Human Shield: Addressing Social Engineering Threats by Strengthening a Security Culture and Ethics in Digital Business Communication
Keywords:
Social Engineering , Tactics Psychological, Manipulation Phishing, Spear-Phishing PretextingAbstract
Abstrak
Social engineering menjadi salah satu ancaman siber paling berbahaya dalam komunikasi bisnis karena memanfaatkan manipulasi psikologis untuk memperoleh akses ilegal. Serangan seperti phishing, pretexting, baiting, dan whaling terus meningkat, terutama di organisasi yang belum memiliki budaya keamanan kuat. Penelitian ini bertujuan menganalisis bagaimana social engineering mengancam komunikasi bisnis serta mengkaji efektivitas kebijakan keamanan dan tata kelola informasi dalam menekan risiko tersebut. Metode yang digunakan adalah analisis deskriptif kualitatif dengan menggabungkan literatur akademik dan data empiris dari lembaga nasional seperti BSSN. Hasil penelitian menunjukkan bahwa kebijakan keamanan hanya efektif jika didukung kontrol teknis, edukasi pengguna, mekanisme audit, dan leadership keamanan yang konsisten. Temuan ini menegaskan bahwa faktor manusia tetap menjadi titik paling rentan dan membutuhkan strategi mitigasi yang berkelanjutan.
References
Abawajy, J. (2014). User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33(3), 237–248.
Alshehri, M., Alabdulmohsin, I., & Algalil, S. (2023). Detecting phishing emails using deep learning techniques. Journal of Cybersecurity and Digital Forensics, 5(2), 77–92.
National Cyber and Cryptography Agency. (2022). Annual Report on Indonesian Cybersecurity. BSSN RI.
Bullee, J. H., Montoya, L., Pieters, W., Junger, M., & Hartel, P. (2017). Spear phishing in organisations explained. Information & Computer Security, 25(5), 593–613.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548. https://doi.org/10.2307/25750690
Cialdini, R. B. (2007). Influence: The psychology of persuasion (Revised ed.). Harper Business. (Original work published 1984). https://doi.org/10.4324/9781315664361
Cherdantseva, Y., & Hilton, J. (2013). Information security and information assurance: The discussion about the meaning, scope, and goals. International Journal of Computer Science and Engineering, 7(1), 36–43.
Cialdini, R. B. (2006). Influence: The psychology of persuasion (Rev. ed.). Harper Collins.
Conti, M., Dragoni, N., & Lesyk, V. (2016). A survey of man-in-the-middle attacks. IEEE Communications Surveys & Tutorials, 18(3), 2027–2051.
Firmansyah, A., & Suryanto, W. (2022). Analysis of the security risks of public WiFi networks in urban areas. Journal of Information Technology and Security, 10(1), 45–54.
Fruhlinger, J. (2020). Whaling attack definition and examples. CSO Online.
Harris, A. J., Patten, K., & Regan, E. (2012). The need for BYOD mobile device security awareness. Information Security Journal, 21(3), 123–131.
Hidayat, R., Fadhilah, N., & Yuliana, D. (2022). The level of digital security literacy of internet users in Indonesia. Indonesian Journal of Digital Communication Sciences, 4(2), 101–114.
IBM Security. (2023). Cost of a Data Breach Report 2023. IBM Corporation.
Mitnick, K. D., & Simon, W. L. (2002). The art of deception: Controlling the human element of security.
Wiley. Mouton, F., Leenen, L., & Venter, H. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186–209.
Nurse, J. R. C., Creese, S., Goldsmith, M., & Lamberts, K. (2014). Trustworthy and effective communication of cyber security risks. ACM Computing Surveys, 47(4), 1–44.
Parsons, K., McCormac, A., Pattinson, M., Butavicius, M., & Jerram, C. (2014). The human aspects of information security questionnaire (HAIS-Q): Measuring security awareness. Computers & Security, 42, 165–176.
Putra, B. S., & Rochim, A. F. (2021). Analysis of social engineering vulnerabilities in public sector organizations. Nusantara Cyber Security Journal, 3(2), 89–102.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97–102.
Whitman, M. E., & Mattord, H. J. (2018). Principles of information security (6th ed.). Cengage Learning.
Wibowo, E., & Santoso, I. (2022). Evaluate the risk of insider threats in the company's information system. Indonesian Journal of Information Systems, 8(1), 55–63.
Hadnagy, C. (2018). Social engineering: The science of human hacking (2nd ed.). John Wiley & Sons. https://doi.org/10.1002/9781119433729
Mitnick, K. D., & Simon, W. L. (2002). The art of deception: Controlling the human element of security. John Wiley & Sons. ISBN: 978-0471237129
Whitman, M. E., & Mattord, H. J. (2021). Principles of information security (7th ed.). Cengage Learning. ISBN: 978-0357506431
