Andrei L. LOMAKINRussian Presidential Academy of National Economy and Public Administration (RANEPA), Moscow, Russian Federation lomakin-al@ranepa.ru ORCID id: not available
Evgenii Yu. KHRUSTALEVCentral Economics and Mathematics Institute, Russian Academy of Sciences (CEMI RAS), Moscow, Russian Federation stalev777@yandex.ru ORCID id: not available
Gleb A. KOSTYURINRussian Presidential Academy of National Economy and Public Administration (RANEPA), Moscow, Russian Federation g.kostyurin@yandex.ru ORCID id: not available
Subject. As the socio-economic relationships are getting digitalized so quickly, the society faces more and more instances of cybercrime. To effectively prevent arising threats to personal information security, it is necessary to know key social engineering methods and security activities to mitigate consequences of emerging threats. Objectives. We herein analyze and detect arising information security threats associated with social engineering. We set forth basic guidelines for preventing threats and improving the personal security from social engineering approaches. Methods. The study relies upon methods of systems analysis, synthesis, analogy and generalization. Results. We determined the most frequent instances associated with social engineering, which cause personal information security threats and possible implications. The article outlines guidelines for improving the persona; security from social engineering approaches as an information security threat. Conclusions and Relevance. To make information security threats associated with social engineering less probable, there should be a comprehensive approach implying two strategies. First, the information security protection should be technologically improved, fitted with various data protection, antivirus, anti-fishing software. Second, people should be more aware of information security issues. Raising the public awareness, the government, heads of various departments, top executives of public and private organizations should set an integrated training system for people, civil servants, employees to proliferate the knowledge of information security basics.
Keywords: social engineering, information security, cyber threats
References:
Khrustalev E.Yu., Kostyurin G.A. [Cyber threats: Triggers and prevention recommendations]. Natsional'nye interesy: prioritety i bezopasnost' = National Interests: Priorities and Security, 2019, vol. 15, iss. 6, pp. 1185–1194. (In Russ.) URL: Link
Bobylev A.E., Trofimova A.V. [Data protection problem on the Internet of things]. Nauka-Rastudent.ru, 2016, no. 3, p. 25. (In Russ.) URL: Link
Gol'chevskii Yu.V., Filimonova N.A. [Approach to detecting malicious activity on the Internet of things]. Informatsiya i bezopasnost' = Information and Security, 2017, vol. 20, no. 3, pp. 464–467. (In Russ.)
Semenova K.D., Tarasova K.I. Statistical Research of Global Cyber-risks: The Cost of Cyber-crime. In: Topical Questions of Contemporary Science Collection of Scientific Articles. Aspekt Publishing, 2017, pp. 315–320. URL: Link
Vyatkin A.A. [The Economic Security of Electronic Payment Systems: Reducing Cyber Risks in the Conditions of Digital Transformation]. Innovatsionnoe razvitie ekonomiki = Innovative Development of Economy, 2018, no. 5, pp. 295–298. (In Russ.)
Alosaimi R., Alnuem M. Risk Management Frameworks for Cloud Computing: A Critical Review. International Journal of Computer Science & Information Technology, 2016, vol. 8, iss. 4, pp. 1–11. URL: Link
Andreev N.O. [Formation and development of threats in information systems]. Prikladnaya informatika = Applied Informatics, 2006, no. 6, pp. 87–100. URL: Link (In Russ.)
Turygina V.F., Ford V.F., Matvevnina A.I. [The use of machine learning in cyber security]. Nauchnyi al'manakh = Scientific Almanac, 2017, no. 6-1, pp. 405–408. (In Russ.)
Glotina I.M. [Cybercrime as shadow business]. Vestnik Chelyabinskogo gosudarstvennogo universiteta = Bulletin of Chelyabinsk State University, 2016, no. 6, pp. 51–57. URL: Link (In Russ.)
Belova I.V. [Formulating the concept of information security in the curriculum of Fundamentals of information security]. Psikhologiya, sotsiologiya i pedagogika = Psychology, Sociology and Pedagogy, 2011, no. 3. (In Russ.) URL: Link
Kadulin V.E., Klochkova E.N. [The relation between the concepts of information security and cyber security in the contemporary legal environment]. Voprosy kiberbezopasnosti = Cybersecurity Issues, 2017, no. S2, pp. 7–10. (In Russ.)
Alpeev A.S. [Terminology of insecurity: Cybersecurity, information security]. Voprosy kiberbezopasnosti = Cybersecurity Issues, 2014, no. 5, pp. 39–42. URL: Link (In Russ.)
Gavrilova E.A. [Research methods for detecting network attacks]. Nauchnye zapiski molodykh issledovatelei = Scientific Notes of Young Scientists, 2017, no. 4, pp. 55–58. URL: Link (In Russ.)