Understanding and Mitigating Social

Engineering Cyber-attacks: Methods,

Impacts, and Prevention Strategies
 2

Outline :
 Introduction  Problem Statements
 Research plan  Gantt chart
 Main objective  Research methodology
 Scope of research  Conclusion
 Previous Studies Summary  References
 Problem Background
 3

Introduction
Social engineering is a technique where attackers manipulate human
psychology and behaviors to gain unauthorized access to sensitive
information or systems. The increasing dependency on digital
infrastructure and the lack of user awareness about cyber threats
make social engineering attacks more effective and prevalent. This
research proposal aims to investigate the various methods and
impacts of social engineering cyber-attacks and develop effective
strategies to prevent and mitigate them
 4

Research plan
Literature Review Case study analysis Prevention Strategies
1 3 5

2 4 6

Data Collection Analysis Writing Report

 5

Main objective
The primary objective of this research is to develop an in depth
understanding of social engineering cyber-attacks, their methods,
impact, and strategies for prevention and mitigation, in order to
contribute to the development of effective countermeasures for
individuals, organizations, and governments.
.
 6

Scope of research

Types of social
engineering Target Attack
Countermeasure
attacks demographics vectors
 7

Previous Studies Summary

 A Literature Survey and Analysis on Social Engineering Defense Mechanisms
and InfoSec Policies

This paper presents a comprehensive literature survey and analysis of social

engineering defense mechanisms and information security (InfoSec) policies. The
study aims to understand the current state of research in this field, identify gaps in
knowledge, and provide a foundation for future work.[1]
 8

Cont..
 Contemporary Cyber Security Social Engineering Solutions, Measures,
Policies, Tools, and Applications: A Critical Appraisal
This paper presents a critical appraisal of contemporary cybersecurity solutions,
measures, policies, tools, and applications related to social engineering, aiming to
provide an overview of the current state of the art and to identify potential gaps and
areas for future research.
The authors review a range of technical and human-centric measures that can be
employed to mitigate social engineering threats. Technical measures include
intrusion detection systems, firewalls, and multi-factor authentication, while
human-centric approaches focus on security awareness training and the cultivation
of a strong security culture within organizations.[2]
 9

Cont..
 Defining Social Engineering in Cybersecurity
This paper focuses on defining social engineering in the context of cybersecurity
and aims to establish a clear and consistent understanding of the concept. The
authors emphasize that the lack of a universally accepted definition of social
engineering has led to confusion and miscommunication in the field, which can
hinder the development of effective countermeasures.[3]
 Does Awareness of Social Engineering Make Employees More Secure?
This paper investigates the relationship between employees' awareness of social
engineering and their security behaviors in the workplace. The study aims to
determine if increased awareness leads to more secure practices and a decreased
likelihood of falling victim to social engineering attacks. [4]
 10

Cont..
 Impact of Human Vulnerabilities on Cybersecurity:
This paper investigates the impact of human vulnerabilities on cybersecurity,
focusing on the cognitive and psychological factors that make individuals
susceptible to cyber threats, particularly social engineering attacks. The study aims
to provide insights into the role of human factors in cybersecurity and to inform the
development of more effective strategies for mitigating the risks associated with
these vulnerabilities.[5]
 Measuring Awareness of Social Engineering in the Educational Sector in the
Kingdom of Saudi Arabia:
This paper assesses the level of awareness of social engineering attacks among
individuals in the educational sector in the Kingdom of Saudi Arabia (KSA). The
study aims to understand the current state of cybersecurity awareness in this sector
and to inform the development of more effective security awareness training
programs.[6]
 11

Cont..
 Social Engineering Attacks Prevention: A Systematic Literature Review:
This paper presents a systematic literature review on the prevention of social
engineering attacks, aiming to provide a comprehensive understanding of the
current state of research and to identify gaps and opportunities for future work. The
study focuses on various aspects of social engineering prevention, including
technical measures, human factors, and organizational strategies.[7]
 12

Problem Background
The rise of social engineering attacks, which exploit human vulnerabilities, is attributed to
rapid technological advancements and increased reliance on digital communication.
Techniques like phishing, spear-phishing, pretexting, baiting, and tailgating exploit people's
trust and desire to help. While technical cybersecurity aspects are well-studied, the human
element is relatively under-explored, with a comprehensive analysis of social engineering
attacks lacking. Current prevention strategies often neglect technical countermeasures and
policy development. This research aims to provide an in-depth understanding of social
engineering cyber-attacks, their methods, impacts, and prevention strategies, focusing on
both human and technical factors, to help individuals, organizations, and governments defend
against these threats.
 13

Problem Statements
Social engineering cyber-attacks pose a significant and growing threat as they
exploit human psychology and trust to manipulate targets into revealing sensitive
information or granting unauthorized access. These attacks can result in financial
loss, reputational harm, and national security risks. Despite increased awareness,
these attacks continue to evolve, requiring a thorough understanding of their
methods, impact, and prevention strategies. This research aims to fill the
knowledge gap and develop effective countermeasures for individuals,
organizations, and governments.
 14

Gantt chart
 15

Research methodology
The research methodology for this study will involve a combination of qualitative and
quantitative data collection and analysis techniques. This approach will enable a
comprehensive examination of social engineering cyber-attacks and the development of
robust prevention strategies.
The methodology will be conducted in four stages:

1
3 Data Analysis:
Literature Review:

4 Prevention Strategies:
2 Data Collection:
 16

Conclusion
Social engineering cyber-attacks present a growing threat to
information security. This research aims to contribute to a better
understanding of the methods and impacts of social engineering attacks.
The findings can help inform the development of policies and practices to
prevent and mitigate these attacks.
 17

References
1. Alharthi, D., & Regan, A. C. (2021). A Literature Survey and Analysis on Social Engineering Defense Mechanisms and Infosec
Policies. International Journal of Network Security and Applications, 13(2), 41–61. https://doi.org/10.5121/ijnsa.2021.13204
2. Aldawood, H., & Skinner, G. (2019). Contemporary Cyber Security Social Engineering Solutions, Measures, Policies, Tools and Applications: A...
ResearchGate.
https://www.researchgate.net/publication/333531483_Contemporary_Cyber_Security_Social_Engineering_Solutions_Measures_Policies_Tools_an
d_Applications_A_Critical_Appraisal
3. Z. Wang, L. Sun and H. Zhu, "Defining Social Engineering in Cybersecurity," in IEEE Access, vol. 8, pp. 85094-85115, 2020,
doi:10.1109/ACCESS.2020.2992807.
4. Aldawood, H., Alashoor, T., & Skinner, G. (2020). Does Awareness of Social Engineering Make Employees More Secure? International Journal of
Computer Applications. https://doi.org/10.5120/ijca2020919891
5. Alsharif, M. G., Mishra, S., & Alshehri, M. (2022). Impact of Human Vulnerabilities on Cybersecurity. Computer Systems Science and Engineering,
40(3), 1153–1166. https://doi.org/10.32604/csse.2022.019938
6. Alsulami, M. H., Alharbi, F., Almutairi, H., Almutairi, B. a. A., Alotaibi, M. B., Alanzi, M. E., Alotaibi, K. D., & Al-Harthi, S. E. (2021). Measuring
Awareness of Social Engineering in the Educational Sector in the Kingdom of Saudi Arabia. Information, 12(5), 208.
https://doi.org/10.3390/info12050208
7. W. Syafitri, Z. Shukur, U. A. Mokhtar, R. Sulaiman and M. A. Ibrahim, "Social Engineering Attacks Prevention: A Systematic Literature Review,"
in IEEE Access, vol. 10, pp. 39325-39343, 2022, doi:10.1109/ACCESS.2022.3162594.
8. Montañez, R., Golob, E. J., & Xu, S. (2020). Human Cognition Through the Lens of Social Engineering Cyberattacks. Frontiers in Psychology, 11.
https://doi.org/10.3389/fpsyg.2020.01755
9. AlZain, M. A., Masud, M., Al-Amri, J., & Alqurashi, R. K. (2020). Cyber Attacks and Impacts A Case Study in Saudi Arabia. ResearchGate.
https://www.researchgate.net/publication/341113435_Cyber_Attacks_and_Impacts_A_Case_Study_in_Saudi_Arabia
10.Almutairi, B. S., & Alghamdi, A. (2022). The Role of Social Engineering in Cybersecurity and Its Impact. Journal of Information Security, 13(04),
363–379. https://doi.org/10.4236/jis.2022.134020
 18

Thanks!
Any questions?
Afnan alruwaili. 443306351
Ahood alshahrani. 443306365
Samira alshehri 443306356

Supervisor by: Dr. yahya ali