EXAMINING THE SOCIAL ENGINEERING ATTACK VECTOR IN THE LINE OF DATA BREACH

Öz

The versatile use of information and communication technologies also diversifies data sources. The data produced by data sources must reach the relevant target source within the framework of confidentiality, integrity and accessibility. These data sources are protected by technical methods within the scope of information security. The increase in data sources creates information security problems by making protection with only technical methods insufficient. Malicious attackers target the security measures of users or organizations using advanced techniques and methods. One of the most effective methods of these attacks is social engineering attacks. Social engineering is an attack vector that attackers use to force or persuade people to obtain the requested information. The human vulnerabilities that arise in the success of social engineering attacks are fear, desire to help, carelessness and comfort zone. In this study, the contribution of data breaches to social engineering attacks and the contribution of social engineering to data breaches are investigated by analyzing current data breaches from both sides (breach source and data target). At the same time, security approaches are proposed within the scope of the implementation and damage effects of social engineering attacks.

Anahtar Kelimeler

• Attack Vectors
• Data Breaches
• Phishing Social engineering

Kaynakça

1. [1]. Acılar, A., & Baştuğ, A. (2016). Social Engineering: An Information Security Threat in Enterprises. Global Business Research Congress (GİAK-2016), Işık University, Şile, 26-27.
2. [2]. Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. Future Internet, 11(4), 89.
3. [3]. Hatfield, J. M. (2018). Social engineering in cybersecurity: The evolution of a concept. Computers & Security, 73, 102-113.
4. [4]. Wang, Z., Zhu, H., & Sun, L. (2021). Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities and attack methods. IEEE Access, 9, 11895-11910.
5. [5]. M. Z. Gündüz and R. Daş, (2016). Social Engineering: Common Attacks and Security Measures, 9th International Conference on Information Security and Cryptology, 2016.
6. [6]. Anıl Keskin, D. & Gözenman, S. (2019). Social Engineering in terms of Cheating Risk. TIDE AcademIA Research, 1 (2) , 281-306
7. [7]. Hatfield, J. M. (2018). Social engineering in cybersecurity: The evolution of a concept. Computers & Security, 73, 102-113.
8. [8]. Wang, Z., Sun, L., & Zhu, H. (2020). Defining social engineering in cybersecurity. IEEE Access, 8, 85094- 85115.

9. [9]. Breda, F., Barbosa, H., & Morais, T. (2017). Social engineering and cyber security. In INTED2017 Proceedings (pp. 4204-4211). IATED.
10. [10]. Yathiraju, N., Jakka, G., Parisa, S. K., & Oni, O. (2022). Cybersecurity Capabilities in Developing Nations and Its Impact on Global Security: A Survey of Social Engineering Attacks and Steps for Mitigation of These Attacks. In Cybersecurity Capabilities in Developing Nations and Its Impact on Global Security (pp. 110-132). IGI global.
11. [11]. Alsharif, M., Mishra, S., & AlShehri, M. (2022). Impact of Human Vulnerabilities on Cybersecurity. Comput. Syst. Sci. Eng., 40(3), 1153-1166.
12. [12]. Alkayem, N. F., Cao, M., Shen, L., Fu, R., & Šumarac, D. (2022). The combined social engineering particle swarm optimization for real-world engineering problems: A case study of model-based structural health monitoring. Applied Soft Computing, 123, 108919.
13. [13]. Ferreira, A., & Lenzini, G. (2015, July). An analysis of social engineering principles in effective phishing. In 2015 Workshop on Socio-Technical Aspects in Security and Trust (pp. 9-16). IEEE.
14. [14]. Deguara, N., Paracha, A., Arshad, J., & Azad, M. A. (2023, February). Threat Miner-A Text Analysis Engine for Threat Identification Using Dark Web Data. In 2022 IEEE International Conference on Big Data. IEEE.
15. [15]. Anti-Phishing Working Group, 2023, Access Date: 30.04.2023, Access Link: https://apwg.org/trendsreports/
16. [16]. [16]. Petsas, T., Tsirantonakis, G., Athanasopoulos, E., & Ioannidis, S. (2015, April). Two-factor authentication: is the world ready? Quantifying 2FA adoption. In Proceedings of the eighth european workshop on system security (pp. 1-7).
17. [17]. Brenner, J. (2007). ISO 27001 risk management and compliance. Risk management, 54(1), 24-29.
18. [18]. Bacudio, A. G., Yuan, X., Chu, B. T. B., & Jones, M. (2011). An overview of penetration testing. International Journal of Network Security & Its Applications, 3(6), 19.