formula for phishing prevalence: Phishing share

phishing attacks

total social engineering attacks

x 100

Figure 2. Different social engineering techniques used for cyber-attacks/threats during the COVID-19 pandemic shown in percentages of the attacks/threats.

3. Financial Impact of Social Engineering • Increase in average damages due to social engineering, especially phishing in the banking

sector:

Damage growth Rate =

48,100 - 34,200

x 100

34,200 = 40.64% Protection Methods and Countermeasures This section would provide comparative diagrams (such as a matrix or table) outlining the advantages and disadvantages of various social engineering protection methods, including:

1. User Training - Highlight the effectiveness of user education in reducing attack success rates.

2. Authentication Mechanisms - Assess how multi-factor authentication (MFA) can mitigate risks.

3. Antivirus & Anti-phishing Tools - Evaluation of these tools in preventing phishing and social engineering attacks.

Formula: Effectiveness of Cybersecurity Measures

Risk reduction Rate

Incidents without measure — Incidents with measu

Incidents without measure

Conclusion. The study confirms the growing threat posed by social engineering techniques, especially phishing, as a dominant method of attack in both the IT and banking sectors from 2020 to 2022. The substantial increase in the number and severity of incidents emphasizes the urgent need for organizations to adopt comprehensive cybersecurity strategies. These strategies should not only involve technological defenses like multi-factor authentication and anti-phishing software, but also focus on organizational measures such as user education and training programs.

Given the rising financial impact of phishing, particularly in the banking sector, the importance of enhancing user literacy and awareness is critical in reducing vulnerabilities to social engineering attacks. The study provides valuable insights into the effectiveness of pedagogical methods and the role of traditional education in improving cybersecurity awareness. The results underscore the necessity of a multi-faceted approach, combining both technological innovations and human factors, to mitigate the risks of cyberattacks and ensure business continuity in the face of growing social engineering threats.

List of references.

1. Мельников Артем Игоревич Социальная инженерия в цифровой эпохе: анализ методов манипуляции человеческим фактором в

151

Muhammad al-Xorazmiy nomidagi TATU Farg'ona filiali "Al-Farg'oniy avlodlari" elektron ilmiy jurnali ISSN 2181-4252 Tom: 1 | Son: 3 | 2024-yil

"Descendants of Al-Farghani" electronic scientific journal of Fergana branch of TATU named after Muhammad al-Khorazmi. ISSN 2181-4252 Vol: 1 | Iss: 3 | 2024 year

Электронный научный журнал "Потомки Аль-Фаргани" Ферганского филиала ТАТУ имени Мухаммада аль-Хоразми ISSN 2181-4252 Том: 1 | Выпуск: 3 | 2024 год

целях кибератак // Социально-гуманитарные знания. 2024. №1. URL:

https://cyberleninka.ru/article/n/sotsialnaya-inzheneriya-v-tsifrovoy-epohe-analiz-metodov-manipulyatsii-chelovecheskim-faktorom-v-tselyah-kiberatak (дата обращения: 23.09.2024).

2. Ревенков П.В., Бердюгин А.А. Социальная инженерия как источник рисков в условиях дистанционного банковского обслуживания // Национальные интересы: приоритеты и безопасность. 2017. №9 (354). URL: https://cyberleninka.ru/article/n/sotsialnaya-inzheneriya-kak-istochnik-riskov-v-usloviyah-distantsionnogo-bankovskogo-obsluzhivaniya (дата обращения: 23.09.2024).

3. Гордиенко В. В., Жданов Д. М. МЕТОДЫ ЗАЩИТЫ ОТ СОЦИАЛЬНОЙ ИНЖЕНЕРИИ И ФИШИНГА. ИХ ДОСТОИНСТВА И НЕДОСТАТКИ // Auditorium. 2024. №2 (42). URL: https://cyberleninka.ru/article/n/metody-zaschity-ot-sotsialnoy-inzhenerii-i-fishinga-ih-dostoinstva-i-nedostatki (дата обращения: 23.09.2024).

4. https://cyberleninka.ru/article/n/sotsialn aya-inzheneriya-v-tsifrovoy-epohe-analiz-metodov-manipulyatsii-chelovecheskim-faktorom-v-tselyah-kiberatak

5. https://cyberleninka.ru/article/n/sotsialn aya-inzheneriya-kak-istochnik-riskov-v-usloviyah-distantsionnogo-bankovskogo-obsluzhivaniya

6. https://cyberleninka.ru/article/n/metody -zaschity-ot-sotsialnoy-inzhenerii-i-fishinga-ih-dostoinstva-i-nedostatki

152

i Надоели баннеры? Вы всегда можете отключить рекламу.