Cultural Observations on Social Engineering Victims
By Dr. Char Sample, Steve Hutchinson, Dr. Andre Karamanian, Professor Carsten Maple
Social engineering is becoming a scary word for computer users as it takes advantage of human nature and manipulates people for the purpose of gaining access into their computer systems. The gist of social engineering is not all about technology but more about psychology. Social engineers are people seeking access to sensitive areas from an organization mostly for financial gains. They are skilled professionals who have honed their abilities at acting, persuasion, coercion, and manipulation. Of course, they also understand the culture difference of their potential victims.
The researchers of this paper studied data from four years of defacement victims, to understand importance of national culture in social engineering. The major findings showed strongest results with the victims appearing to be more individualist than the non-victims. One of the indicators in this study was Power Distance Index (PDI) which measures the tolerance of societal members to unequal treatment of members both in and out of societal group. Countries with low PDI scores are typically egalitarian e.g. Austria and Israel; the high PDI countries tend to be authoritarian e.g. Malaysia.
The low PDI finding coupled with the individualism findings suggest that countries where rules have strong adherence i.e. asking for permission are less prone to be victims of social engineering than people from countries that are more flexible, empowered.
If your teammates are more open to discussion, they might share with you what they have encountered or might even ask for guidance. In this case, the information about a potential hack is likely to expose to other teammates and therefore everyone might be more alert of a potential phishing.
Social engineering attacks will continue to target any business and it will grow more sophisticated in years to come. The only way to thwart them is through ongoing cybersecurity awareness training and by encouraging shared information among the peers.
Further study on this research paper, please click here.
Anti-Phishing Outlook/O365 Addin