Social engineering based cyber-attacks in kenya

Abstract

Cybersecurity is a major challenge especially as the world transitions to the fourth industrial revolution. Cybercriminals are always perceived to be using complex sophisticated mechanisms to launch attacks to information systems. It is however worth exploring Social Engineering as one of the arts used to exploit the weakest layer of information security systems, who are the users. In the recent past, the world has witnessed a gradual gain in popularity of Social Engineering attacks propagated through varied forms, including, phishing, vishing and smishing. Hence, this paper presents and demonstrates an analytical approach towards Social Engineering. The study explored the level of understanding of three forms of Social Engineering and the prevalence of Social Engineering attacks with their countermeasures. Qualitative and quantitative data was collected from a random sample through an online survey and face-to-face interviews. Data analysis showed that vishing and smishing are the most commonly used forms of Social Engineering in Kenya with the use of authority featuring as a persuasion strategy used by attackers striving for financial gain. The lack of user education and awareness outstandingly came out as the main reason behind a majority of successful attacks. The study was limited to Kenya as a representative of developing Nations in Africa. The resulting study outcomes could form a foundation for the development of information security policies and awareness programs. This could further translate into National or International Laws on Social Engineering based Cyber-attacks.