Analyzing Influential Psychological Factors in Social Engineering; Human Psyche and Cybersecurity
DOI:
https://doi.org/10.59388/pm00374Keywords:
cybersecurity, human psyche, social engineeringAbstract
To delve into the intricate relationship between cybersecurity and human psychology, this article centers its focus on the psychological aspects of social engineering. Understanding these elements is pivotal, and the analysis explores themes directly relevant to social engineering. While the review refrains from delving into specific real-world instances, it consistently emphasizes the consequences of overlooking psychological dimensions. Furthermore, it advocates for the integration of psychological instruction into cybersecurity training to enhance overall preparedness.References
Aggarwal, P., Moisan, F., Gonzalez, C., & Dutt, V. (2018). Understanding cyber situational awareness in a cyber security game involving recommendations. International Journal on Cyber Situational Awareness(3 (1)), 29 p.
Allen, N. J., & Meyer, J. P. (1990). The measurement and antecedents of affective, continuance and normative commitment to the organization. Journal of occupational psychology, 63(1), 1-18.
Asch, S. E. (1946). Forming impressions of personality. The journal of abnormal and social psychology, 41(3), 258.
Atwell, C., Blasi, T., & Hayajneh, T. (2016). Reverse TCP and social engineering attacks in the era of big data. 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS),
Barford, P., Dacier, M., Dietterich, T. G., Fredrikson, M., Giffin, J., Jajodia, S., Jha, S., Li, J., Liu, P., & Ning, P. (2010). Cyber SA: Situational awareness for cyber defense. Cyber Situational Awareness: Issues and Research, 3-13.
Beck, K., & Wilson, C. (2000). Development of affective organizational commitment: A cross-sequential examination of change with tenure. Journal of vocational behavior, 56(1), 114-136.
Bergman, M. E. (2006). The relationship between affective and normative commitment: review and research agenda. Journal of Organizational Behavior: The International Journal of Industrial, Occupational and Organizational Psychology and Behavior, 27(5), 645-663.
Bowen, B. M., Devarajan, R., & Stolfo, S. (2011). Measuring the human factor of cyber security. 2011 IEEE International Conference on Technologies for Homeland Security (HST),
Breda, F., Barbosa, H., & Morais, T. (2017). Social engineering and cyber security. INTED2017 Proceedings,
Budzak, D. (2016). Information security–The people issue. Business Information Review, 33(2), 85-89.
Bullée, J. W. H., Montoya, L., Pieters, W., Junger, M., & Hartel, P. (2018). On the anatomy of social engineering attacks—A literature‐based dissection of successful attacks. Journal of investigative psychology and offender profiling,15(1), 20-45.
Cacioppo, J. T., Petty, R. E., Kao, C. F., & Rodriguez, R. (1986). Central and peripheral routes to persuasion: An individual difference perspective. Journal of personality and social psychology, 51(5), 1032.
Casciaro, T., & Lobo, M. S. (2005). Competent jerks, lovable fools, and the formation of social networks. Harvard business review, 83(6), 92-99.
Chargo, M. A. (2018). You've Been Hacked: How to Better Incentivize Corporations to Protect Consumers' Data. Transactions: Tenn. J. Bus. L., 20, 115.
Cialdini, R. B. (2009). Influence: Science and practice (Vol. 4). Pearson education Boston, MA.
Cialdini, R. B., & Cialdini, R. B. (2007). Influence: The psychology of persuasion (Vol. 55). Collins New York.
Cialdini, R. B., & Goldstein, N. J. (2004). Social influence: Compliance and conformity. Annu. Rev. Psychol., 55, 591-621.
Dotterweich, D. P., & Collins, K. S. (2006). The practicality of Super Bowl advertising for new products and companies. Journal of Promotion Management, 11(4), 19-31.
Festinger, L., & Carlsmith, J. M. (1959). Cognitive consequences of forced compliance. The journal of abnormal and social psychology, 58(2), 203.
Fraunholz, D., Anton, S. D., Lipps, C., Reti, D., Krohmer, D., Pohl, F., Tammen, M., & Schotten, H. D. (2018). Demystifying deception technology: A survey. arXiv preprint arXiv:1804.06196.
Gendall, P. (2005). Can you judge a questionnaire by its cover? The effect of questionnaire cover design on mail survey response. International journal of public opinion research, 17(3), 346-361.
Gouldner, A. W. (1960). The norm of reciprocity: A preliminary statement. American sociological review, 161-178.
Guadagno, R. E., & Cialdini, R. B. (2002). Online persuasion: An examination of gender differences in computer-mediated interpersonal influence. Group dynamics: Theory, research, and practice, 6(1), 38.
Gutzwiller, R. S., Fugate, S., Sawyer, B. D., & Hancock, P. (2015). The human factors of cyber network defense. Proceedings of the human factors and ergonomics society annual meeting,
Happ, C., Melzer, A., & Steffgen, G. (2016). Trick with treat–Reciprocity increases the willingness to communicate personal data. Computers in Human Behavior, 61, 372-377.
Harkins, M. (2016). The cause is also the cure. People & Strategy, 39(1), 7-9.
Kearney, W. D., & Kruger, H. A. (2016). Can perceptual differences account for enigmatic information security behaviour in an organisation? Computers & Security, 61, 46-58.
King, Z. M., Henshel, D. S., Flora, L., Cains, M. G., Hoffman, B., & Sample, C. (2018). Characterizing and measuring maliciousness for cybersecurity risk assessment. Frontiers in psychology, 9, 39.
Knott, B. A., Mancuso, V. F., Bennett, K., Finomore, V., McNeese, M., McKneely, J. A., & Beecher, M. (2013). Human factors in cyber warfare: Alternative perspectives. Proceedings of the Human Factors and Ergonomics Society Annual Meeting,
Komatsu, A., Takagi, D., & Takemura, T. (2013). Human aspects of information security: An empirical study of intentional versus actual behavior. Information Management & Computer Security, 21(1), 5-15.
Libicki, M. (2018). Could the issue of DPRK hacking benefit from benign neglect? Georgetown Journal of International Affairs, 19, 83-89.
Mahmood, T., & Afzal, U. (2013). Security analytics: Big data analytics for cybersecurity: A review of trends, techniques and tools. 2013 2nd national conference on Information assurance (ncia),
McCaul, H. S., Hinsz, V. B., & McCaul, K. D. (1995). Assessing organizational commitment: An employee's global attitude toward the organization. The Journal of applied behavioral science, 31(1), 80-90.
Melamed, Y., Szor, H., Barak, Y., & Elizur, A. (1998). Hoarding-What does it mean? Comprehensive psychiatry, 39(6), 400-402.
Milgram, S., & Gudehus, C. (1978). Obedience to authority. In: Ziff-Davis Publishing Company New York, NY.
Mitnick, K. D., & Simon, W. L. (2003). The art of deception: Controlling the human element of security. John Wiley & Sons.
Muscanell, N. L., Guadagno, R. E., & Murphy, S. (2014). Weapons of influence misused: A social influence analysis of why people fall prey to internet scams. Social and Personality Psychology Compass, 8(7), 388-396.
Nobles, C. (2018). Botching human factors in cybersecurity in business organizations. HOLISTICA–Journal of Business and Public Administration, 9(3), 71-88.
Pavković, N., & Perkov, L. (2011). Social Engineering Toolkit—A systematic approach to social engineering. 2011 Proceedings of the 34th International Convention MIPRO,
Pelaprat, E., & Brown, B. (2012). Reciprocity: Understanding online social relations. First Monday.
Putnam, R. D. (2000). Bowling alone: The collapse and revival of American community. Simon and schuster.
Rutte, C. G., Wilke, H. A., & Messick, D. M. (1987). Scarcity or abundance caused by people or the environment as determinants of behavior in the resource dilemma. Journal of Experimental Social Psychology, 23(3), 208-216.
Sadkhan, S. B. (2019). Cognition and the future of information security. 2019 International Conference on Advanced Science and Engineering (ICOASE),
Sagie, A. (1998). Employee absenteeism, organizational commitment, and job satisfaction: Another look. Journal of vocational behavior, 52(2), 156-171.
Siddiqi, M. A., Pak, W., & Siddiqi, M. A. (2022). A study on the psychology of social engineering-based cyberattacks and existing countermeasures. Applied Sciences, 12(12), 6042.
Taylor-Jackson, J., McAlaney, J., Foster, J. L., Bello, A., Maurushat, A., & Dale, J. (2020). Incorporating psychology into cyber security education: a pedagogical approach. Financial Cryptography and Data Security: FC 2020 International Workshops, AsiaUSEC, CoDeFi, VOTING, and WTSC, Kota Kinabalu, Malaysia, February 14, 2020, Revised Selected Papers 24,
Theoharidou, M., Kokolakis, S., Karyda, M., & Kiountouzis, E. (2005). The insider threat to information systems and the effectiveness of ISO17799. Computers & Security, 24(6), 472-484.
Thompson, P. (2004). Cognitive hacking and intelligence and security informatics. Enabling Technologies for Simulation Science VIII,
Weatherly, J. N., Miller, K., & McDonald, T. (1999). Social influence as stimulus control. Behavior and Social Issues, 9, 25-45.
