dc.description.abstract | It is estimated that 98 % of all cyberattacks include some form of social engineering (Rebeca,
2023). The continued relentless cyber-related threats to organizations are ever-growing and
important to address to mitigate the risks of being attacked. Social media platforms could
be considered as the perfect hunting ground for social engineers to scour user profiles for
personal and exploitable information to either deceive users directly or use this information
to plan for a future attack.
This research focuses on the role of social media in social engineering attacks, more specifically
how social engineering can be mitigated from three perspectives: 1) Technical measures
that the social media platforms are responsible for implementing, 2) User-related responsibilities,
3) How organizations could facilitate the education and awareness training of their
employees on the use of social media.
With this research being deductive-based, a systematic literature review (SLR) was conducted
to build a foundation of literature of the relevant topics. For the empirical data
collection, ten respondents from various international organizations were interviewed, including
professionals and researchers in the field of cybersecurity and communication. The
interviews were conducted with a semi-structured format. The Cybersecurity Culture Framework
from (Gioulekas et al., 2022) was adopted throughout this master thesis, with it also
being the foundation for the data analysis. As a result of the empirical findings and the
Cybersecurity Culture Framework, it has emerged an inductive conceptual framework with
new concepts.
Combining the results from both the literature review and the empirical findings, it is apparent
that there are several measures, in all three perspectives, that are viable. From the platform
and technical perspective, the use of some form of unique identification to remedy the
risks of fake accounts and fraud, in addition to the use of AI to predict and prevent potential
social engineering attacks is advised. Both from the individual- and organizational aspect,
the common denominators are the high focus of training and awareness, both privately and
professionally. This includes that users of social media have to familiarize themselves with
the terms of use, and realize the consequences of sharing content and information on such
platforms. | |