Reducing the risk of social engineering attacks using SOAR measures in a real world environment: A case study

Abstract

The global cost of successful cyberattacks is increasing annually, with there being a shift towards social engineering threats in recent years. Cybercriminals are increasingly targeting humans rather than technical systems, recognizing data as a critical resource, especially in the finance industry where breaches can lead to substantial losses and reputational damage. The present case study proposes measures to reduce human susceptibility to social engineering attacks, leveraging SOAR (Security Automation, Orchestration, and Response) technology for incident response automation. The study covers various issues in cybersecurity, SOAR, and social engineering, through analyzing interviews with expert practitioners in the field, addressing cybersecurity skills shortages and current cyber threats. Four social engineering vignettes were developed, representing real threats, along with specific SOAR measures implemented using Microsoft Sentinel. These measures were simulated to demonstrate their effectiveness by reducing the employee's vulnerability to social engineering attacks. The risk of social engineering attacks was successfully reduced by implementing a responsive approach through the developed SOAR measures. Some of the measures reduced the risk by locking user accounts or forcing password changes after a detected cyber incident while another measure was developed for awareness enhancements. Given the current shortage of cybersecurity professionals, technologies like SOAR are becoming increasingly relevant for security teams. However, SOAR alone cannot address all challenges posed by social engineering and should be viewed as a complementary measure rather than a standalone solution.