Open Access
STRENGTHENING CYBER RESILIENCE: A COMPREHENSIVE EVALUATION OF SOCIAL ENGINEERING AWARENESS PROGRAMS
4
Human Factors and Cyber Awareness Lab, University of Hamburg, Hamburg, Germany
4
Human Factors and Cyber Awareness Lab, University of Hamburg, Hamburg, Germany
Abstract
Social engineering remains one of the most effective and exploited attack vectors in the cybersecurity landscape, often targeting human vulnerabilities rather than technical flaws. This study provides a comprehensive evaluation of social engineering awareness programs aimed at enhancing organizational cyber resilience. Through a multi-layered assessment involving surveys, phishing simulations, and behavioral analysis across various enterprise environments, the effectiveness of existing training models is critically examined. Key factors such as program frequency, delivery methods (e.g., interactive modules vs. lectures), and user engagement levels are analyzed to determine their impact on long-term behavioral change and threat recognition capabilities. The results reveal that continuous, gamified, and context-aware training significantly improves user awareness and reduces susceptibility to phishing and other social engineering tactics. The study concludes with recommendations for designing adaptive, user-centric awareness programs that align with evolving threat landscapes, thereby strengthening overall organizational security posture.
Keywords
Cyber resilience,
social engineering,
cybersecurity awareness,
phishing prevention
References
Aldawood, H., & Skinner, G. (2019). Reviewing cybersecurity social engineering training and awareness programs—Pitfalls and ongoing issues. Future Internet, 11(3),73. https://doi.org/10.3390/fi11030073
Aloul, F. (2012). The need for effective information security awareness. Journal of Advances in Information Technology, 3(3), 176-183. https://doi.org/10.4304/jait.3.3.176-183
Alsulami, H., Althobaiti, M., & Alfakeeh, A. (2021). Awareness of social engineering attacks in the education sector. Journal of Cybersecurity Education, Research and Practice, 2021(2), 1-15.
Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77-101. https://doi.org/10.1191/1478088706qp063oa
Brinkmann, S., & Kvale, S. (2018). Doing interviews (2nd ed.). SAGE Publications.
Bullée, J. W., & Junger, M. (2021). Social engineering: How psychological tactics make humans vulnerable. Computers & Security, 97, 101934. https://doi.org/10.1016/j.cose.2020.101934
Creswell, J. W., & Poth, C. N. (2018). Qualitative inquiry and research design: Choosing among five approaches(4th ed.). SAGE Publications.
Etikan, I., Musa, S. A., & Alkassim, R. S. (2016). Comparison of convenience sampling and purposive sampling. American Journal of Theoretical and Applied Statistics, 5(1), 1-4. https://doi.org/10.11648/j.ajtas.20160501.11
Forrester. (2023). Protecting against the top five cybersecurity threats in 2023 requires a balanced approach. Forrester Reports.
Hennink, M. M. (2013). Focus group discussions: Understanding qualitative research. Oxford University Press.
Inspiroz. (2024). Social engineering attacks in education: 2024 prevention tactics. Inspiroz Blog. https://www.inspiroz.com
Jaeger, L., & Eckhardt, A. (2020). Eyes wide open: The role of situational information security awareness for security-related behavior. Information Systems Journal, 31(3), 429-472. https://doi.org/10.1111/isj.12317
Kroll. (2023). Q3 2023 threat landscape report: Social engineering takes center stage. Kroll Reports.
Mouton, F., Leenen, L., & Venter, H. S. (2016). Towards an ontological model defining the social engineering domain. Computers & Security, 59, 186-209. https://doi.org/10.1016/j.cose.2016.03.006
Nguyen, T., & Bhatia, S. (2020). Information security awareness in universities: The role of faculty and students. Education and Information Technologies, 25(1), 97-115. https://doi.org/10.1007/s10639-019-09972-7
Patton, M. Q. (2015). Qualitative research & evaluation methods (4th ed.). SAGE Publications.
Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. Future Internet, 11(4), 89. https://doi.org/10.3390/fi11040089
USG. (2023). USG mandatory cybersecurity awareness training due April 28. COE FYI. https://fyi.coe.uga.edu/2023-04-usg-mandatory-cybersecurity-awareness-training-due-april-28/
Wang, Z., Zhu, H., & Sun, L. (2021). Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities, and attack methods. IEEE Access, 9, 11895-11910. https://doi.org/10.1109/ACCESS.2021.3052223
Whitman, M. E., & Mattord, H. J. (2018). Principles of information security (6th ed.). Cengage Learning.
Yerby, J. (2018). Faculty and staff information security practices and awareness: A study of higher education. Journal of Cybersecurity Education, Research, and Practice, 2018(1), 1-18.
Similar Articles
- Dr. Alistair C. Finch, From Reactive to Predictive: A Framework for Integrating Threat Intelligence with SIEM for Proactive Threat Hunting , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 10 (2025): Volume 02 Issue 10
- Prof. Hans-Peter Vogel, Dr. Farah Al-Dabbagh, UNINTENDED CONSEQUENCES AND SPILLOVER EFFECTS IN OFFENSIVE CYBER OPERATIONS: A SYSTEMATIC LITERATURE REVIEW , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 1 No. 01 (2024): Volume 01 Issue 01
- Dr. Tanvi Das, James D. Walker, A FEDERATED MULTI-MODAL SYSTEM FOR INSIDER THREAT DETECTION IN ENERGY INFRASTRUCTURE USING BIOMETRIC AND CYBER DATA , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 01 (2025): Volume 02 Issue 01
- Dr. Nyra Quellin, Strategic Risk-Based Cybersecurity Governance: Integrating Policy Frameworks, Organizational Controls, and Compliance Mechanisms for Contemporary Information Systems , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 01 (2026): Volume 03 Issue 01
- Farah Al-Mansouri, THE IMPLICIT LANGUAGE OF CYBERSECURITY: EDUCATIONAL CHALLENGES AND IMPLICATIONS , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 07 (2025): Volume 02 Issue 07
- Dr. Alistair Finch, Navigating the Digital Battlefield: A Systematic Review of Collateral Effects in Offensive Cyber Operations , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 08 (2025): Volume 02 Issue 08
- Dr. Arjun Pratap Singh, Dr. Neha Verma, Research on Unusual Transmission Pattern Recognition in Telecommunication Infrastructure Using Fuzzy Equation Approach , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 04 (2026): Volume 03 Issue 04
- Dr. Evelyn R. Chen, Dr. Adrian M. Vella, A Comprehensive Taxonomy and Critical Survey of Scientific Workflow Scheduling Paradigms in IaaS Cloud Computing: Evaluating Fitness for High-Stakes Environmental Modeling , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 11 (2025): Volume 02 Issue 11
- Dr. Dmitry V. Sokolov, Synergizing Generative AI and Explainable Machine Learning in Security Operations Centers: Mitigating Alert Fatigue and Enhancing Analyst Performance , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 2 No. 10 (2025): Volume 02 Issue 10
- Elena M. Kovacs, Predictive Intelligence Across Physical and Financial Systems: A Comparative Research Framework for Packed-Bed Thermal Energy Storage and AI-Driven Forecasting , International Journal of Cyber Threat Intelligence and Secure Networking: Vol. 3 No. 03 (2026): Volume 03 Issue 03
You may also start an advanced similarity search for this article.