Resiliens mot social engineering : En studie om organisationers förmåga att hantera social engineering.

Given the major technological development that has been made in the last decades, companies and organizations draw benefit from these technological means to communicate in new ways rather than using old school methods like snail-mail. This has led to many new attack vectors for culprits looking to commit fraud. These attack vectors have proven to be very effective given the fact that culprits can target massive volumes of potential targets. The purpose of this report was divided into two parts, investigate to what extent employees were aware of the phenomena “social engineering” as well as conducting a literature study to gather knowledge about common attacks and defence mechanisms to counter these attacks. To investigate the awareness regarding “social engineering” of employees in different organizations, eight different qualitative interviews were conducted with employees of different organizations. To gather knowledge about common social engineering attacks an extensive literature study was done. The interviews revealed that many employees had low awareness about social engineering and many of them also failed to manage their credentials to IT-systems in a safe way. The interviewed subjects also shared a low awareness regarding their organizations policies regarding IT-security. The literature study revealed that social engineering attacks come in many different forms.Many of the attacks are very similar but regarding who they are targeting, or which mediumis used for the attack they can receive a different name. The social engineering attack called “phishing” was the most recurrent type of social engineering attack and hence a lot of this thesis is focused on this attack. Examples of authentic successful phishing attempts arepresented