A study and analysis of human behaviour influence on cybersecurity. a human behaviourist approach to mitigate social engineering attacks

Date
2023-12
Journal Title
Journal ISSN
Volume Title
Publisher
Stellenbosch : Stellenbosch University
Abstract
ENGLISH SUMMARY: Protecting intellectual property has become one of the biggest challenges organisations are facing. Information contains private and sensitive data about employees, customers and business dealings that is protected by cybersecurity systems. Oftentimes, these systems which have been developed to protect data, become attractive to thieves, called cybercriminals. Cybercriminals infiltrate information systems to view, steal, corrupt and cause malicious activity by exploiting the most vulnerable areas of the system. Most cybersecurity mitigation techniques focus on improving software, hardware or policies, but rarely focus on the common denominator in all these elements. People are known as the weakest link in any cybersecurity system because they fall prey to human error and external manipulation. Social engineering attacks encompass deceitful techniques which are used by cyberattackers to manipulate human beings into sharing sensitive data. Victims succumb to these attack types because they incorporate clever psychological techniques that trigger basic human needs. Research indicates that human beings have different psychological needs based on their personality types, which cyber offenders exploit by executing social engineering attacks. The purpose of this study is to research which personality type is more susceptible to social engineering attacks in order to better understand the cyber weaknesses present in each personality trait. This will be executed by determining the personality type of participants and how susceptible they are towards social engineering attacks. The first part of the survey makes use of the Five Factor Model (FFM), which has been created by Costa Jr. and McCrae (1990). The second section of the survey will present respondents with the ten known social engineering attack types that contain a combination of Cialdini’s six principles of persuasion. The taxonomy developed from the research results indicates that the agreeableness personality type is most susceptible towards social engineering attacks and pose the highest cybersecurity risk. Neuroticism was found to have the lowest social engineering susceptibility and associated cybersecurity risk. A framework has been created that showcases each personality type’s susceptibility towards the ten social engineering attacks. A second framework indicates the vulnerability level each personality type has towards the various principles of persuasion. This research will help cybersecurity experts better understand key vulnerabilities in system that will help offer better protection.
AFRIKAANSE OPSOMMING: Die beskerming van intellektuele eiendom het een van die grootste uitdagings geword wat organisasies in die gesig staar. Inligting bevat privaat en sensitiewe data oor werknemers, kliente en besigheidstransaksies wat deur kuberveiligheidstelsels beskerm word. Dikwels is hierdie stelsels, wat ontwikkel word om data te beskerm, aantreklik vir diewe wat kuberkriminele genoem word. Kubermisdadigers infiltreer inligtingstelsels om te sien, steel, korrupteer en kwaadwillige aktiwiteite te veroorsaak deur die mees kwesbare areas van die stelsel te ontgin. Meeste kubersekuriteit versagtingstegnieke fokus op die verbetering van sagteware, hardeware of beleide, maar fokus selde op die gemene deler in al hierdie elemente. Mense staan bekend as die swakste skakel in enige kuberveiligheidstelsel omdat hulle die prooi word van menslike foute en eksterne manipulasie. Sosiale ingenieursaanval sluit bedrieglike tegnieke in wat deur kuberaanvallers gebruik word om mense te manipuleer om sensitiewe data te deel. Slagoffers swig voor hierdie tipe aanvalle omdat hulle sielkundige tegnieke insluit wat basiese menslike behoeftes teiken. Navorsing dui daarop dat mense verskillende sielkundige behoeftes het op grond van hul persoonlikheidstipes, wat kuberoortreders uitbuit deur sosiale ingenieursaanvalle uit te voer. Die doel van hierdie studie is om te ondersoek watter persoonlikheidstipe meer vatbaar is vir sosiale ingenieursaanvalle sodat die kuberswakhede wat aanwesig is in elke persoonlikheidstipe beter verstaan kan word. Dit sal uitgevoer word deur die persoonlikheidstipe van deelnemers te bepaal en hoe vatbaar hulle is vir sosiale ingenieursaanvalle. Die eerste deel van die opname maak gebruik van die Vyf Faktor Model (FFM) wat geskep is deur Costa Jr. en McCrae (1990). Die tweede afdeling van die opname sal aan respondente tien verskillende bekende sosiale ingenieursaanvaltipes bied wat 'n kombinasie van Cialdini se ses beginsels van oorreding bevat. Die taksonomie wat afkomstig is van die navorsing resultate dui aan dat die aangename persoonlikheidstipe die meeste vatbaar is vir sosiale ingenieursaanvalle en die hoogste kuberveiligheidsrisiko inhou. Daar is gevind dat neurotisme die laagste maatskaplike ingenieurswese-vatbare en kuberveiligheidsrisiko daarmee geassosieer het. ’n Raamwerk is geskep wat elke persoonlikheidstipe se vatbaarheid vir die tien sosiale ingenieursaanvalle ten toon stel. Die tweede tipe raamwerk dui op die kwesbaarheidsvlak wat elke persoonlikheidstipe het teenoor die beginsels van oorreding. Hierdie navorsing sal kuberveiligheidskundiges help om sleutelkwesbaarhede in die stelsel beter te verstaan om beter beskerming te bied.
Description
Thesis (MA)--Stellenbosch University, 2023.
Keywords
Citation