Social Science Principles in Penetration Testing<\/p>\n\n\n\n
The field of Cybersecurity is widely recognized as multidisciplinary, with many careers in the field utilizing various social science principles and ideas in their day-to-day tasks. Of the plentiful number of jobs that Cybersecurity majors can pursue, Penetration testing is an extremely rewarding career that focuses on identifying security weaknesses within an organization, and part of that process includes social engineering and Human Systems Integration exercises that test employee\u2019s cyber hygiene (Coursera). While penetration testing deals significantly with the technological side of security systems, human error is one of the leading causes of data breaches, and a study from Stanford University in 2020 concluded that 85% of cybersecurity data breaches are due to human error (\u201cThe Psychology of Human Error\u201d). To ensure that computer systems and their users are equipped with the necessary tools to maintain security, and that company employees act as a \u201chuman firewall\u201d, penetration testers undergo a series of technical, and physical social-engineering tests to help organizations better understand their areas of strength and weakness regarding security practices.<\/p>\n\n\n\n
One common social-engineering method that penetration testers utilize to test employee\u2019s cyber hygiene is through simulated phishing attempts. Since cyber victimization is often associated with behavior, an employee who falls for a phishing attempt may be more trusting, sympathetic, and easier to manipulate. An ordinary phishing attempt would include sending out emails to random users within an organization, and encouraging receivers to click on a link that leads to a webpage designed to obtain data from a user. Simulated phishing uses a similar process, with the main objective of this test being the comparison between the number of users who clicked on the link versus the total amount of people who were sent the suspicious email. Much like when conducting any test or experiment, its important to remain ethical, and ensure that the simulated webpage created doesn\u2019t record personal data from users (Kabay).<\/p>\n\n\n\n
Another social-engineering tool commonly used by cyber offenders is the concept of baiting. According to an article from Carnegie Mellon University, \u201cThe most common form of baiting uses physical media to disperse malware\u201d (University). To form the test, a device such as a USB drive is placed in a random location inside an office, with the hopes that an employee discovers it and reports it. In some cases, though, like discussed in course material, individuals with certain personality traits might be more susceptible to fall for a baiting attempt. According to theories and personalities described within module material such as Reinforcement Sensitivity Theory, those who show curious, impulsive, and open personality traits may be more likely to plug the USB drive into a computer, which could lead to malware being downloaded onto the system. On the other hand, users who have high levels of self-control, and who are conscientious by nature would be more likely to report the suspicious device to higher authority.<\/p>\n\n\n\n
Penetration testing and many other Cybersecurity careers are similar in the way that they lack diversity when analyzing numbers for marginalized groups within the field. According to an article from Forbes, only 9% of Cybersecurity experts are Black, 8% are Asian, and only 4% are Hispanic. To combat this, focuses should be aimed on encouraging a more diverse workforce within the Cybersecurity community. This can be done by financial assistance, grants, and mentorships. Issues for minorities such as language barriers could pose problems for careers that require strong communication skills such as Penetration Testing, and organizations should consider investing in translation services to help combat this issue.<\/p>\n\n\n\n
Penetration testing is extremely important for organizations in society. For businesses to ensure they\u2019re equipped with the right security programs, systems, and personnel, and to aid in the overall improvement of security structures, hiring a penetration tester to identify vulnerabilities and weaknesses is crucial to this process. Most managers and CEO\u2019s will agree that it\u2019s much better for a professional to identify flaws in a system before a legitimate threat does. Without professional assistance, companies will likely not be ready to face legitimate threats in real time, which could lead to monetary loss, and the breach of private data from customers, patients, or clients within that organization. Depending on the size of the organization, this could have negative effects on many members of society. Penetration testers help to prevent these threats before they happen and will only become more sought after and integral as cyber threats increase in the ever-growing world of technology.<\/p>\n\n\n\n
Works Cited<\/p>\n\n\n\n
Allen, Ben. \u201cCouncil Post: Minorities and the Cybersecurity Skills Gap.\u201d Forbes, www.forbes.com\/sites\/forbestechcouncil\/2022\/09\/30\/minorities-and-the-cybersecurity<\/a> skills-gap\/?sh=2e6c7efc7f3f. Accessed 8 Apr. 2023.<\/p>\n\n\n\n Coursera. \u201c10 Cybersecurity Jobs: Entry-Level and Beyond.\u201d Coursera, 22 Sept. 2022, www.coursera.org\/articles\/cybersecurity-jobs<\/a>.<\/p>\n\n\n\n \u201cThe Psychology of Human Error.\u201d Tessian, www.tessian.com\/research\/the-psychology-of<\/a> human-error\/.<\/p>\n\n\n\n University, Carnegie Mellon. \u201cSocial Engineering – Information Security Office \u2013 Computing Services – Carnegie Mellon University.\u201d Www.cmu.edu, www.cmu.edu\/iso\/aware\/dont<\/a> take-the-bait\/social-engineering.html.<\/p>\n","protected":false},"excerpt":{"rendered":" Social Science Principles in Penetration Testing The field of Cybersecurity is widely recognized as multidisciplinary, with many careers in the field utilizing various social science principles and ideas in their day-to-day tasks. Of the plentiful number of jobs that Cybersecurity majors can pursue, Penetration testing is an extremely rewarding career that focuses on identifying… <\/p>\n