The interaction of culture and technology in together managing

insider threats and social engineering.

Matriculation Number:
Student Name:

Course: MSc Human resource management

Word Count: 2625

Submission Date: 09-12-2024

ASSIGNMENT COVER SHEET

This should be completed individually for each student / assignment. Even for group assignments,
each group member should complete their own cover page and declaration below.

STUDENT (REGISTRATION) NUMBER: 40665048

Please ensure that you have removed your name from your assignment – don’t forget to check both
the header and the footer. Please do include your student number though.

MODULE NUMBER: Click or tap here to enter text.

MODULE TITLE: Click or tap here to enter text.

ASSESSMENT TITLE: The interaction of culture and technology in together managing insider threats
and social engineering.

NAME OF MODULE LEADER: Click or tap here to enter text.

DATE OF SUBMISSION: Click or tap to enter a date.

ACKNOWLEDGEMENT OF THE USE OF ARTIFICIAL INTELLIGENCE (AI) IN ACADEMIC WORK:

(Select all the options below applicable to your submission)

No content generated by AI technologies has been presented as my own work.

✘

I acknowledge the use of AI to generate materials for background research and

self-study in the drafting of this assessment.
 I acknowledge the use of AI to structure or plan this assessment.

I acknowledge the use of AI to generate materials that were included within my

final assessment in modified form.

I acknowledge the use of AI to generate materials that were included in my final

assessment in unmodified form. An example of this would be a quote or image
produced by the AI output.

IF YOU ACKNOWLEDGE THE USE OF AI, IN AROUND 100 WORDS DESCRIBE HOW AND AT WHICH
POINTS YOU HAVE USED SUCH TOOLS TO SUPPORT THE COMPLETION OF THIS ASSESSMENT:
1 Executive summary
The paper discovers the interplay amid technology and culture at addressing insider
threats and as well as social engineering. Social engineering involves manipulating
human interactions to unlawfully access systems. This often leads to compromised
confidential records, data theft, or financial losses, all of which contribute to insider risks
stemming from the lack of a strong security culture among employees. Insider threats
and social engineering remain among the most critical issues in cybersecurity nowadays.
The study inspects and proposes solutions for the risks posed by social engineering
through an analysis of insider threat cases. The first section highlights the necessity of
combining cultural and technical plans to combat cybercrime, with a emphasis on
historical wounded caused by insider threats. The additional section emphasizes the
continuing risks that insider intimidations pose to network security. The third section
analyzes insider threats with a lens on cultural and technological security practices. This
discussion spreads to internal scheme oversight, safe data action, and the effective
organization of employee conduct and communiqué. Despite their significance, insider
threats are often undervalued. Organizations tend to prioritize external threats while
overlooking interior risks posed by employees. Using real-world examples from today’s
cybercrime landscape, this research specifically addresses internal threats to
organizations and explores how cultural measures and advanced technologies can
mitigate these risks. By examining relevant crime cases, the study pursues to stop alike
incidents and identify effective extenuation plans. The goal is to underline the rank of a
stable cultural and technical approach to handling insider threats.
2 Introduction
Social engineering and insider threats are significant vulnerabilities in cybersecurity.
These tactics exploit human trust and psychological factors, bypassing established
defenses to gain unauthorized access or steal sensitive information. Recognizing these
risks is essential toward protect organizations from both external and internal threats.
Attackers employ various social engineering performances for example pretexting,
baiting, and phishing to manipulate individuals. Insider threats, whether accidental or
malicious, originate from within an organization. Identifying both technical and
behavioral signs of insider threats is critical for prompt detection and mitigation of
potential breaches (Social Engineering and Insider Threats | Cybersecurity for Business
Class Notes | Fiveable, n.d.). In recent years, vulnerabilities linked to insider threats,
particularly in the financial sector, have increased in frequency and prominence. Insider
threats may stem from current or former employees, contractors, or business associates
with privileged access to an organization's assets. These threats can arise
unintentionally, such as errors leading to disruptions, or intentionally, such as
unauthorized access to systems or data. Both scenarios can result in theft, fraud, loss of
critical information, or operational disruptions (Cyber Security: The Insider Threat
Including Social Engineering, n.d.). Social engineering is increasingly prevalent as
businesses adopt advanced software supply chain security measures. These attacks
exploit human psychology instead of technical vulnerabilities, often using manipulative
schemes to coerce unsuspecting victims into specific actions. In a broader cybercrime
context, this often involves revealing personal information or transferring funds.
However, in Java security, social engineering tactics frequently aim to gain system
access. Insider threats, on the other hand, manifest as espionage, violence, theft,
sabotage, or cyberattacks. Despite their substantial risk, these threats are often
underestimated by organizations (Beazley, 2024). Social engineering refers to a type of
security attack in which individuals are manipulated into sharing information that can
lead to identity theft, financial fraud, or unauthorized system access. These attacks can
range from highly sophisticated to very simple. Techniques like obtaining information
over phone calls or through websites have introduced new dimensions to the role of
social engineers. This paper examines how individuals, corporations, governments, and
 military organizations have been deceived into disclosing information, leaving them
vulnerable to attacks (Peltier, Thomas. 2006).

3 Understanding the Threat Landscape: Cultural and Technological

Dimensions
The insider threat is acknowledged via both the scientific community and security
experts as one of the most significant security risks for private businesses, government
bodies, and institutions. Over the years, extensive research has been conducted on the
kinds, related inside and outside issues, mitigation techniques, and finding tactics.
Various frameworks have been developed to understand and address the risks posed by
insider threats, with numerous documented cases stored in isolated or public databases.
These approaches incorporate technical, cultural, behavioral, and personal gauges to
find possible dangers stood through individuals with privileged access (Georgiadou et al.,
2021). Information security involves safeguarding data from a wide array of threats to
ensure business continuity, maximize returns on investment and opportunities, and
reduce risks. Recognizing also categorizing threats to information systems is
fundamental to creating effective defenses. While administrations increasingly
participate in advanced safety technologies to defend their systems, attackers are now
targeting the weakest link in security—end users. Often, human error is the leading
cause of technological failures, making people the most vulnerable element in an
information security program (Abraham & Chengalur-Smith, 2010). Social engineering
attacks are growing rapidly in modern networks, posing momentous risks to
cybersecurity. These attacks manipulate individuals and organizations into exposing
valued and complex information for the use of cybercriminals. Social engineering
undermines network security regardless of the strength of firewalls, interruption finding
schemes, cryptography, or challenging virus software. Individuals are naturally additional
expected to belief other people over machines or machineries, making them the
scrawniest point in the safety shackle. Malicious actions leveraging psychological
manipulation can cause individuals to disclose confidential information or bypass
security protocols. Social engineering attacks are highly effective because they exploit
human interactions, bypassing technical safeguards. These attacks remain a significant
 threat as they cannot be mitigated through technological solutions alone; training is
essential to help individuals recognize and prevent such attempts. Cybercriminals often
rely on these tactics when no technical vulnerabilities are available to exploit (Salahdine
& Kaabouch, 2019). Regarding insider threats, physical security is often associated
through measures like guards, guns, and gates; however, every infrastructure security
event has a human measurement. Individuals by legitimate entree or else information
about a position can influence security events positively or negatively. In many cases,
personnel piece an energetic part in detecting, stopping, then replying toward
safekeeping incidents. Conversely, some individuals inadvertently or intentionally ease
safety cracks over negligence, absence of alertness, or malicious intent. In thrilling cases,
people may commit deliberate acts of sabotage, theft, or violence targeting critical
systems, facilities, or information (Williams et al., 2021). To address these challenges,
organizations must build a security-focused culture while incorporating advanced
technologies to counteract the risks associated with social engineering and insider
threats. Blunt awareness of both new social engineering tactics as well as different
types of insider threats helps to make sure that all the employees of the company stay
alert and know their roles in protecting vital data. Therefore, the fusion of this cultural
factor to technological components including accesses restrictions, behaviours
supervision and real-time threat identification enlarges the security processes for the
identification of any disparities. In combination with each other, the firm’s security
culture and the systematic approach to technology development ensure that
organizations are ready not only to detect and prevent, but also to combat insider
threats and fears, as well as social engineering threats.

4 The Evolving Dynamics of Insider Threats and Social Engineering

Attacks
Over the years, numerous attempts have been made to establish a clear definition for
the span ‘Social Engineering Attacks (SEA)’ cutting-edge nonfiction. Though changing a
little, these definitions share a common essence. Schmick and Conteh describe it by way
of ‘Hominoid Hacking,’ a practice of deceiving individuals hooked on revealing
authorizations, which are then used to access accounts or networks. Ghafir et al. define
it as a breach of organizational safety achieved through manipulating individuals into
bypassing standard security practices. The absence of a generally accepted meaning
consumes entered to studies focusing solely on this aspect. For instance, Wang, Zhu, and
Sun define social engineering in cybersecurity as a method where attackers exploit
human vulnerabilities through social interactions to compromise security, whether or
not technical weaknesses are involved (Venkatesha et al., 2021). In 2016, social
engineering and phishing attacks accounted for over 60% of altogether cyberattacks
trendy New Zealand's economic area. Although social engineering Attacks (SEA) targeted
those, their primary aim was the organizations those individuals were associated with. In
particular, phishing, akin to social engineering attacks, poses significant risks to the
financial sector. Research indicates that 37% of phishing attacks exploit traditional
banking policies and organizational trademarks, while 21% target financial credentials.
Such attacks erode customer trust, expose banks to identity theft, and result in financial
losses (Airehrour et al., 2018). As insider threats and social engineering attacks (SEAs)
continue to rise, addressing these cybersecurity concerns has become increasingly
critical. Despite deploying advanced technologies, organizations face challenges in
effectively detecting and mitigating such risks. Current threat detection systems often
focus happening insider threats, thereby widening the security gap (Zewdie et al., 2024).
Cybersecurity theatres a key role in protecting complex organizational facts, systems,
then networks from unlawful entree. However, the prevalence of insider threats and
SEAs highlights significant obstacles in identification and mitigation. A 2023 report
revealed that, despite implementing multiple security measures, 90% of companies
experienced an average loss of $16 million per incident. Existing finding methods,
primarily host-based or network-based intrusion systems, face limitations (Profound
Neural Nets for Noticing Insider Threats and Social Engineering Attacks (SEA), 2024).
Insider threats pose unique trials to organizations. While numerous detection methods
have been introduced over the years, the difficulty of the issue then the hominoid issues
elaborated have rendered several of these answers inadequate in real-world
environments. Consequently, several past attempts to prevent insider threats have
failed in their execution (Zeadally et al., 2012). To address these challenges,
organizations must cultivate a robust security culture alongside advanced technological
solutions to enhance detection and prevention capabilities. By raising employee
 awareness and utilizing tools like behavior monitoring systems, companies can better
manage insider threats and mitigate the risks posed by social engineering attacks.

5 Building Resilience: Integrating Culture and Technology for

Threat Mitigation and Conclusions
Humans are inherently social beings, and while the digital age has not altered this trait,
it has significantly transformed how we interact. Social media grants access to millions of
people and introduces new communication methods. However, it also poses
considerable security risks. Criminals exploit social media for activities like fraud, data
theft, and gathering business intelligence. To address these cybersecurity challenges, we
must examine human behavior and the influence of social media. A simple policy guiding
employee use of social media is insufficient; comprehensive measures, including early
education, adaptive and interactive training, and advanced technological solutions, are
essential. Strengthening the human element requires focusing on cultural factors,
starting with education at the earliest stages, such as first grade when children begin
using the internet. Innovative approaches to cybersecurity education, like interactive
video games, should be explored. Additionally, technological interventions must help
peoples reduce errors and avoid falling victim to cyber traps, such as social engineering
attacks. Secrecy sceneries can restrict entree to personal info, and social media intensive
helpful tools enable organizations to trail nasty doings and emerging fears. Technology
can also aids in verifying the authenticity of online interactions and can be used to
detect insider threats by analyzing social media activity (Tayouri, 2015). The widespread
adoption of information technology (IT) and ubiquitous devices has made social
engineering one of the most pressing cybersecurity threats today. In cybersecurity,
social engineering involves exploiting human weaknesses through manipulation to
achieve malicious goals. Identifying social engineering threats across different
environments is critical, as humans remain the weakest security link compared toward
technical safeguards. This vulnerability has spurred calls to improve users’
understanding of data safety. Practical working out and education plans are among the
most effective solutions. Advanced info safety education inventiveness can enhance
operator and employer consciousness, finally reducing cybersecurity incidents
(Humanizing and Rising Mindfulness on Cyber Security Social Engineering (SE): A
Literature Review, 2018). There is, however, a major concern that arises from social
engineering, which entails attacking human vulnerabilities thus overriding complex
technological barriers. Such threats explain the level of risk in accepting a balanced
strategy that includes cultural and technological interventions. Security awareness,
carrying out one’s assigned duty, and training the human resource to look out for and
report social engineering threats convert them into active barriers. Adding this cultural
strategy to pragmatic technology enablers like behavioural tracking and real-time threat
identification improves security. Handling insider threats with employable solutions not
only reduces the risks but also enhances the overall organizational resistance to
malicious activities and completes trust and operational continuity while coming across
dynamic cyber threats. Therefore, reinforcing the security policies through usual
examples and by demonstrations, training, and simulations of the real scenarios as well
as establishing a good communication channel between those IT professionals and other
departments must be a decisive and leading aspect of the formation of number a strong
security culture. Furthermore, first, organizations need to address the need for secure
work collaboration and statement and avoid exposing information to potential threats.
Risk finding and reply eras can be also optimistically impacted by actively using
innovative technology opportunities such as AI and machine learning . These skills can
sift through large amounts of information in real time, it can recognize patterns and
potential threats that known employees might not. Such advanced systems can work
hand in hand with the human-centred approach and develop a two-faceted security line
of defense. The combined capacity of the human consciousness and the available
technology is pivotal to approaches modern cybersecurity terrorizations. The use of
culture of continuous improvement and change to new threats would allow
organizational to visit gaining of the bend in the protection from both external and
internal threats. When merging cultural sensitivity and business advancement, firms will
be in a superior position of protecting their physical assets and to shield the security of
its systems in an increasingly technologically propelled creation. This multi-layered
approach links employees to be the first line of defense on issues to do with social
engineering and other Inside jobs while at the same time offering great technical
support to develop a technically fortified company. For further improvement of the
 organisation’s safety status predatory reviews and charges have to be conducted
periodically to assess the effectiveness of cultural approaches in compliance with
technical enhancements at the company. These assessments make it possible to certify
that the employees of an organization are armed with new threats and that the security
systems are adapting themselves to new functions. Further, maintaining environments
accepting by employees to report doubtful doings without fearing retaliation will assist
in identifying possible insider pressures a long time before they take effect. Risk
management, threat modeling, threat awareness, layered defenses, and systematic
solutions will protect organizational integrity and eliminate SE and insider threats with
the help of education, employee assignation, and modern technology.

6 References

1. Airehrour, D., Nair, N. V., & Madanian, S. (2018). Social engineering attacks and
countermeasures in the New Zealand banking system: Advancing a user-reflective
mitigation model. Information, 9(5), 110. https://doi.org/10.3390/info9050110
2. Beazley, H. (2024, July 23). Understanding social engineering & insider threats. Finite
State Blog. Retrieved from https://finitestate.io/blog/social-engineering-insider-
threats-java-security
3. Educating and raising awareness on cyber security social engineering: A literature
review. (2018, December 1). IEEE Conference Publication. Retrieved from
https://ieeexplore.ieee.org/abstract/document/8615162
4. Georgiadou, A., Mouzakitis, S., & Askounis, D. (2021). Detecting insider threat via a
cyber-security culture framework. Journal of Computer Information Systems, 62(4),
706–716. https://doi.org/10.1080/08874417.2021.1874552
5. Peltier, T. (2006). Social engineering: Concepts and solutions. Information Systems
Security, 15(1), 13–21.
https://doi.org/10.1201/1086.1065898x/46351.15.1.20060301/92092.3
6. Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. Future
Internet, 11(4), 89. https://doi.org/10.3390/fi11040089
 7. Tayouri, D. (2015). The human factor in social media security: Combining education
and technology to reduce social engineering risks and damages. Procedia
Manufacturing, 3, 1096–1100. https://doi.org/10.1016/j.promfg.2015.07.182
8. Venkatesha, S., Reddy, K. R., & Chandavarkar, B. R. (2021). Social engineering attacks
during the COVID-19 pandemic. SN Computer Science, 2(2), Article 118.
https://doi.org/10.1007/s42979-021-00512-6
9. Williams, A. D., Abbott, S. N., & Littlefield, A. C. (2021). Insider threat. In Springer
eBooks (pp. 450–457). https://doi.org/10.1007/978-3-030-70757-1_50
10. Zeadally, S., Yu, B., Jeong, D. H., & Liang, L. (2012). Detecting insider threats:
Solutions and trends. Information Security Journal: A Global Perspective, 21(4), 183–
192. https://doi.org/10.1080/19393555.2012.700489
11. Zewdie, M. T., Girma, A., & Sitote, T. M. (2024). A comprehensive review of insider
threats and social engineering attacks detection: Challenges, gaps, and a deep
learning-based solution. Antneeh Girma https://dx.doi.org/10.2139/ssrn.4950694

7 Annex

I used ChatGPT prompt: "Write an outline and initial draft for a white paper on the topic
'The interaction of culture and technology in managing insider threats and social
engineering.' Include key concepts, examples, and proposed solutions”. This gives me an
initial AI-generated draft that provides a basic outline covering the integration of culture
and technology in mitigating insider threats and social engineering. Which highlighted the
importance of human vulnerabilities and proposed a dual approach involving cultural
practices and technological tools. In the initial draft, the sections include an introduction,
current issues, and recommendations with examples on social engineering attacks. The
strength of the AI-generated draft was well structured, which suggests a clear outline of
introduction, context, current issues, and recommendations. While the draft has some
weaknesses, including the detailed analysis and specific case studies requiring further
research and details. I made further improvements by including academic and professional
sources to enhance the depth and credibility of the content. All references were formatted
according to APA style to ensure academic rigor.