Challenges of Implementing Training and Awareness Programs Targeting Cyber Security Social Engineering

摘要

Information security is one of the growing sources of concern that organizations are dealing with today. With increased levels of sophistication of social engineering threats, the exploits from such attacks are evolving. This study highlights some of the challenges that organizations encounter in the process of developing the human knowledge to fight against social engineering attacks. Despite state-of-the-art cyber security preparations and trained personnel, hackers are still successful in their malicious acts of stealing sensitive information that is crucial to organizations. This study further discusses the need for human resource departments to impose training requirements for new hires as part of onboarding processes. The factors influencing users' proficiency in the process of threat detection and mitigation have been identified as business environmental, social, political, constitutional, organizational, economical, and personal. Challenges with respect to both traditional and modern tools have been analyzed to suggest the need for profiling at-risk employees and developing training programs at each level of the hierarchy to ensure that the hackers do not succeed.