The Human Element of Cybersecurity : A Literature Review of Social Engineering Attacks and Countermeasures

Abstract: Social engineering attacks pose an escalating threat to organizations. This thesis conducted a semi-comprehensive literature review using the PRISMA method to address common attack methods, reducing susceptibility among employees, and the need for awareness training. Findings highlight severe consequences, exemplified by Yahoo and Sony data breaches. Phishing and spear-phishing are prevalent attack methods, exploiting the human element and bypassing high-techsecurity systems. To mitigate risks, organizations should adopt a multi-layered approach, combining technological solutions with employee awareness training. By enhancing employees' ability to identify and respond to social engineering attempts, susceptibility to attacks can be significantly reduced. Ongoing research and updated defense strategies are crucial to countering evolving attack vectors. The study emphasizes the collective responsibility in cybersecurity, combining technical and non-technical measures effectively. This thesis contributes to knowledge by providing insights into attack methods, countermeasures, and the importance of employee awareness training. The rigorous PRISMA method ensures a transparent approach, offering valuable guidance for organizations aiming to enhance their security posture against social engineering attacks.