While looking for other articles on the topic, I was trying to find those addressing the ways to deal with social engineering attacks as well as those that would go into detail about the techniques that are typically implemented by hackers. When I investigated the issue and the case study provided in the chapter “Social Engineering Attacks” of the book “Security+ Guide to Network Security Fundamentals”, I was surprised that exclusively individual techniques are emphasized in the description of the case. This psychological explanation creates a very vague notion of social engineering. That made me look for a more well-structured and logical explanation of it.
The article that I finally selected is called Dissecting Social Engineering. I got interested in the abstract and now I can state that this research fully lived up to its promise. In the book, there is a classification of social engineering attacks; however, such categorization does not provide a thorough analysis of the topic since underlying principles are simply described, without any further attempt to draw parallels or identify guiding principles (Ciampa 68-72). On the contrary, the article demonstrates a more well-structured and profound approach to the investigation of the problem. First, the authors reviewed 40 texts related to the issue to conclude that most scholars overemphasized the significance of individual techniques in social engineering attacks. The majority of cases cannot be explained by this factor (Tetri and Vuorinen 1014). That is why the researchers concentrated not on the techniques (well-described in several different textbooks) but rather on their functions, which makes this study more practically-oriented.
What appealed to me in this article is that the three dimensions of social engineering deduced by the authors (persuasion, fabrication, and data collection) allow understanding all aspects of such attacks instead of attributing the problem to the psychological traits of hackers and their victims (Tetri and Vuorinen 1021). This will make it possible for other researchers to grasp the diversity of the problem and further develop the categorization.
I also particularly liked the structure of the study since it features a visual representation of each step. The table provided sums up the problems that were addressed, theoretical frameworks applied for this purpose, and potential practical implementation of the results (Tetri and Vuorinen 1022). This gives a good insight into the approach and explains to the reader why multi-dimensionality is crucial for the research.
Another article on the same topic, which is called Advanced Social Engineering Attacks, can be contrasted to the one described above based on the approach to the problem selected by the researchers. While in the previous case the major focus was made on the internal principles of social engineering, this study is more concerned with the external factors that make it possible for new vectors of the problem to develop (Krombholz et al. 114). The taxonomy of attacks that the authors provide is particularly valuable in this research since it contains the most recent and advanced types of social engineering. The necessity to give such a detailed classification is well explained by the fact that in the modern technological environment, these attacks can lead to recurring threats.
All three sources devoted to social engineering seem useful to me since they highlight different aspects of the issue. Still, I believe that the first article (unlike the chapter in the book and the second research) is more informative and comprehensive. The researchers managed to find flaws in the existing approaches and account for them. Moreover, they arrived at a new framework that can be applied for case analysis, which is a significant achievement for any scholar.
Works Cited
Ciampa, M. Security+ Guide to Network Security Fundamentals. Cengage Learning, 2012.
Krombholz, Katharina, et al. “Advanced Social Engineering Attacks.” Journal of Information Security and Applications, vol. 22, no. 2015, pp. 113-122.
Tetri, Pekka, and Jukka Vuorinen. “Dissecting Social Engineering.” Behaviour & Information Technology, vol. 32, no. 10, 2013, pp. 1014-1023.