The Role of Social Media in Social Engineering Attacks: A Qualitative Study on Technical-, Individual-, and Organizational Measures to Mitigate Social Engineering Attacks in Social Media
Master thesis
Permanent lenke
https://hdl.handle.net/11250/3146835Utgivelsesdato
2024Metadata
Vis full innførselSamlinger
Sammendrag
It is estimated that 98 % of all cyberattacks include some form of social engineering (Rebeca,2023). The continued relentless cyber-related threats to organizations are ever-growing andimportant to address to mitigate the risks of being attacked. Social media platforms couldbe considered as the perfect hunting ground for social engineers to scour user profiles forpersonal and exploitable information to either deceive users directly or use this informationto plan for a future attack.
This research focuses on the role of social media in social engineering attacks, more specificallyhow social engineering can be mitigated from three perspectives: 1) Technical measuresthat the social media platforms are responsible for implementing, 2) User-related responsibilities,3) How organizations could facilitate the education and awareness training of theiremployees on the use of social media.
With this research being deductive-based, a systematic literature review (SLR) was conductedto build a foundation of literature of the relevant topics. For the empirical datacollection, ten respondents from various international organizations were interviewed, includingprofessionals and researchers in the field of cybersecurity and communication. Theinterviews were conducted with a semi-structured format. The Cybersecurity Culture Frameworkfrom (Gioulekas et al., 2022) was adopted throughout this master thesis, with it alsobeing the foundation for the data analysis. As a result of the empirical findings and theCybersecurity Culture Framework, it has emerged an inductive conceptual framework withnew concepts.
Combining the results from both the literature review and the empirical findings, it is apparentthat there are several measures, in all three perspectives, that are viable. From the platformand technical perspective, the use of some form of unique identification to remedy therisks of fake accounts and fraud, in addition to the use of AI to predict and prevent potentialsocial engineering attacks is advised. Both from the individual- and organizational aspect,the common denominators are the high focus of training and awareness, both privately andprofessionally. This includes that users of social media have to familiarize themselves withthe terms of use, and realize the consequences of sharing content and information on suchplatforms.