Authors: Ebtesam Shadadi, Rasha Ibrahim, Essam Ghadafi

Abstract:

Phishing poses a significant threat as a cybercrime by tricking end users into revealing their confidential and sensitive information. Attackers often manipulate victims to achieve their malicious goals. The increasing prevalence of phishing has led to extensive research on this issue, including studies focusing on phishing attempts in healthcare institutions in the Kingdom of Saudi Arabia. This paper explores the importance of analyzing phishing attacks, specifically focusing on those targeting the healthcare industry. The study delves into the tactics, obstacles, and remedies associated with these attacks, all while considering the implications for Saudi Vision 2030.

Keywords: Phishing, cybersecurity, cyber threat, social engineering, Vision 2030.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 23

References:

[1] W. M. Albalwi, “Corporate Social Responsibility and Impression Management: The American Arabian Oil Company (Aramco), 1932–1974.” Newcastle University, 2022.
[2] “Number of internet users in Saudi Arabia from January 2013 to January 2023. https://www.statista.com/statistics/1392844/saudi-arabia-number-of-internet-users/#:~:text=The number of internet users, users in the previous year (accessed Sep. 08, 2023).
[3] “Kaspersky Lab Helps Mitigate Security Risk at the Cyber Defense Summit 2019.” https://me-en.kaspersky.com/about/press-releases/2019_cyber-defense-summit (accessed Sep. 08, 2023).
[4] A. A. Alyahya, “Individuals’ motivation in responding to phishing emails: a Saudi Arabian case study.” University of Strathclyde, 2022, pp.31-39.
[5] “National Cyber Security Centre (NCSC) Report.” https://www.moi.gov.sa/wps/portal/Home/Home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziLQPdnT08TIy83Q0dzQwcPc2N_A08TQ3dPY30wwkpiAJKG-AAjgZA_VFgJc7ujh4m5j4GBhY-7qYGno4eoUGWgcbGBo7GUAV4zCjIjTDIdFRUBAApuVo7/dz/d5.
[6] A. J. Cartwright, “The elephant in the room: cybersecurity in healthcare,” J. Clin. Monit. Comput., pp. 1–10, 2023.
[7] Ghaleb Al-Mekhlafi, Z., Abdulkarem Mohammed, B., Al-Sarem, M., Saeed, F., Al-Hadhrami, T., Alshammari, M.T., Alreshidi, A. and Sarheed Alshammari, T., (2022). Phishing website detection by using an optimised stacking ensemble model. Computer Systems Scien.
[8] Das, S., Nippert-Eng, C. and Camp, L.J., 2022. Evaluating user susceptibility to phishing attacks. Information & Computer Security, 30(1), pp.1-18.
[9] Lallie, H. S., Shepherd, L. A., Nurse, J. R., Erola, A., Epiphaniou, G., Maple, C., & Bellekens, X. (2021). Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security, 105, 1-2.
[10] Petracca, F., Ciani, O., Cucciniello, M., & Tarricone, R. (2020). Harnessing digital health technologies during and after the COVID-19 pandemic: context matters. Journal of Medical Internet Research, 22(12), e21815. doi:10.2196/21815.
[11] Pranggono, B., & Arabo, A. (2021). COVID‐19 pandemic cybersecurity issues. Internet Technology Letters, 4(2), e247. doi:1002/itl2.247.
[12] Culbertson, N. (2021). Increased cyberattacks on healthcare institutions shows the need for greater cybersecurity. Retrieved from healthcare-institutions-shows-https://www.forbes.com/councils/forbestechcouncil/2021/06/07/increased-cyberattacks-on-healthcare-institutions-shows-the-need-for-greater-cybersecurity/
[13] Georgiadou, A., Mouzakitis, S. and Askounis, D., 2021. Designing a cyber-security culture assessment survey targeting critical infrastructures during the COVID-19 crisis. arXiv preprint arXiv:2102.03000.
[14] S. T. Alanazi, M. Anbar, S. A. Ebad, S. Karuppayah, and H. A. Al-Ani, “Theory-based model and prediction analysis of information security compliance behavior in the Saudi healthcare sector,” Symmetry (Basel)., vol. 12, no. 9, p. 1544, 2020.
[15] “Saudi Arabia in the crosshairs as cyber-raids target Gulf.” https://www.arabnews.com/node/1452756/saudi-arabia
[16] Cyren, “CYBERTHREAT Report the Phishing Issue From Targeted Attacks to Evasive Phishing.” (Online). Available: https://www.arrow.com/ecsmedia/10296/evasivephishingreport.pdf.
[17] S. Altamimi, T. Storer, and A. Alzahrani, “The role of neutralisation techniques in violating hospitals privacy policies in Saudi Arabia,” in 2018 4th International Conference on Information Management (ICIM), 2018, pp. 133–140.
[18] A. I. Albarrak, “Information security behavior among nurses in an academic hospital,” HealthMED, vol. 6, no. 7, pp. 2349–2354, 2012.
[19] K. I. Almuwail, A. S. Albarrak, M. Nasir, M. Bhutta, And H. A. M. Wahsheh, “Examining the Factors for Non-Compliance of Saudi Health Organizations for E-Health Security and Privacy,” J. Theor. Appl. Inf. Technol., Vol. 101, No. 2, 2023.
[20] Quadri, A. and Khan, M.K., 2019. Cybersecurity Challenges of the Kingdom of Saudi Arabia.
[21] Senatas global support, Australia, healthcare-sector-remains-a-primary-target-for-cyber-attacks.
[22] AI-Powered Innovation. Human-Centric Security https://www.proofpoint.com/.
[23] Alzubaidi, Abdulaziz. “Measuring the level of cyber-security awareness for cybercrime in Saudi Arabia.” Heliyon 7, no. 1 (2021).
[24] Desolda, Giuseppe, Francesco Di Nocera, Lauren Ferro, Rosa Lanzilotti, Piero Maggi, and Andrea Marrella. “Alerting users about phishing attacks.” In HCI for Cybersecurity, Privacy and Trust: First International Conference, HCI-CPT (Chri2 Severity, Held as.
[25] BMJ Health & Care Informatics, https://informatics.bmj.com/.
[26] Omnia health by informal Markets, The voice of the global healthcare industry, Omnia health magazine, August 2023.
[27] Healthcare IT news by Sara Mageit, November 2020, Magazine “Cyber Security through the lens of patient Safety.
[28] AMAN cybersecurity solutions summary report, Riyadh.
[29] Internet World Stats: Usage and Population Statistics, Online https://www.internetworldstats.com/stats.htm.
[30] Saudi Arabia Social Media Statistics 2023, Online, https://www.globalmediainsight.com/blog/saudi-arabia-social-media-statistics/.
[31] Alahmadi, H.A., 2010. Assessment of patient safety culture in Saudi Arabian hospitals. Quality and Safety in Health Care, 19(5), pp.e17-e17..
[32] G. N. Samy, R. Ahmad, and Z. Ismail, Security threats categories in healthcare information systems, vol. 16, no. 3. 2010, pp. 201–209.
[33] Bezuidenhout, M., Mouton, F. and Venter, H. (2010) Social Engineering Attack DetectionModel: SEADM. IEEE.
[34] Algarni, Abdullah Ayed M., and Yue Xu. “Social engineering in social networking sites: Phase-based and source-based models.” International Journal of e-Education, eBusiness, e-Management and e-Learning 3, no. 6 (2013): 456-462.
[35] Halouzka, Kamil, Pavel Kozak, Ladislav Buřita, and Petr Matoulek. “Personal cyber security in email communication.” In 2021 International Conference on Military Technologies (ICMT), pp. 1-5. IEEE, 2021.
[36] Aldawood, Hussain A. “An Awareness Policy Framework for Cyber Security Social Engineering Threats.” PhD diss., The University of Newcastle, Australia, 2020.
[37] Abdulla, Raza M., Hiwa A. Faraj, Choman O. Abdullah, Askandar H. Amin, and Tarik A. Rashid. “Analysis of Social Engineering Awareness among Students and Lecturers.” IEEE Access (2023).
[38] Article The Art of Social Engineering: Understanding the Psychology Behind Human Manipulation, July 2023.
[39] Rangeforce tutorial post, October 2023.
[40] Guilford, M., 2023. Systemic Risk Analysis of Human Factors in Phishing (Doctoral dissertation, Old Dominion University).
[41] Aljeaid, Dania, Amal Alzhrani, Mona Alrougi, and Oroob Almalki. “Assessment of End-User Susceptibility to Cybersecurity Threats in Saudi Arabia by Simulating Phishing Attacks.” Information 11, no. 12 (2020): 547.
[42] Almutairi, Bandar S., and Abdurahman Alghamdi. “The Role of Social Engineering in Cybersecurity and Its Impact.” Journal of Information Security 13, no. 4 (2022): 363- 379.
[43] Alharthi, Dalal N., and Amelia C. Regan. “Social engineering defense mechanisms: A taxonomy and a survey of employees’ awareness level.” In Intelligent Computing: Proceedings of the 2020 Computing Conference, Volume 1, pp. 521-541. Springer International.
[44] J. Chen and C. Guo, “Online Detection and Prevention of Phishing Attacks,” 2006 First International Conference on Communications and Networking in China, 2006, pp. 1-7, (Online) Available at DOI: 10.1109/CHINACOM.2006.344718.
[45] Elnaim, B. and Al-Lami, H., 2017. The current state of phishing attacks against Saudi Arabian university students. International Journal of Computer Applications Technology and Research, 6(1), pp.42-50.
[46] Al-abdan, R. (2020) ‘Phishing attacks survey: Types, vectors, and technical approaches’, MDPI Future Internet, 12 (10), pp. 1-39.
[47] Pyke, A., Rovira, E., Murray, S., Pritts, J., Carp, C.L. and Thomson, R., 2021. Predicting individual differences to cyber-attacks: Knowledge, arousal, emotional and trust responses. Cyberpsychology: Journal of Psychosocial Research on Cyberspace, 15(4).
[48] B. Christiaan, D. Taylor, F. John, G. Steve, H. Tim, P. Tim, L. Marc Rivero, R. Thomas, S.- M. Jessica, S. Raj, S. Ryan, McAfee Labs Threats Report.
[49] Alyahya, A. and Weir, G.R., 2021, March. I am understanding responses to Phishing in SaudiArabia via the Theory of Planned Behaviour. In 2021 National Computing Colleges Conference (NCCC) (pp. 1-6). IEEE.
[50] Lee, Y.Y.J., 2022. Cyber hygiene during Covid-19 to avoid cyber-attacks (Doctoral dissertation, UTAR).
[51] Albakry, S., Vaniea, K., and Wolters, M. K. (2020) ‘What Is This URL’s Destination? Empirical Evaluation of Users’ URL Reading,’ Proceedings of the 2020 CHI Conference on Human Factors in Computing System, pp. 1-12.
[52] Tiwari, P. (2020) Exploring Phishing Susceptibility Attributable to Authority, Urgency, Risk Perception And Human Factors. Purdue University.
[53] Jayatilaka, A., Arachchilage, N.A.G. and Babar, M.A., 2021. Falling for Phishing: An Empirical Investigation into People’s Email Response Behaviors. arXiv preprint arXiv:2108.04766.
[54] Chanti, S and Chithralekha, T. (2020) ‘Classification of Anti-phishing Solutions’, Social Netw. Comput. Sci., vol. 1, no. 1, p. 11, Jan. 2020.
[55] Hadnagy, C. and Fincher, M., 2015. Phishing dark waters: The offensive and defensive sides of malicious Emails. John Wiley & Sons.
[56] Mahamood, A.F., Ramli, A.J., Yakob, T.K.T., Ali, E. and Affandy, H.B., 2023. Analysis the Types and Impacts of Phishing Attacks on Internet Users. Journal of Global Business and Social Entrepreneurship (GBSE), 9(26).
[57] Chen, R., Gaia, J. and Rao, H. R. (2020) An examination of the effect of recent phishing encounters on phishing susceptibility.
[58] F. Alotaibi, S. Furnell, I. Stengel, M. Papadaki, A survey of cyber-security awareness in Saudi Arabia, in: 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST), IEEE, 2016, pp. 154–158.
[59] N. Innab, H. Al-Rashoud, R. Al-Mahawes, W. Al-Shehri, Evaluation of the effective anti- phishing awareness and training in governmental and private organisations in Riyadh, in: 2018 21st Saudi Computer Society National Computer Conference (NCC), IEEE, 201.
[60] E.I.M. Zayid, N.A.A. Farah, A study on cybercrime awareness test in Saudi Arabia Alnamas region, in: 2017 2nd International Conference on Anti-Cyber Crimes (ICACC), IEEE, 2017, pp. 199–202 R.C. Dodge Jr, C. Carver, A.J. Ferguson, Phishing for user security.
[61] Saira, G., Arvind, S. and Mike, D., (2022). Cyber-attacks are a permanent and substantial threat to health systems. Education must reflect that—Digital Health, 8, p.20552076221104665.
[62] Verizon, “2020 Data Breach Investigations Report (DB,” 2020. (Online). A vailable: https://enterprise.verizon.com/en-gb/resources/reports/dbir/2020/data-breach-statistics-by- industry/healthcare-data-breaches-security/.
[63] Yeng, P.K., Fauzi, M.A. and Yang, B., 2022. A comprehensive assessment of human factors in cyber security compliance toward enhancing the security practice of healthcare staff in paperless hospitals. Information, 13(7), p.335.
[64] Alsharif, M., Mishra, S. and AlShehri, M., 2022. Impact of Human Vulnerabilities on Cybersecurity. Computer Systems Science & Engineering, 40(3).
[65] Yeng, P.K., Fauzi, M.A. and Yang, B., 2021, November. Assessing the effect of human factors in healthcare cyber security practice: An empirical study. In Proceedings of the 25th Pan-Hellenic Conference on Informatics (pp. 472-476).
[66] Triplett, W.J., 2022. Addressing human factors in cybersecurity leadership. Journal of Cybersecurity and Privacy, 2(3), pp.573-586.
[67] Strategies to protect Saudi Arabia healthcare from cyberattacks (aman.com.sa).
[68] Chhikara, J., Dahiya, R., Garg, N. and Rani, M., 2013. Phishing & anti-phishing techniques: Case study. International Journal of Advanced Research in computer science and software engineering, 3(5).
[69] Wu, M., Miller, R. C. and Garfinkel, S. L. (2006) ‘Do security toolbars actually prevent phishing attacks?’, Proceedings SIGCHI Conference on Human Factors in Computing Systems, Montréal, Québec, Canada, pp. 22-27 April.
[70] HIPAA Journal https://www.hipaajournal.com/.
[71] M. M. ALotibi and A. Abdullah Alghamdi, “The Effect of Applying Information Security Awareness Concept of MOH Employees on Cybersecurity Department–Ministry of Health-Riyadh,” 2022.
[72] Wood, T., Basto-Fernandes, V., Boiten, E. and Yevseyeva, I., 2022. Systematic Literature Review: Anti-Phishing Defences and Their Application to Before-the-click Phishing Email Detection. arXiv preprint arXiv:2204.13054.