Why we need a Social Engineering eXposure Index (SEXI)
Research, security bulletins, and the news media continue to warn of an increase of publicly available personal information. While social network sites and data breaches receive much of the blame, personal information provided by users has grown exponentially over recent years via social media, Website customization, online surveys, smartphones, fitness trackers, smart residential products, and a plethora of other venues. From January 2005 through January 2019, data breaches provided 11.6 billion records of personal information made available via public disclosure, Website distribution, and underground hacker markets for trade as well as purchase.
Publicly available personal information often facilitates the success of social engineering attacks on organizations, compromise of academic facilities, and theft of research. Little is known as to what personal information is available or potential for use in a social engineering attack. Even less is known as to the level of harm an organization can endure due to personal information exposure.
For the Embry-Riddle Aeronautical University Engineer’s Week (February 2019), the IEEE Daytona Section will host a discussion concerning the intersection of social engineering and personal information. A presentation of the difficulty associated with the classification and regulation of personal information, the methods used by social engineers to interfere with academia and research, as well as the process used by attackers on a key individual in the United States government.