Scribd
Upload
58 views1 page

Poster 3 Extra3

This document presents a causal loop diagram showing factors that influence social engineering attacks and ways to mitigate them. It shows how outsiders can gain access to organizations by exploiting insiders through phishing operations, playing on cognitive biases and a desire to be helpful. Reducing publicly available information, training insiders, and awareness of risks can help counter social engineering attacks by reducing the credibility of outsiders and increasing recognition of exploitation.

Uploaded by

Anonymous prxufEbS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
58 views1 page

Poster 3 Extra3

This document presents a causal loop diagram showing factors that influence social engineering attacks and ways to mitigate them. It shows how outsiders can gain access to organizations by exploiting insiders through phishing operations, playing on cognitive biases and a desire to be helpful. Reducing publicly available information, training insiders, and awareness of risks can help counter social engineering attacks by reducing the credibility of outsiders and increasing recognition of exploitation.

Uploaded by

Anonymous prxufEbS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

S

amount of publicly
available information
about organization or
insider
O

credibility of fictitious
scenario by outsider (eg,
reverse SE, pretexting)
B3
Reduction of
Sensitive
Externally
Available
Information

credibility of outsider
impersonation of
authorized entity

insider's
cognitive
workload

insider desire to
believe outsider
scenario

attention insider pays to


evidence that confirms
outsider authenticity

S
S

Confirmatory Bias
to Gain Access to
Fraudulent
R2 Content

S
insider's risk
awareness

S
recency and quality
of cyber security
training
S

insider trust in
outsider authenticity

insider desire to
be helpful

S
S
insider falling for
phishing operation

recognition of
exploitation by S
organization

Deepening Access
Privilege through Spear
Phishing

Insider Training to
Reduce Social
Engineering

visual deception and


obfuscation in phishing
operation
S

research and open


source intelligence
gathering

B1

Gaining Access
Privilege through
Phishing

B2

R1

scenario
sense of
urgency

outsider
knowledge of
what specific
insider wants

insider desire to
access information

Confirmatory Bias to be
Helpful to Fraudulent
Outsider

R3

exent to which outsider targets


specific insider with fradulent
access point (planning and
preparation)

outsider gaining
access to information
to escalate privilege

O
S

exploitation of access
privilege by outsider to
cause harm

outsider access
privilege

Figure 23: Causal Loop Diagram of Avenues for Social Engineering Mitigation

CMU/SEI-2013-TN-024 | 58

You might also like