Human Factors in Information Security: A Quantitative Study with Technical Solutions to Prevent Social Engineering Attacks

Human factors play a critical role in enabling social engineering attacks that exploit human behaviors, cognitive biases, and psychological vulnerabilities to manipulate individuals and breach security protocols. The lack of a comprehensive understanding and effective countermeasures addressing these human factors has allowed attackers to execute successful social engineering attacks worldwide, leading to severe security breaches. According to the Internet Crime Report 2023, impersonation and business email compromise are among the costliest attacks compared to other forms of cybercrimes, with both leading to the loss of 2.9 billion dollars and 1.3 billion dollars. This research paper investigates the role of human factors in social engineering attacks and examines their growing prevalence and impact through real-life case studies. Additionally, it reviews various security frameworks and techniques from existing literature to identify their strengths and limitations, providing a foundation for a new conceptual security framework. To deepen our understanding of these issues, a quantitative questionnaire was conducted, collecting 208 responses to assess public knowledge, behaviors, experiences, and opinions related to human factors in information security and social engineering. The result provided several key insights such as revealing a lack of understanding of human factors and social engineering among respondents and suggesting that both technical and human aspects contribute to social engineering vulnerabilities. The findings emphasize the need for a balanced approach, leading to the proposal of a new security framework that integrates technical and human solutions to mitigate these risks effectively. By thoroughly following the framework, organizations can implement the most appropriate and effective technical and human measures, tailored to the data they have collected.