Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues

Abstract

The idea and perception of good cyber security protection remains at the forefront of many organizations’ information and communication technology strategy and investment. However, delving deeper into the details of its implementation reveals that organizations’ human capital cyber security knowledge bases are very low. In particular, the lack of social engineering awareness is a concern in the context of human cyber security risks. This study highlights pitfalls and ongoing issues that organizations encounter in the process of developing the human knowledge to protect from social engineering attacks. A detailed literature review is provided to support these arguments with analysis of contemporary approaches. The findings show that despite state-of-the-art cyber security preparations and trained personnel, hackers are still successful in their malicious acts of stealing sensitive information that is crucial to organizations. The factors influencing users’ proficiency in threat detection and mitigation have been identified as business environmental, social, political, constitutional, organizational, economical, and personal. Challenges with respect to both traditional and modern tools have been analyzed to suggest the need for profiling at-risk employees (including new hires) and developing training programs at each level of the hierarchy to ensure that the hackers do not succeed.