1 |
Awareness-Raising and Prevention Methods of Social Engineering for Businesses and IndividualsHarth, Dominik, Duernberger, Emanuel January 2022 (has links)
A system is only as secure as the weakest link in the chain. Humans are the binding link between IT (information technology) security and physical secu-rity. In general, the human is often considered as the weakest link in the chain, so social engineering attacks are used to manipulate or trick people to accom-plish the goal of bypassing security systems. Within this master thesis, we answer several research questions related to social engineering. Most im-portant is to find out why humans are considered as the weakest link and why existing guidelines are failing, as well as to achieve the goal of raising aware-ness and starting education at a young age. For this, we examine existing lit-erature on the subject and create experiments, an interview, a campaign eval-uation, and a survey. Our systematic work begins with an introduction, the methodology, a definition of social engineering and explanations of state-of-the-art social engineering methods. The theoretical part of this thesis also in-cludes ethical and psychological aspects and an evaluation of existing guide-lines with a review of why they are not successful.Furthermore, we continue with the practical part. An interview with a profes-sional security consultant focusing on social engineering from our collabora-tion company TÜV TRUST IT GmbH (TÜV AUSTRIA Group)1 is con-ducted. A significant part here deals with awareness-raising overall, espe-cially at a younger age. Additionally, the countermeasures against each dif-ferent social engineering method are analysed. Another practical part is the evaluation of existing social engineering campaigns2 from TÜV TRUST IT GmbH TÜV AUSTRIA Group to see how dangerous and effective social en-gineering has been in the past. From experience gained in this thesis, guide-lines on dealing with social engineering are discussed before the thesis is fi-nalized with results, the conclusion and possible future work.
|
Page generated in 0.0794 seconds