A Conceptual Framework for Detecting and Mitigating Racism Based Social Engineering Attacks in an Organization

Abstract

"As per the present day valuation Information is considered as one of the most valuable assets. Due to that fact it is un-avoidable that it would create a market for information which are obtained illegal manner. Many organizations in the present day keep their information in digital means and majority of the organizational work flow is also carried out through the electronic media mostly through computer systems. Therefore, organizations allocate large amount of budget to protect the organizational cyber space. Even though the organization spend massive amount of money and resources on protecting the cyber space and even if there are state-of-the-art security systems and solutions are implemented and placed there is one part of the system which is tend to be vulnerable which is the user. Because the user operates on human emotions rather pure logics. Therefore, these emotions can be manipulated, hence social engineering. Current organizations do have security measurements for minimize social engineering attacks. But these controls are used to mitigate traditional social engineering attacks such as phishing, sphere phishing, quid pro-quo, pre-texting are some of them. But now social engineers tend to weaponized social issues such as racism as an exploitation method for their social engineering attacks. Un-fortunately due to the novelty of such attacks organizations still do not have any proper controls for such specific type of modern social engineering attack. Therefore, A Conceptual Framework for Detecting and Mitigating Racism Based Social Engineering Attacks in an Organization was developed to fill the gap in such security controls."