Evaluating the Information Security Awareness of Smartphone Users

06/24/2019
by   Ron Bitton, et al.
0

Information security awareness (ISA) is a practice focused on the set of skills, which help a user successfully mitigate a social engineering attack. Previous studies have presented various methods for evaluating the ISA of both PC and mobile users. These methods rely primarily on subjective data sources such as interviews, surveys, and questionnaires that are influenced by human interpretation and sincerity. Furthermore, previous methods for evaluating ISA did not address the differences between classes of social engineering attacks. In this paper, we present a novel framework designed for evaluating the ISA of smartphone users to specific social engineering attack classes. In addition to questionnaires, the proposed framework utilizes objective data sources: a mobile agent and a network traffic monitor; both of which are used to analyze the actual behavior of users. We empirically evaluated the ISA scores assessed from the three data sources (namely, the questionnaires, mobile agent, and network traffic monitor) by conducting a long-term user study involving 162 smartphone users. All participants were exposed to four different security challenges that resemble real-life social engineering attacks. These challenges were used to assess the ability of the proposed framework to derive a relevant ISA score. The results of our experiment show that: (1) the self-reported behavior of the users differs significantly from their actual behavior; and (2) ISA scores derived from data collected by the mobile agent or the network traffic monitor are highly correlated with the users' success in mitigating social engineering attacks.

READ FULL TEXT

page 1

page 11

page 12

page 13

page 14

page 15

research
03/02/2022

Mobile device users' susceptibility to phishing attacks

The mobile device is one of the fasted growing technologies that is wide...
research
12/07/2022

How Cyber Criminal Use Social Engineering To Target Organizations

Social engineering is described as the art of manipulation. Cybercrimina...
research
11/14/2022

An Empirical Study on Secure Usage of Mobile Health Apps: The Attack Simulation Approach

Mobile applications, mobile apps for short, have proven their usefulness...
research
08/29/2023

TASEP: A Collaborative Social Engineering Tabletop Role-Playing Game to Prevent Successful Social Engineering Attacks

Data breaches resulting from targeted attacks against organizations, e.g...
research
12/28/2022

Emerging Mobile Phone-based Social Engineering Cyberattacks in the Zambian ICT Sector

The number of registered SIM cards and active mobile phone subscribers i...
research
04/02/2019

Method of Counteraction in Social Engineering on Information Activity Objectives

The article presents a study using attacks such as a fake access point a...
research
01/24/2018

Exposing Vulnerabilities in Mobile Networks: A Mobile Data Consumption Attack

Smartphone carrier companies rely on mobile networks for keeping an accu...

Please sign up or login with your details

Forgot password? Click here to reset