Social Engineering Defense Mechanisms: A Taxonomy and a Survey of Employees’ Awareness Level

In the information security chain, humans have become the weakest point, and social engineers take advantage of that fact by psychologically manipulating people to persuade them to disclose sensitive information or execute malicious acts. Social engineering security attacks can be severe and hard to detect. Therefore, to prevent such attacks, organizations and their employees should be aware of the defense mechanisms that can mitigate the risk of these attacks. To that end, the authors (1) developed a taxonomy of social engineering defense mechanisms and also (2) designed and distributed a survey to measure employees’ level of awareness of these mechanisms. To develop the taxonomy, the authors reviewed the related literature and extracted the main defense mechanisms. To measure employees’ level of awareness of social engineering defense mechanisms, the authors designed and distributed a survey in which 791 employees participated. Finally, after collecting and analyzing the data, the authors found that more than half of the surveyed employees are not aware of social engineering attacks and their defense mechanisms. Such a worrisome result shows that employees and organizations are extremely vulnerable to such attacks, and serious steps need to be taken to elevate the employees’ awareness level against these emerging security threats.