SECURITY CULTURE, TOP MANAGEMENT, AND TRAINING ON SECURITY EFFECTIVENESS: A C...
Social Engineering Impacts on Banking Security
1. ABSTRACT
Every organization in the world determines to keep a standard level of information
security measures to protect their information assets, since it lays the foundation for day today
business functions. Social engineering is one of the main information security concerns, since the
impact from such attacks are immeasurable. Internet banking systems consist of the most
lucrative information assets, which attackers look forward to steal by performing social
engineering attacks. Social, Human, Organizational, and Cultural are the main aspects of the
information security. Social engineering belongs to social aspects for the information security,
and therefore this study was conducted in order to understand the impact of social aspects on the
information security of internet banking in Seylan Bank PLC.
Based on the previous literature, a conceptual framework was developed to determine the
impact of social engineering on the information security of internet banking in Seylan Bank
PLC. The conceptual framework enabled to understand the behaviour of all variables determined
for the study.
The study was focused on the employees of Seylan Bank PLC and a close-ended
questionnaire, consisting of multiple choice and likert scale questions were used to collect
primary data from the sample of 338 employees in the bank. The study adopted the deductive
research approach with quantitative research methodologies. Descriptive statistics and
Correlation analysis methods were used as statistical tools to analyse primary data collected
through the questionnaire.
The results of the study reflected that social engineering threats and vulnerabilities of
internet banking have a significant and negative relationship with information security of internet
banking. Thus, the interpretations of the relationships were, if the bank increases the information
security measures in the internet banking service Social engineering threats and Vulnerabilities
of internet banking could be reduced. On the other hand, awareness of social engineering has a
significant positive relationship with the information security of internet banking system; i.e. the
improvements in the awareness of social engineering increase the security of internet banking.
Further analysis described that awareness of social engineering can be explained as the most
influential factor for the Information security of internet banking than Vulnerabilities and Social
engineering threats. Therefore, awareness of the social engineering is the key to protect
information assets from the social engineering attacks.