research-article

The status of information security systems in banking sector from social engineering perspective

Authors:

Rand Abu Hammour,

Yousef Al Gharaibeh,

Malik Qasaimeh,

Raad S. Al-QassasAuthors Info & Claims

DATA '19: Proceedings of the Second International Conference on Data Science, E-Learning and Information Systems

Article No.: 14, Pages 1 - 7

https://doi.org/10.1145/3368691.3368705

Published: 02 December 2019 Publication History

Editorial Notes

NOTICE OF CONCERN: ACM has received evidence that casts doubt on the integrity of the peer review process for the DATA 2019 Conference. As a result, ACM is issuing a Notice of Concern for all papers published and strongly suggests that the papers from this Conference not be cited in the literature until ACM's investigation has concluded and final decisions have been made regarding the integrity of the peer review process for this Conference.

Abstract

Social Engineering Attack has recently become a real threat affecting organizations, and 53.9% of such attacks target the banking sector. Successful attacks violate privacy by breaching sensitive data, and can cause huge financial loss for organizations and individuals, alongside reputational damage for firms. Although banks invest extensive resources in cyber security, with large budgets spent on securing their hardware and software, the human factor offers numerous weaknesses that can be easily exploited, and real and pertinent security challenges remain serious threats. This paper presents an information technology governance framework applied on a Jordanian bank to protect the system from social engineering attack. We worked on a case study that mainly focuses on phishing attack, which is considered one of the most common threats in banks, and the way staff will deal with it. The results show positive improvements in staff awareness and in avoiding such types of attacks, as well as a marked increase in reporting any suspicious activity noticed by employees.

References

[1]

S. Muslah Albladi and G. R. S. Weir, "A Conceptual Model to Predict Social Engineering Victims," 12th International Conference on Global Security, Safety and Sustainability (ICGS3), London, United Kingdom, 2019, pp. 212--212.

[2]

Anti-Phishing Working Group, APWG Phishing Attack Trends Report, 3Q, 2018.

[3]

Amir Mohammad Fathollahi-Fard, Mostafa Hajiaghaei-Keshteli, Reza Tavakkoli-Moghaddam, "The Social Engineering Optimizer (SEO)", Engineering Applications of Artificial Intelligence, Vol 72, 2018, pp.267--293.

Digital Library

[4]

C, Ajaegbu & Adesegun, Oreoluwa & Y.A., Adekunle & Oludele, Awodele. H. Wilcox and M. Bhattacharya, "A framework to mitigate social engineering through social media within the enterprise," 11th Industrial Electronics and Applications (ICIEA), Hefei, 2016, pp. 1039--1044.

[5]

Fatima Salahdine, Naima Kaabouch. "Social Engineering Attacks: A Survey", Future Internet, 11(4), 2019.

[6]

M. Junger, L. Montoya, F-J. Overink." Priming and Warnings Are Not Effective To Prevent Social Engineering Attacks". Computers in Human Behavior, Vol 66, 2017, pp. 75--87.

Digital Library

[7]

Maher Aburrous • M. A. Hossain • Keshav Dahal. "Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies", Cognitive Computation, 2(3), 2010, pp 242--253.

[8]

M. Bezuidenhout, F. Mouton and H. S. Venter, "Social engineering attack detection model: SEADM," 2010 Information Security for South Africa, Sandton, Johannesburg, 2010, pp. 1--8.

[9]

Matthew Edwards, Robert Larson, Benjamin Green, Awais Rashid, Alistair Baron. (2016). "Panning for gold: automatically analysing online social engineering attack surfaces", Computers & Security, vol 66, 2017, pp. 18--34.

[10]

Malik Qasaimeh, Raad S. Al-Qassas, Shadi Aljawarneh, "Recent Development in Smart Grid Authentication Approaches: A Systematic Literature Review", Cybernetics and Information Technologies, vol 19, no 1, 2019.

[11]

Macharia Kiama. "Social Engineering: Managing the Human Element of Information Security in the Organization", master thesis,. university of Nairobi, 2016.

[12]

S. Gupta, A. Singhal and A. Kapoor, "A literature survey on social engineering attacks: Phishing attack," 2016 International Conference on Computing, Communication and Automation (ICCCA), Noida, 2016, pp. 537--540.

[13]

V. Lyashenko, O. Kobylin and M. Minenko, "Tools for Investigating the Phishing Attacks Dynamics," International Scientific-Practical Conference Problems of Infocommunications. Science and Technology, Kharkiv, Ukraine, 2018, pp. 43--46.

[14]

C. Lekati, "Complexities in Investigating Cases of Social Engineering: How Reverse Engineering and Profiling can Assist in the Collection of Evidence," 11th International Conference on IT Security Incident Management & IT Forensics, Hamburg, 2018, pp. 107--109.

[15]

Mahmood Alsaadi, Malik Qasaimeh, Sara Tedmori, "HIPAA Security and Privacy Rules Auditing in Extreme Programming Environments", International Journal of Information Systems in the Service Sector, vol 9, no.1, 2017.

Digital Library

[16]

Central Bank of Jordan, Information and Technology Governance Regulations number, ISACA, (65/2016), 2016.

[17]

ScanWave Information Security Consultants Company, Phishing Statistics in Jordan and worldwide: http://www.scanwave.org/, last accessed: 03/06/19

Cited By

Althobaiti KAlsufyani N(2024)A review of organization-oriented phishing researchPeerJ Computer Science10.7717/peerj-cs.248710(e2487)Online publication date: 27-Nov-2024
https://doi.org/10.7717/peerj-cs.2487
Althobaiti KJenkins AVaniea K(2021)A Case Study of Phishing Incident Response in an Educational OrganizationProceedings of the ACM on Human-Computer Interaction10.1145/34760795:CSCW2(1-32)Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1145/3476079
Al Batayneh AQasaimeh MAl-Qassas R(2021)A Scoring System for Information Security Governance Framework Using Deep Learning Algorithms: A Case Study on the Banking SectorJournal of Data and Information Quality10.1145/341817213:2(1-34)Online publication date: 30-Jun-2021
https://dl.acm.org/doi/10.1145/3418172
Show More Cited By

Recommendations

Cyber Social Engineering Kill Chain
Science of Cyber Security
Abstract
Cyber attacks are often initiated with a social engineering attack to penetrate a network, which we call Cyber Social Engineering (CSE) attacks. Despite many studies, our understanding of CSE attacks is inadequate in explaining why these attacks ...
Overview of Social Engineering Attacks on Social Networks
Abstract
Social networks have become a trusted communication medium for both personal and professional communication. However, hackers regularly exploit the trust of the users of social networks for their own gain. This is often done by using phishing ...
Testing of network security systems through DoS, SQL injection, reverse TCP and social engineering attacks

Cyber-attacks are happening with an ever-increasing frequency with the goal of gaining access to sensitive information. These attacks can cause huge damage to all kinds of organisations. With web applications becoming a preferred target for attackers ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

DATA '19: Proceedings of the Second International Conference on Data Science, E-Learning and Information Systems

December 2019

376 pages

ISBN:9781450372848

DOI:10.1145/3368691

Conference Chair:
Imad Hoballah
AUD, UAE
,
Organizing Chair:
Hassan Zeineddine
AUD, UAE
,
Program Chairs:
Shadi A. Aljawarneh
JUST, Jordan
,
Juan. A. Lara
UDIMA, Spain

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 December 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

DATA'19

DATA'19: International Conference on Data Science, E-learning and Information Systems 2019, Sponsored by UAE ACM Chapter

December 2 - 5, 2019

Dubai, United Arab Emirates

Acceptance Rates

DATA '19 Paper Acceptance Rate 58 of 146 submissions, 40%;

Overall Acceptance Rate 74 of 167 submissions, 44%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
409
Total Downloads

Downloads (Last 12 months)43
Downloads (Last 6 weeks)4

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Althobaiti KAlsufyani N(2024)A review of organization-oriented phishing researchPeerJ Computer Science10.7717/peerj-cs.248710(e2487)Online publication date: 27-Nov-2024
https://doi.org/10.7717/peerj-cs.2487
Althobaiti KJenkins AVaniea K(2021)A Case Study of Phishing Incident Response in an Educational OrganizationProceedings of the ACM on Human-Computer Interaction10.1145/34760795:CSCW2(1-32)Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1145/3476079
Al Batayneh AQasaimeh MAl-Qassas R(2021)A Scoring System for Information Security Governance Framework Using Deep Learning Algorithms: A Case Study on the Banking SectorJournal of Data and Information Quality10.1145/341817213:2(1-34)Online publication date: 30-Jun-2021
https://dl.acm.org/doi/10.1145/3418172
Fuertes WArévalo DCastro JRon MEstrada CAndrade RPeña FBenavides E(2021)Impact of Social Engineering Attacks: A Literature ReviewDevelopments and Advances in Defense and Security10.1007/978-981-16-4884-7_3(25-35)Online publication date: 29-Oct-2021
https://doi.org/10.1007/978-981-16-4884-7_3

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents