The Effectiveness of Social Engineering as a Cyber - Attacking Vector : People Do Use Unknown USB Drive, They Find

Abstract: Information security importance is rising. Information security awareness' is spreading, and this gives a clear picture of the growing demand for information security. Information security does not only consist of essential information but also the customer. An information system could be either a system user or a device. Protecting vital information is one of the security issues facing our modern technology, but also protecting system users. System users are the weakest link in information security chain due to wrong prioritizing of information security.Standardization of information security must not differ across organizations. Although every organization has a prioritized level of protection, managing information security should not be completely different from one organization over the other. However, this is not the case. The standards of information security across multiple organizations differ. The gap between organizations concerning information security is enormous. The difference between organizations is due to how organizations value their information access. One of the main security issues confronting information security is the end-user security. System users are still the weakest link in the information security chain. An organization's security cannot depend only on the implemented system, but also, the security level of the system users. The end-users within an organization are essential in cultivating better information security practices. Neglecting end users' importance in information security makes it easier for cyber-attacks and end-users manipulations.The inability to protect end-users as a physical system exposes the possibilities of manipulating end-users through various Social Engineering techniques to elicit essential information. Social Engineering is the term used to influence a person without their knowledge to give out sensitive information. Social Engineering comprises of different factors; psychology and computer science. Social Engineering acquires vital information by manipulating the weakest link in information security chains, the system user.Social Engineering proves that end-users are still the weakest link in the information security chain. This experiment demonstrates that people do use unknown USB drive they find. The consequences of this act, in general, could be harmful. Moreover, that, there are possibilities through Social Engineering, to expose organizations' systems infrastructures to cyber-attacks.The result from this project visualizes that, the most valuable assets an organization has are the people within the organization. An organization employee could expose a well-secured system to cyber-attacks without knowing about it.