Análisis de vulnerabilidades en ciberseguridad con casos de estudio de Ingeniería social empresarial

Vista sencilla de ítem
dc.contributor.advisorContreras Ortiz, Martha Susana
dc.contributor.authorMora Guerrero, Marian Gabriela
dc.contributor.corporatenameUniversidad Santo Tomas
dc.date.accessioned2026-01-23T15:52:25Z
dc.date.available2026-01-23T15:52:25Z
dc.date.issued2026-01-21
dc.descriptionEste artículo aborda una investigación exploratoria en el ámbito de la ciberseguridad en relación con la ingeniería social, ya que los atacantes se benefician de la vulnerabilidad humana más que de las fallas técnicas. Investigaciones demuestran que las filtraciones de datos y otras amenazas se dan por errores humanos o en la manipulación psicológica, lo que conlleva a un problema crítico para las empresas. A pesar de que existen diversas herramientas para contrarrestar los ataques cibernéticos actuales, la dimensión humana sigue siendo el punto más débil en la protección de la información. La metodología empleada contiene una investigación descriptiva basada en mapeo sistemático y análisis de casos reales, esto con el objetivo de identificar percepciones, prácticas y medidas de prevención frente a la ingeniería social. El propósito del artículo es ofrecer una visión que integra la parte teórica y práctica, para mostrar un panorama actualizado con relación a cómo las empresas se enfrentan a este tipo de amenazas cibernéticas. El artículo beneficia a los profesionales de ciberseguridad como a los directivos.
dc.description.abstractThis article addresses exploratory research in the field of cybersecurity in relation to social engineering, as attackers benefit from human vulnerability rather than technical flaws. Research shows that data leaks and other threats occur due to human error or psychological manipulation, which poses a critical problem for companies. Although there are various tools available to counter current cyberattacks, the human dimension remains the weakest link in information protection. The methodology used includes descriptive research based on systematic mapping and analysis of real cases, with the aim of identifying perceptions, practices, and preventive measures against social engineering. The purpose of the article is to offer a vision that integrates theory and practice, to show an updated overview of how companies are dealing with this type of cyber threat. The article benefits cybersecurity professionals and managers alike.
dc.description.degreelevelPregradospa
dc.description.degreenameIngeniero Informáticospa
dc.format.mimetypeapplication/pdf
dc.identifier.citationMora Guerrero, M. G. (2026). Análisis de vulnerabilidades en ciberseguridad con casos de estudio de Ingeniería social empresarial (Trabajo de grado, Universidad Santo Tomás, Seccional Tunja).
dc.identifier.instnameinstname:Universidad Santo Tomásspa
dc.identifier.reponamereponame:Repositorio Institucional Universidad Santo Tomásspa
dc.identifier.repourlrepourl:https://repository.usta.edu.cospa
dc.identifier.urihttp://hdl.handle.net/11634/71025
dc.language.isospa
dc.publisherUniversidad Santo Tomásspa
dc.publisher.branchCRAI-USTA Tunja
dc.publisher.facultyFacultad de Ingeniería de Sistemasspa
dc.publisher.programIngeniería Informáticaspa
dc.relation.referencesA. Ferreira and G. Lenzini, " An Analysis of Social Engineering Principles in Effective Phishing” 2015 Workshop on Socio-Technical Aspects in Security and Trust, Verona, Italy, 2015, pp. 9-16, doi: 10.1109/STAST.2015.10.
dc.relation.referencesAgencia de la Unión Europea para la Ciberseguridad. (October 2025). ENISA Threat Landscape 2023. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
dc.relation.referencesAgencia de la Unión Europea para la Ciberseguridad. (October 2021). Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021
dc.relation.referencesAhmed, Y., Ezealor, M., Mahmoud, H., Azad, M., BenFarah, M., & Yousefi, M. (2024, April 13). Enhancing Security Awareness Through Gamified Approaches. arXiv.org. https://arxiv.org/abs/2404.09052
dc.relation.referencesAldawood, H., & Skinner, G. (2019). Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues. Future Internet, 11(3), 73. https://doi.org/10.3390/fi11030073
dc.relation.referencesAncher, M., Aslan, E., & Van Der Kleij, R. (2022). Exploring Human and Environmental Factors that Make Organizations Resilient to Social Engineering Attacks. AHFE International. https://doi.org/10.54941/ahfe1002203
dc.relation.referencesAslan, Ö., Aktuğ, S. S., Ozkan-Okay, M., Yilmaz, A. A., & Akin, E. (2023). A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions. Electronics, 12(6), 1333. https://doi.org/10.3390/electronics12061333
dc.relation.referencesAssyne, N., Ghanbari, H., & Pulkkinen, M. (2021). The state of research on software engineering competencies: A systematic mapping study. Journal of Systems and Software, 185, 111183. https://doi.org/10.1016/j.jss.2021.111183
dc.relation.referencesBay T. (2025, January 14). KnowBe4 research confirms effective security awareness training significantly reduces data breaches.KnowBe4. https://www.knowbe4.com/press/knowbe4-research-confirms-effective-security-awareness-training-significantly-reduces-data-breaches
dc.relation.referencesButavicius, M., Taib, R., & Han, S. J. (2022). Why people keep falling for phishing scams: The effects of time pressure and deception cues on the detection of phishing emails. Computers & Security, 123, 102937. https://doi.org/10.1016/j.cose.2022.102937
dc.relation.referencesChen, H., & Magramo, K. (2024, February 4). Finance worker pays out $25 million after video call with deepfake ‘chief financial officer.’ CNN. https://edition.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html
dc.relation.referencesCisco. (2025, September 15). What is cybersecurity? https://www.cisco.com/site/us/en/learn/topics/security/what-is-cybersecurity.html#jump-anchor-0
dc.relation.referencesCialdini, R. (2007). Influence: The Psychology of Persuasion. https://books.google.com.co/books/about/Influence.html?id=E5p5qVbkl1IC&redir_esc=y
dc.relation.referencesCoker, J. (2025, August 12). 95% of data breaches tied to human error in 2024. Infosecurity Magazine. https://www.infosecurity-magazine.com/news/data-breaches-human-error/
dc.relation.referencesDelso-Vicente, A., Diaz-Marcos, L., Aguado-Tevar, O., & De Blanes-Sebastián, M. G. (2025). Factors influencing employee compliance with information security policies: A systematic literature review of behavioral and technological aspects in cybersecurity. Future Business Journal, 11(1). https://doi.org/10.1186/s43093-025-00452-7
dc.relation.referencesDa Veiga, A., Astakhova, L. V., Botha, A., & Herselman, M. (2020). Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, 101713. https://doi.org/10.1016/j.cose.2020.101713
dc.relation.referencesElmarkez, A., Mesli-Kesraoui, S., Berruet, P., & Oquendo, F. (2025). Security by design for industrial control systems from a cyber–physical system perspective: A systematic mapping study. Machines, 13(7), 538. https://doi.org/10.3390/machines13070538
dc.relation.referencesFebriyani, W., Fathia, D., Widjajarto, A., & Lubis, M. (2023). Security awareness strategy for phishing email scams: A case study one of a company in Singapore. JOIV International Journal on Informatics Visualization, 7(3), 808–814. https://doi.org/10.30630/joiv.7.3.2081
dc.relation.referencesFortinet (2024). 2024 security awareness and training. https://www.fortinet.com/content/dam/fortinet/assets/reports/report-2024-security-awareness-and-training.pdf
dc.relation.referencesGordon, W. J., Wright, A., Aiyagari, R., Corbo, L., Glynn, R. J., Kadakia, J., Kufahl, J., Mazzone, C., Noga, J., Parkulo, M., Sanford, B., Scheib, P., & Landman, A. B. (2019). Assessment of employee susceptibility to phishing attacks at US health care institutions. JAMA Network Open, 2(3), e190393. https://doi.org/10.1001/jamanetworkopen.2019.0393
dc.relation.referencesGray, J. (2022). Practical social engineering. https://books.google.com.co/books/about/Practical_Social_Engineering.html?id=DtOQEAAAQBAJ&redir_esc=y
dc.relation.referencesGu, R., Rojas, J. M., & Shin, D. (2025). Software testing for extended reality applications: A systematic mapping study. Automated Software Engineering, 32(2). https://doi.org/10.1007/s10515-025-00523-7
dc.relation.referencesNational Institute of Standards and Technology (2020, December 10). Security and privacy controls for information systems and organizations. https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final
dc.relation.referencesNational Institute of Standards and Technology (2024, February 26). The NIST cybersecurity framework (CSF) 2.0. https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-csf-20/final
dc.relation.referencesAbroshan, H., Devos, J., Poels, G., & Laermans, E. (2021). Phishing happens beyond technology: The effects of human behaviors and demographics on each step of a phishing process. IEEE Access, 9, 44928–44949. https://doi.org/10.1109/ACCESS.2021.3066383
dc.relation.referencesHadnagy, C. y Schulman, S. (2021). Human Hacking: Win Friends, influence people, and leave them better off for having met you. Aidan Paul Books. https://www.amazon.com/-/es/Human-Hacking-Friends-Influence-People/dp/0063001780#
dc.relation.referencesHaney, J. M., & Lutters, W. (2023, September 14). From compliance to impact: Tracing the transformation of an organizational security awareness program. arXiv.org. https://arxiv.org/abs/2309.07724
dc.relation.referencesHuang, L., Jia, S., Balcetis, E., & Zhu, Q. (2021). ADVERT: An adaptive and data-driven attention enhancement mechanism for phishing prevention. IEEE Transactions on Information Forensics and Security, 17, 2585–2597. https://doi.org/10.1109/tifs.2022.3189530
dc.relation.referencesHwang, I., Seo, R., & Hu, S. (2025). Boosting employee information security compliance: The contingent roles of task–technology and person–organization fits. Humanities and Social Sciences Communications, 12(1). https://doi.org/10.1057/s41599-025-04718-x
dc.relation.referencesInnovation, S. (2023, May 23). Ponemon cybersecurity training study finds significant shifts in cybersecurity training over the past two years, with higher use of simulated environments. GlobeNewswire. https://www.globenewswire.com/news-release/2023/05/22/2673320/0/en/Ponemon-Cybersecurity-Training-Study-Finds-Significant-Shifts-In-Cybersecurity-Training-Over-Past-Two-Years-with-24-Higher-Use-of-Simulated-Environments.html
dc.relation.referencesKhadka, K., & Ullah, A. B. (2025). Human factors in cybersecurity: an interdisciplinary review and framework proposal. International Journal of Information Security, 24(3). https://doi.org/10.1007/s10207-025-01032-0
dc.relation.referencesKhadka, K., Ullah, A. B., Ma, W., & Martinez Marroquín, E. (2024). A survey on the principles of persuasion as a social engineering strategy in phishing. arXiv. https://doi.org/10.48550/arXiv.2412.18488
dc.relation.referencesMahardika, M. S., Hidayanto, A. N., Paramartha, P. A., Ompusunggu, L. D., Mahdalina, R., & Affan, F. (2020). Measurement of employee awareness levels for information security at the Center of Analysis and Information Services, Judicial Commission of the Republic of Indonesia. Advances in Science, Technology and Engineering Systems, 5(3), 501-509.
dc.relation.referencesMarket, R. D. C. (2023, September 4). Estas son las amenazas tecnológicas actuales. Data Center Market. https://www.datacentermarket.es/mercado/las-12-amenazas-tecnologicas/
dc.relation.referencesMitnick, K. y Simon, W. (2003). The Art of Deception: Controlling the Human Element of Security. BetAlpha. https://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X
dc.relation.referencesMohasseb, A., Aziz, B., Jung, J., & Lee, J. (2020). Cyber security incidents analysis and classification in a case study of Korean enterprises. Knowledge and Information Systems, 62(7), 2917–2935. https://doi.org/10.1007/s10115-020-01452-5
dc.relation.referencesU.S. Department of Justice. (2019, March 28). Georgia man pleads guilty to hacking Apple accounts of professional athletes and musicians. U.S. Attorney’s Office, Northern District of Georgia. https://www.justice.gov/usao-ndga/pr/georgia-man-pleads-guilty-hacking-apple-accounts-professional-athletes-and-musicians
dc.relation.referencesNetec. (2025, October 1). ¿Qué es Cisco? Netec. https://www.netec.com/que-es-cisco
dc.relation.referencesNgakpal, T., & Prasad, S. S. (2024). Social Engineering: Techniques &Amp; Implications. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.4492455
dc.relation.referencesNyre-Yu, M., Gutzwiller, R. S., & Caldwell, B. S. (2019). Observing cyber security incident response: Qualitative themes from field research. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 63(1), 437–441. https://doi.org/10.1177/1071181319631016
dc.relation.referencesPathirana, K., & Abeysinghe, D. S. (2025). Comprehensive study on user-centric approaches to preventing social engineering attacks. ResearchGate. https://doi.org/10.13140/RG.2.2.14906.71369
dc.relation.referencesPositive Technologies (2019, March 18). Cybersecurity threatscape 2018: Trends and forecasts. https://global.ptsecurity.com/en/research/analytics/cybersecurity-threatscape-2018/
dc.relation.referencesProofpoint. (2023, June 14). Proofpoint’s 2023 human factor report: Threat actors scale and commoditize uncommon tools and techniques. https://www.proofpoint.com/us/newsroom/press-releases/proofpoints-2023-human-factor-report-threat-actors-scale-and-commoditize
dc.relation.referencesParsons, K., Butavicius, M., Delfabbro, P., & Lillie, M. (2019). Predicting susceptibility to social influence in phishing emails. International Journal of Human-Computer Studies, 128, 17–26. https://doi.org/10.1016/j.ijhcs.2019.02.007
dc.relation.referencesRozema, A. T., & Davis, J. C. (2025, June 24). Anti-Phishing training (Still) does not work: a Large-Scale reproduction of Phishing training inefficacy grounded in the NIST PHISH scale. arXiv.org. https://arxiv.org/abs/2506.19899
dc.relation.referencesRibeiro, L., Guedes, I. S., & Cardoso, C. S. (2023). Which factors predict susceptibility to phishing? An empirical study. Computers & Security, 136, 103558. https://doi.org/10.1016/j.cose.2023.103558
dc.relation.referencesSchmitt, M., & Flechais, I. (2024). Digital deception: Generative artificial intelligence in social engineering and phishing. Artificial Intelligence Review, 57, 324. https://doi.org/10.1007/s10462-024-10973-2
dc.relation.referencesSiddiqi, M. A., Pak, W., & Siddiqi, M. A. (2022). A study on the psychology of social Engineering-based cyberattacks and existing countermeasures. Applied Sciences, 12(12), 6042. https://doi.org/10.3390/app12126042
dc.relation.referencesSkyhigh Security. (2023, October 18). MGM Resorts cyberattack: From cloud to casino floor. https://www.skyhighsecurity.com/about/resources/intelligence-digest/mgm-resorts-cyberattack-from-cloud-to-casino-floor.html
dc.relation.referencesTangie Longtchi, T., et al. (2024). Quantifying psychological sophistication of malicious emails. IEEE Access, 12, 187512–187535. https://doi.org/10.1109/ACCESS.2024.3514603
dc.relation.referencesThreat actor leverages compromised account of former employee to access state government organization | CISA. (2024, February 15). Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-046a
dc.relation.referencesTsauri, M. S. (2025). Human vulnerabilities to social engineering attacks: A systematic literature review for building a human firewall. Journal of Applied Informatics and Computing, 9(4), 1127–1136. https://doi.org/10.30871/jaic.v9i4.9585
dc.relation.referencesWaelchli, S., & Walter, Y. (2024). Reducing the risk of social engineering attacks using SOAR measures in a real world environment: A case study. Computers & Security, 104137. https://doi.org/10.1016/j.cose.2024.104137
dc.relation.referencesWang, Z., Sun, L., & Zhu, H. (2020). Defining social engineering in cybersecurity. IEEE Access, 8, 85094–85115. https://doi.org/10.1109/ACCESS.2020.2992807
dc.rightsAttribution-NonCommercial-NoDerivs 2.5 Colombiaen
dc.rights.accessrightsinfo:eu-repo/semantics/openAccess
dc.rights.coarhttp://purl.org/coar/access_right/c_f1cf
dc.rights.localAbierto (Texto Completo)spa
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/2.5/co/
dc.subject.keywordCybersecurity
dc.subject.keywordSocial Engineering
dc.subject.keywordInformation security
dc.subject.lembCiberseguridad
dc.subject.lembIngeniería social
dc.subject.lembSeguridad de la información
dc.subject.proposalciberseguridad, factor humano, ingeniería social, phishing, vulnerabilidad.
dc.titleAnálisis de vulnerabilidades en ciberseguridad con casos de estudio de Ingeniería social empresarial
dc.typeother
dc.type.coarhttp://purl.org/coar/resource_type/c_7a1f
dc.type.coarversionhttp://purl.org/coar/version/c_ab4af688f83e57aa
dc.type.driveinfo:eu-repo/semantics/bachelorThesis
dc.type.localTrabajo de gradospa
dc.type.versioninfo:eu-repo/semantics/acceptedVersion

Archivos

Bloque original

Mostrando 1 - 1 de 1
Miniatura
Nombre:
Carta Derechos_Trabajo_de_Grado_Un_autor_2024.pdf
Tamaño:
268.3 KB
Formato:
Adobe Portable Document Format
Descargar

Bloque de licencias

Mostrando 1 - 1 de 1
Miniatura
Nombre:
license.txt
Tamaño:
807 B
Formato:
Item-specific license agreed upon to submission
Descripción:
Descargar

Colecciones

Pregrado Ingeniería de Sistemas