Abstract:

With the rapid advancement of technology, institutions, particularly educational ones, increasingly rely on delivering their services and information electronically. Consequently, the risk of these services and information being exposed to cyberattacks, especially those employing social engineering techniques, has significantly increased. This study aims to assess the awareness level of Hebron University employees regarding the concept of social engineering and to identify the potential risks associated with it. The study framework was developed based on a review of previous research in this field, covering several critical aspects, including employees' understanding of social engineering terminology, its risks, and the reasons for falling victim to such techniques. The study population comprised 650 employees from Hebron University, conducted during the second semester of the 2022/2023 academic year. A descriptive-analytical approach was employed, utilizing a questionnaire for data collection and analyzing the results accordingly. The results revealed that employees' awareness of social engineering concepts was 59%, a moderate level, while awareness of the associated risks was 90.3%, a high level. Additionally, awareness of the potential reasons for being targeted by social engineering attacks was also high, at 84.7%. Based on these findings, several recommendations were proposed to enhance employees' awareness of social engineering risks and reduce their exposure to such attacks. The recommendations included organizing workshops and awareness lectures, providing essential security tools, and establishing a dedicated entity to manage incidents related to social engineering-attacks.