TY - JOUR
T1 - Of Social Engineers & Corporate Espionage Agents
T2 - How Prepared Are SMEs in Developing Economies?
AU - Yeboah-Boateng, Ezer Osei
PY - 2013/11
Y1 - 2013/11
N2 - The purpose of this study is to create the awareness of cyber-security threats due to social engineers and corporate espionage agents, and to offer some mitigation measures aimed at minimizing the impact of insider attacks on SMEs in developing economies. Loyal and trusted employees can pose enormous and catastrophic cyber-risks to SMEs, in view of their insider-ness, access privileges and knowledge of the systems as well as associated inherent vulnerabilities. Cyber-security functionaries and chief-level officers were surveyed on various metrics of insider attacks and incidents. The findings indicate that financial and ICT oriented SMEs are mostly targeted, and the impact range from loss of sensitive data, loss of corporate resources, loss of market share as well as loss of customer and investor confidence. Since most social engineers capitalize on the end-user vulnerabilities and their sense of social norms, effective mitigation measures offered are human centric in nature. Personal and corporate factors that are likely to motivate employees to become espionage agents ought to be addressed. Periodic and on-spot systems audit are to be carried out to effectively monitor any unnecessary and inappropriate access escalations. Policy on separation of duties must be enforced.
AB - The purpose of this study is to create the awareness of cyber-security threats due to social engineers and corporate espionage agents, and to offer some mitigation measures aimed at minimizing the impact of insider attacks on SMEs in developing economies. Loyal and trusted employees can pose enormous and catastrophic cyber-risks to SMEs, in view of their insider-ness, access privileges and knowledge of the systems as well as associated inherent vulnerabilities. Cyber-security functionaries and chief-level officers were surveyed on various metrics of insider attacks and incidents. The findings indicate that financial and ICT oriented SMEs are mostly targeted, and the impact range from loss of sensitive data, loss of corporate resources, loss of market share as well as loss of customer and investor confidence. Since most social engineers capitalize on the end-user vulnerabilities and their sense of social norms, effective mitigation measures offered are human centric in nature. Personal and corporate factors that are likely to motivate employees to become espionage agents ought to be addressed. Periodic and on-spot systems audit are to be carried out to effectively monitor any unnecessary and inappropriate access escalations. Policy on separation of duties must be enforced.
KW - Social engineering
KW - corporate espionage agents
KW - threats
KW - vulnerabilities
KW - cyber risks
KW - SMEs
KW - Developing Economies
KW - Developing Countries
M3 - Journal article
SN - 2321-5941
VL - 1
SP - 14
EP - 22
JO - Journal of Electronics & Communications Engineering Research
JF - Journal of Electronics & Communications Engineering Research
IS - 3
M1 - 2
ER -