AUTHOR=Hamoud Aymen , Aïmeur Esma TITLE=Handling User-Oriented Cyber-Attacks: STRIM, a User-Based Security Training Model JOURNAL=Frontiers in Computer Science VOLUME=2 YEAR=2020 URL=https://www.frontiersin.org/journals/computer-science/articles/10.3389/fcomp.2020.00025 DOI=10.3389/fcomp.2020.00025 ISSN=2624-9898 ABSTRACT=

Privacy is an increasingly rare commodity. Once personal information is entered into a social network, it is no longer private. Such networks have become an incubation environment and carrier for cyber-attacks either by providing the necessary information about victims or facilitating the ways in which cyber-criminals can reach them. Social media create relationships and trust between individuals, but there is often no authority checking and validating user identities. This paper analyses different attack vectors examining the techniques used against end-users, who are targeted as a way of accessing larger organizations. It shows how the information that is disclosed to social networks can be transformed to provide insights about an organization, and the role of the victim in this process. These leaks not only expose users to the risk of cyber-attacks, but they also give attackers the opportunity to create personalized strategies that are difficult to avoid. This paper highlights these user-oriented attacks by first demonstrating the impact of disclosed information in the process of formulating an attack, in addition to group influence on an individual's vulnerability. Next, the various psychological manipulation factors and cognitive bias behind the user's failure to detect these attacks is demonstrated. This research introduces a theoretical user-based security training model called STRIM, which aims to educate and train users to detect, avoid, and report cyber-attacks in which they are the primary target. The proposed model is a solution to help organizations establish security-conscious behaviors among their employees.