Addressing Cyber Security Accessibility: A Qualitative Study

This short paper highlights the experience of victims of social engineering attacks and their accessibility to cybersecurity mechanisms. Current research has mainly focused on technical and digital literacy in curbing cyber-attacks which leaves out users with little or no technical ability in recognizing cyber-attacks. The experiences of 17 victims of social engineering attacks are sought using semi-structured interviews. The analysis of the interview data was done using grounded theory, and two main categories relevant to social engineering methods and accessible cybersecurity mechanisms were identified. Finally, this paper presents important recommendations on cybersecurity mechanisms that are accessible to users with little or no digital literacy.

Content

Author and article information

Contributors

Bilikis Banire

Dena Al Thani

Yin Yang

Conference

Publication date (Print): July 2021

Pages: 1-5

Affiliations

[0001]Hamad Bin Khalifa University, Qatar College of Science and Engineering

LAS Building, Education City, Qatar

Article

DOI: 10.14236/ewic/HCI2021-W5.2

SO-VID: 9c0ce65b-bebd-4ff7-9332-5c776ee7c52b

License:

This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

Conference name: 34th British HCI Workshop and Doctoral Consortium

Conference acronym: HCI2021-WDC

Conference number: 34

Conference location: London, UK

Conference date: 20th - 21st July 2021

Conference sponsor: Electronic Workshops in Computing (eWiC)

Conference theme: Post-pandemic HCI – Living Digitally

History

Product

1477-9358 BCS Learning & Development

Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/HCI2021-W5.2

Self URI (journal page): https://ewic.bcs.org/

REFERENCES

Mehrdad BahriniNina WenigMarcel MeissnerKarsten SohrRainer Malaka 2019 Happypermi: Presenting critical data flows in mobile application to raise user security awareness. Paper presented at the Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems
Kristian BeckersSebastian Pape 2016 A serious game for eliciting social engineering security requirements. Paper presented at the 2016 IEEE 24th International Requirements Engineering Conference (RE).
Jan-Willem Hendrik BulléeLorena MontoyaWolter PietersMarianne JungerPieter Hartel 2018 On the anatomy of social engineering attacks—A literature-based dissection of successful attacks Journal of investigative psychology and offender profiling 15 1 20 45
Nancy Carter, Bryant-Denise LukosiusAlba DiCensoJennifer BlytheAlan J Neville 2014 The use of triangulation in qualitative research. Paper presented at the Oncology nursing forum.
Juliet CorbinAnselm Strauss 2014 Basics of qualitative research: Techniques and procedures for developing grounded theory Sage publications
Elizabeth K CridlandSandra C JonesPeter CaputiChristopher A Magee 2015 Qualitative research with families living with autism spectrum disorder: Recommendations for conducting semistructured interviews Journal of Intellectual and Developmental Disability 40 1 78 91
Martyn Denscombe 2014 The good research guide: for small-scale social research projects McGraw-Hill Education (UK)
Ibrahim GhafirVaclav PrenosilAhmad AlhejailanMohammad Hammoudeh 2016 Social engineering attack strategies and defence approaches. Paper presented at the 2016 IEEE 4th international conference on future internet of things and cloud (FiCloud)
Surbhi GuptaAbhishek SinghalAkanksha Kapoor 2016 A literature survey on social engineering attacks: Phishing attack. Paper presented at the 2016 international conference on computing, communication and automation (ICCCA)
Mark S HandcockKrista. J Gile 2011 Comment: On the concept of snowball sampling Sociological Methodology 41 1 367 371
J ObuhumaS Zivuku 2020 Social Engineering Based Cyber-Attacks in Kenya
Grace Segers (2021, May 8 2021). Cyberattack prompts major pipeline operator to halt operations. Retrieved June 10, 2021, from https://www.cbsnews.com/news/colonialpipeline-cyberattack-halt-operations/
Affan YasinRubia FatimaLin LiuJianmin WangRaian AliZiqi Wei 2020 Understanding and deciphering of social engineering attack scenarios Security and Privacy e161
Affan YasinRubia FatimaLin LiuAwaid YasinJianmin Wang 2019 Contemplating social engineering studies and attack scenarios: A review study Security and Privacy 2 4 e73
Nima ZarghamMehrdad BahriniGeorg VolkmarDirk WenigKarsten SohrRainer Malaka 2019 What could go wrong? raising mobile privacy and security awareness through a decision-making game. Paper presented at the Extended Abstracts of the Annual Symposium on Computer-Human Interaction in Play Companion Extended Abstracts

Comments

Comment on this article

[1] Mehrdad BahriniNina WenigMarcel MeissnerKarsten SohrRainer Malaka 2019 Happypermi: Presenting critical data flows in mobile application to raise user security awareness. Paper presented at the Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems

[2] Kristian BeckersSebastian Pape 2016 A serious game for eliciting social engineering security requirements. Paper presented at the 2016 IEEE 24th International Requirements Engineering Conference (RE).

[3] Jan-Willem Hendrik BulléeLorena MontoyaWolter PietersMarianne JungerPieter Hartel 2018 On the anatomy of social engineering attacks—A literature-based dissection of successful attacks Journal of investigative psychology and offender profiling 15 1 20 45

[4] Nancy Carter, Bryant-Denise LukosiusAlba DiCensoJennifer BlytheAlan J Neville 2014 The use of triangulation in qualitative research. Paper presented at the Oncology nursing forum.

[5] Juliet CorbinAnselm Strauss 2014 Basics of qualitative research: Techniques and procedures for developing grounded theory Sage publications

[6] Elizabeth K CridlandSandra C JonesPeter CaputiChristopher A Magee 2015 Qualitative research with families living with autism spectrum disorder: Recommendations for conducting semistructured interviews Journal of Intellectual and Developmental Disability 40 1 78 91

[7] Martyn Denscombe 2014 The good research guide: for small-scale social research projects McGraw-Hill Education (UK)

[8] Ibrahim GhafirVaclav PrenosilAhmad AlhejailanMohammad Hammoudeh 2016 Social engineering attack strategies and defence approaches. Paper presented at the 2016 IEEE 4th international conference on future internet of things and cloud (FiCloud)

[9] Surbhi GuptaAbhishek SinghalAkanksha Kapoor 2016 A literature survey on social engineering attacks: Phishing attack. Paper presented at the 2016 international conference on computing, communication and automation (ICCCA)

[10] Mark S HandcockKrista. J Gile 2011 Comment: On the concept of snowball sampling Sociological Methodology 41 1 367 371

[11] J ObuhumaS Zivuku 2020 Social Engineering Based Cyber-Attacks in Kenya

[12] Grace Segers (2021, May 8 2021). Cyberattack prompts major pipeline operator to halt operations. Retrieved June 10, 2021, from https://www.cbsnews.com/news/colonialpipeline-cyberattack-halt-operations/

[13] Affan YasinRubia FatimaLin LiuJianmin WangRaian AliZiqi Wei 2020 Understanding and deciphering of social engineering attack scenarios Security and Privacy e161

[14] Affan YasinRubia FatimaLin LiuAwaid YasinJianmin Wang 2019 Contemplating social engineering studies and attack scenarios: A review study Security and Privacy 2 4 e73

[15] Nima ZarghamMehrdad BahriniGeorg VolkmarDirk WenigKarsten SohrRainer Malaka 2019 What could go wrong? raising mobile privacy and security awareness through a decision-making game. Paper presented at the Extended Abstracts of the Annual Symposium on Computer-Human Interaction in Play Companion Extended Abstracts

Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65