Open Access
STRENGTHENING CYBER RESILIENCE: A COMPREHENSIVE EVALUATION OF SOCIAL ENGINEERING AWARENESS PROGRAMS
4
Human Factors and Cyber Awareness Lab, University of Hamburg, Hamburg, Germany
4
Human Factors and Cyber Awareness Lab, University of Hamburg, Hamburg, Germany
Abstract
Social engineering remains one of the most effective and exploited attack vectors in the cybersecurity landscape, often targeting human vulnerabilities rather than technical flaws. This study provides a comprehensive evaluation of social engineering awareness programs aimed at enhancing organizational cyber resilience. Through a multi-layered assessment involving surveys, phishing simulations, and behavioral analysis across various enterprise environments, the effectiveness of existing training models is critically examined. Key factors such as program frequency, delivery methods (e.g., interactive modules vs. lectures), and user engagement levels are analyzed to determine their impact on long-term behavioral change and threat recognition capabilities. The results reveal that continuous, gamified, and context-aware training significantly improves user awareness and reduces susceptibility to phishing and other social engineering tactics. The study concludes with recommendations for designing adaptive, user-centric awareness programs that align with evolving threat landscapes, thereby strengthening overall organizational security posture.
Keywords
Cyber resilience,
social engineering,
cybersecurity awareness,
phishing prevention
References
Aldawood, H., & Skinner, G. (2019). Reviewing cybersecurity social engineering training and awareness programsβPitfalls and ongoing issues. Future Internet, 11(3),73. https://doi.org/10.3390/fi11030073
Aloul, F. (2012). The need for effective information security awareness. Journal of Advances in Information Technology, 3(3), 176-183. https://doi.org/10.4304/jait.3.3.176-183
Alsulami, H., Althobaiti, M., & Alfakeeh, A. (2021). Awareness of social engineering attacks in the education sector. Journal of Cybersecurity Education, Research and Practice, 2021(2), 1-15.
Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77-101. https://doi.org/10.1191/1478088706qp063oa
Brinkmann, S., & Kvale, S. (2018). Doing interviews (2nd ed.). SAGE Publications.
BullΓ©e, J. W., & Junger, M. (2021). Social engineering: How psychological tactics make humans vulnerable. Computers & Security, 97, 101934. https://doi.org/10.1016/j.cose.2020.101934
Creswell, J. W., & Poth, C. N. (2018). Qualitative inquiry and research design: Choosing among five approaches(4th ed.). SAGE Publications.
Etikan, I., Musa, S. A., & Alkassim, R. S. (2016). Comparison of convenience sampling and purposive sampling. American Journal of Theoretical and Applied Statistics, 5(1), 1-4. https://doi.org/10.11648/j.ajtas.20160501.11
Forrester. (2023). Protecting against the top five cybersecurity threats in 2023 requires a balanced approach. Forrester Reports.
Hennink, M. M. (2013). Focus group discussions: Understanding qualitative research. Oxford University Press.
Inspiroz. (2024). Social engineering attacks in education: 2024 prevention tactics. Inspiroz Blog. https://www.inspiroz.com
Jaeger, L., & Eckhardt, A. (2020). Eyes wide open: The role of situational information security awareness for security-related behavior. Information Systems Journal, 31(3), 429-472. https://doi.org/10.1111/isj.12317
Kroll. (2023). Q3 2023 threat landscape report: Social engineering takes center stage. Kroll Reports.
Mouton, F., Leenen, L., & Venter, H. S. (2016). Towards an ontological model defining the social engineering domain. Computers & Security, 59, 186-209. https://doi.org/10.1016/j.cose.2016.03.006
Nguyen, T., & Bhatia, S. (2020). Information security awareness in universities: The role of faculty and students. Education and Information Technologies, 25(1), 97-115. https://doi.org/10.1007/s10639-019-09972-7
Patton, M. Q. (2015). Qualitative research & evaluation methods (4th ed.). SAGE Publications.
Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. Future Internet, 11(4), 89. https://doi.org/10.3390/fi11040089
USG. (2023). USG mandatory cybersecurity awareness training due April 28. COE FYI. https://fyi.coe.uga.edu/2023-04-usg-mandatory-cybersecurity-awareness-training-due-april-28/
Wang, Z., Zhu, H., & Sun, L. (2021). Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities, and attack methods. IEEE Access, 9, 11895-11910. https://doi.org/10.1109/ACCESS.2021.3052223
Whitman, M. E., & Mattord, H. J. (2018). Principles of information security (6th ed.). Cengage Learning.
Yerby, J. (2018). Faculty and staff information security practices and awareness: A study of higher education. Journal of Cybersecurity Education, Research, and Practice, 2018(1), 1-18.
Similar Articles
- Julia H. Whitaker, PROACTIVE CYBER THREAT HUNTING AND PREDICTIVE INTELLIGENCE IN CLOUD-ENABLED CRITICAL INFRASTRUCTURE: AN INTEGRATED FRAMEWORK FOR RESILIENT DIGITAL ECOSYSTEMS , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 02 (2026): Volume 03 Issue 02
- Dr. Laura Stein, ADVANCING PROACTIVE CYBERSECURITY THROUGH CYBER THREAT INTELLIGENCE MINING: A COMPREHENSIVE REVIEW AND FUTURE DIRECTIONS , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 02 (2025): Volume 02 Issue 02
- Dr. Ahmed Saeed Al-Mansoori, Detection of Malicious Query Attack Weaknesses within Online Software Systems Using Byte-Level Pattern Matching , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 04 (2026): Volume 03 Issue 04
- Dr. Arben Kola, Dr. Elira Hoxha, Dr. Gentian Leka, Study of Threat Evaluation and Forecasting Framework for Communication Infrastructure Using Neural Intelligence Techniques , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 04 (2026): Volume 03 Issue 04
- Dr. Elena Marovic, Dr. Sofia Markovic, Cybersecurity Governance and Resilience in Small and Medium-Sized Enterprises: A Socio-Technical, Resource-Based, and Regulatory Framework for Sustainable Digital Competitiveness , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 04 (2026): Volume 03 Issue 04
- Dr. Marcus Fletcher, Dr. Elena Novak, ASSESSING AND ENSURING CYBERSECURITY AND RESILIENCE IN HEALTHCARE: A RISK AND CONFORMITY FRAMEWORK , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Elena Petrova, Dr. Hassan Al-Mansoori, EVALUATING AND ENHANCING CYBERSECURITY AND RESILIENCE IN HEALTHCARE: A UNIFIED RISK AND COMPLIANCE FRAMEWORK , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 05 (2025): Volume 02 Issue 05
- Dr. Amara Ndlovu, Dr. Faisal Khan, CYBERSECURITY IN VIRTUAL GATHERINGS: RISKS AND REMEDIAL STRATEGIES FOR VIDEO CONFERENCING SOFTWARE , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 04 (2025): Volume 02 Issue 04
- Dr. Jakob R. Neumann, Prof. Leila F. Mahmoud, Securing the Virtual Meeting Space: An Analysis of Cybersecurity Risks and Mitigation Strategies for Video Conferencing Platforms , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 09 (2025): Volume 02 Issue 09
- Dr. Mateo Alvarez-Ruiz, From Reactive to Predictive Security: Integrating Threat Intelligence with SIEM for Proactive Threat Hunting , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 01 (2026): Volume 03 Issue 01
1-10 of 31
Next
You may also start an advanced similarity search for this article.