Social engineering remains one of the most effective and exploited attack vectors in the cybersecurity landscape, often targeting human vulnerabilities rather than technical flaws. This study provides a comprehensive evaluation of social engineering awareness programs aimed at enhancing organizational cyber resilience. Through a multi-layered assessment involving surveys, phishing simulations, and behavioral analysis across various enterprise environments, the effectiveness of existing training models is critically examined. Key factors such as program frequency, delivery methods (e.g., interactive modules vs. lectures), and user engagement levels are analyzed to determine their impact on long-term behavioral change and threat recognition capabilities. The results reveal that continuous, gamified, and context-aware training significantly improves user awareness and reduces susceptibility to phishing and other social engineering tactics. The study concludes with recommendations for designing adaptive, user-centric awareness programs that align with evolving threat landscapes, thereby strengthening overall organizational security posture.

Cyber resilience, social engineering, cybersecurity awareness, phishing prevention

Aldawood, H., & Skinner, G. (2019). Reviewing cybersecurity social engineering training and awareness programs—Pitfalls and ongoing issues. Future Internet, 11(3),73. https://doi.org/10.3390/fi11030073

Aloul, F. (2012). The need for effective information security awareness. Journal of Advances in Information Technology, 3(3), 176-183. https://doi.org/10.4304/jait.3.3.176-183

Alsulami, H., Althobaiti, M., & Alfakeeh, A. (2021). Awareness of social engineering attacks in the education sector. Journal of Cybersecurity Education, Research and Practice, 2021(2), 1-15.

Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77-101. https://doi.org/10.1191/1478088706qp063oa

Brinkmann, S., & Kvale, S. (2018). Doing interviews (2nd ed.). SAGE Publications.

Bullée, J. W., & Junger, M. (2021). Social engineering: How psychological tactics make humans vulnerable. Computers & Security, 97, 101934. https://doi.org/10.1016/j.cose.2020.101934

Creswell, J. W., & Poth, C. N. (2018). Qualitative inquiry and research design: Choosing among five approaches(4th ed.). SAGE Publications.

Etikan, I., Musa, S. A., & Alkassim, R. S. (2016). Comparison of convenience sampling and purposive sampling. American Journal of Theoretical and Applied Statistics, 5(1), 1-4. https://doi.org/10.11648/j.ajtas.20160501.11

Forrester. (2023). Protecting against the top five cybersecurity threats in 2023 requires a balanced approach. Forrester Reports.

Hennink, M. M. (2013). Focus group discussions: Understanding qualitative research. Oxford University Press.

Inspiroz. (2024). Social engineering attacks in education: 2024 prevention tactics. Inspiroz Blog. https://www.inspiroz.com

Jaeger, L., & Eckhardt, A. (2020). Eyes wide open: The role of situational information security awareness for security-related behavior. Information Systems Journal, 31(3), 429-472. https://doi.org/10.1111/isj.12317

Kroll. (2023). Q3 2023 threat landscape report: Social engineering takes center stage. Kroll Reports.

Mouton, F., Leenen, L., & Venter, H. S. (2016). Towards an ontological model defining the social engineering domain. Computers & Security, 59, 186-209. https://doi.org/10.1016/j.cose.2016.03.006

Nguyen, T., & Bhatia, S. (2020). Information security awareness in universities: The role of faculty and students. Education and Information Technologies, 25(1), 97-115. https://doi.org/10.1007/s10639-019-09972-7

Patton, M. Q. (2015). Qualitative research & evaluation methods (4th ed.). SAGE Publications.

Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. Future Internet, 11(4), 89. https://doi.org/10.3390/fi11040089

USG. (2023). USG mandatory cybersecurity awareness training due April 28. COE FYI. https://fyi.coe.uga.edu/2023-04-usg-mandatory-cybersecurity-awareness-training-due-april-28/

Wang, Z., Zhu, H., & Sun, L. (2021). Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities, and attack methods. IEEE Access, 9, 11895-11910. https://doi.org/10.1109/ACCESS.2021.3052223

Whitman, M. E., & Mattord, H. J. (2018). Principles of information security (6th ed.). Cengage Learning.

Yerby, J. (2018). Faculty and staff information security practices and awareness: A study of higher education. Journal of Cybersecurity Education, Research, and Practice, 2018(1), 1-18.