Open Access
STRENGTHENING CYBER RESILIENCE: A COMPREHENSIVE EVALUATION OF SOCIAL ENGINEERING AWARENESS PROGRAMS
4
Human Factors and Cyber Awareness Lab, University of Hamburg, Hamburg, Germany
4
Human Factors and Cyber Awareness Lab, University of Hamburg, Hamburg, Germany
Abstract
Social engineering remains one of the most effective and exploited attack vectors in the cybersecurity landscape, often targeting human vulnerabilities rather than technical flaws. This study provides a comprehensive evaluation of social engineering awareness programs aimed at enhancing organizational cyber resilience. Through a multi-layered assessment involving surveys, phishing simulations, and behavioral analysis across various enterprise environments, the effectiveness of existing training models is critically examined. Key factors such as program frequency, delivery methods (e.g., interactive modules vs. lectures), and user engagement levels are analyzed to determine their impact on long-term behavioral change and threat recognition capabilities. The results reveal that continuous, gamified, and context-aware training significantly improves user awareness and reduces susceptibility to phishing and other social engineering tactics. The study concludes with recommendations for designing adaptive, user-centric awareness programs that align with evolving threat landscapes, thereby strengthening overall organizational security posture.
Keywords
Cyber resilience,
social engineering,
cybersecurity awareness,
phishing prevention
References
Aldawood, H., & Skinner, G. (2019). Reviewing cybersecurity social engineering training and awareness programsβPitfalls and ongoing issues. Future Internet, 11(3),73. https://doi.org/10.3390/fi11030073
Aloul, F. (2012). The need for effective information security awareness. Journal of Advances in Information Technology, 3(3), 176-183. https://doi.org/10.4304/jait.3.3.176-183
Alsulami, H., Althobaiti, M., & Alfakeeh, A. (2021). Awareness of social engineering attacks in the education sector. Journal of Cybersecurity Education, Research and Practice, 2021(2), 1-15.
Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77-101. https://doi.org/10.1191/1478088706qp063oa
Brinkmann, S., & Kvale, S. (2018). Doing interviews (2nd ed.). SAGE Publications.
BullΓ©e, J. W., & Junger, M. (2021). Social engineering: How psychological tactics make humans vulnerable. Computers & Security, 97, 101934. https://doi.org/10.1016/j.cose.2020.101934
Creswell, J. W., & Poth, C. N. (2018). Qualitative inquiry and research design: Choosing among five approaches(4th ed.). SAGE Publications.
Etikan, I., Musa, S. A., & Alkassim, R. S. (2016). Comparison of convenience sampling and purposive sampling. American Journal of Theoretical and Applied Statistics, 5(1), 1-4. https://doi.org/10.11648/j.ajtas.20160501.11
Forrester. (2023). Protecting against the top five cybersecurity threats in 2023 requires a balanced approach. Forrester Reports.
Hennink, M. M. (2013). Focus group discussions: Understanding qualitative research. Oxford University Press.
Inspiroz. (2024). Social engineering attacks in education: 2024 prevention tactics. Inspiroz Blog. https://www.inspiroz.com
Jaeger, L., & Eckhardt, A. (2020). Eyes wide open: The role of situational information security awareness for security-related behavior. Information Systems Journal, 31(3), 429-472. https://doi.org/10.1111/isj.12317
Kroll. (2023). Q3 2023 threat landscape report: Social engineering takes center stage. Kroll Reports.
Mouton, F., Leenen, L., & Venter, H. S. (2016). Towards an ontological model defining the social engineering domain. Computers & Security, 59, 186-209. https://doi.org/10.1016/j.cose.2016.03.006
Nguyen, T., & Bhatia, S. (2020). Information security awareness in universities: The role of faculty and students. Education and Information Technologies, 25(1), 97-115. https://doi.org/10.1007/s10639-019-09972-7
Patton, M. Q. (2015). Qualitative research & evaluation methods (4th ed.). SAGE Publications.
Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. Future Internet, 11(4), 89. https://doi.org/10.3390/fi11040089
USG. (2023). USG mandatory cybersecurity awareness training due April 28. COE FYI. https://fyi.coe.uga.edu/2023-04-usg-mandatory-cybersecurity-awareness-training-due-april-28/
Wang, Z., Zhu, H., & Sun, L. (2021). Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities, and attack methods. IEEE Access, 9, 11895-11910. https://doi.org/10.1109/ACCESS.2021.3052223
Whitman, M. E., & Mattord, H. J. (2018). Principles of information security (6th ed.). Cengage Learning.
Yerby, J. (2018). Faculty and staff information security practices and awareness: A study of higher education. Journal of Cybersecurity Education, Research, and Practice, 2018(1), 1-18.
Similar Articles
- John M. Callahan, Advancing Cyber Threat Intelligence Frameworks: Integrative Models, Sharing Mechanisms, and Predictive Analytics , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 07 (2025): Volume 02 Issue 07
- Dr. Ahmed N. El-Tayeb, Miguel Γngel Ortega, INTEGRATING CYBER THREAT INTELLIGENCE WITHIN COMMERCIAL ENTERPRISES: A STRATEGIC FRAMEWORK FOR ENHANCED SECURITY POSTURE , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Layla Hassan, Reem Al-Mazrouei, EVOLVING PARADIGMS AND FUTURE TRAJECTORIES IN CYBER THREAT INTELLIGENCE , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 06 (2025): Volume 02 Issue 06
- Dr. Rohan Deshmukh, ARCHITECTING A ROBUST CYBER THREAT INTELLIGENCE CAPABILITY: A COMPREHENSIVE FRAMEWORK , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 02 (2025): Volume 02 Issue 02
- Prof. Emily Zhang, Luca Romano, DEFENDING AGAINST EVOLVING CYBER THREATS: A HYBRID FRAMEWORK FOR ATTACK PATTERN ANALYSIS AND INTELLIGENCE INTEGRATION , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 04 (2025): Volume 02 Issue 04
- Dr. Alistair C. Finch, From Reactive to Predictive: A Framework for Integrating Threat Intelligence with SIEM for Proactive Threat Hunting , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 10 (2025): Volume 02 Issue 10
- Prof. Hans-Peter Vogel, Dr. Farah Al-Dabbagh, UNINTENDED CONSEQUENCES AND SPILLOVER EFFECTS IN OFFENSIVE CYBER OPERATIONS: A SYSTEMATIC LITERATURE REVIEW , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Tanvi Das, James D. Walker, A FEDERATED MULTI-MODAL SYSTEM FOR INSIDER THREAT DETECTION IN ENERGY INFRASTRUCTURE USING BIOMETRIC AND CYBER DATA , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 01 (2025): Volume 02 Issue 01
- Dr. Nyra Quellin, Strategic Risk-Based Cybersecurity Governance: Integrating Policy Frameworks, Organizational Controls, and Compliance Mechanisms for Contemporary Information Systems , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 01 (2026): Volume 03 Issue 01
- Farah Al-Mansouri, THE IMPLICIT LANGUAGE OF CYBERSECURITY: EDUCATIONAL CHALLENGES AND IMPLICATIONS , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 07 (2025): Volume 02 Issue 07
You may also start an advanced similarity search for this article.