Employee awareness on social engineering threats in the financial sector

Wokabi, Francis Mwangi
Journal Title
Journal ISSN
Volume Title
Strathmore University
Despite the great gains that have been achieved through use of the Internet, a lot of threats have also emanated in equal measure from its increased usage. Some of the threats are largely associated with cyber-attacks. From identity theft, phishing, tailgating, shoulder surfing and google hacking among others. Generally, most of these attacks would typically begin with the very basic stage or phase known as social engineering. Financial institutions are at high risk today as attackers use various forms of attacks to social engineer the employees that work in the financial sector. The use of trickery and deception by cyber criminals to gain the trust of employees has made them the most vulnerable element of a computer system. The aim of this study was to identify the various forms of social engineering attacks in the financial sector and to develop a web-based assessment tool that will enable financial institutions to enhance the preparedness of their employees by assessing their awareness levels with respect to social engineering threats. The tool was used to achieve this by administering assessment tests to employees and the results from the assessment tests were used to determine training requirements for the employees. The proposed tool was developed using the Rapid Application Development (RAD) approach or methodology through a series of continuous testing and integration phases to ensure that the final product met the specified requirements. The results from the testing phases of the development revealed that the system is robust enough to handle requests from more than 80 users and it’s performance is not degraded even as the number of users increase. The system has an accuracy rate of 100% when it comes to scoring questions. In addition to this, the tests showed that the system has an overall average response time of between one to five minutes when responding to user requests.
A thesis submitted in partial fulfilment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore University