This project explores the field of social engineering in the context of Bahrain, focusing on the actual techniques attackers use and the cultural factors influencing the susceptibility to those attacks. To achieve this, the project incorporates quantitative and qualitative methods to collect data through a survey and an analysis of real attack samples (Creswell, 2014). the target population for this project is Bahraini citizens. To reach this audience, convenience and snowball sampling will be utilised to gather data and ensure wide representation (Patton, 2002). Moreover, the analysis aims to produce valuable findings that can contribute to developing effective defences against the social engineering threat in Bahrain.

Research Philosophy

this study adopts a pragmatic research philosophy, which integrates diverse methods to find practical solutions to complex problems (Johnson & Onwuegbuzie, 2004; Morgan, 2014). furthermore, pragmatism allows for the use of qualitative and quantitative data, which aligns with the project's mixed-method approach (Feilzer, 2010). This philosophy acknowledges that knowledge is created from and reflects the real world, which helps in thoroughly examining social engineering within Bahrain's cultural context (Tashakkori & Teddlie, 2003).

Pragmatism was chosen over other philosophies for several reasons.

The philosophy of positivism, which focuses strictly on observable facts and generalisations, was found too inflexible for a study needing insights into personal experiences and cultural subtleties. Interpretivism, useful for delving into personal viewpoints, may not capture the extensive and diverse data required to fully understand the scope of social engineering attacks. Postmodernism, with its emphasis on questioning and personal perspectives, could potentially hinder the aim of finding real-world solutions. On the other hand, critical realism, which delves into structures and mechanisms, may not directly align with the immediate practical outcomes sought in this research (Cherryholmes, 1992). The pragmatic approach advocates for a results-driven examination of social engineering, blending statistical analysis with thematic exploration to uncover insights that can impact both policy-making and practical applications ( Maxwell, 2012).

By adopting a philosophy that prioritises results, this study aims to make contributions to cybersecurity influenced by the unique cultural and social dynamics of Bahrain.

Data Gathering

The data collection phase adopted a mixed-methods strategy, combining surveys with the analysis of actual attack examples to thoroughly understand social engineering in Bahrain (Creswell, 2014). This methodology was chosen to harness the advantages of both quantitative and qualitative research techniques, facilitating a detailed examination of social engineering methods and the related cultural dynamics.

particular scenarios, they may not adequately represent the broader context of social engineering across Bahrain. The selected methods, underpinned by a pragmatic philosophy, provide a comprehensive yet focused approach to studying the topic.

The survey was created and distributed using Google Forms due to its widespread accessibility and ease of use. This platform is particularly suited for generating both open-ended and multiple-choice questions, aligning with the mixed-methods design of this study. Google Forms simplifies the process of data collection and organisation, which is crucial for efficiently analysing participant responses. Its compatibility with various devices was instrumental in reaching a broad segment of Bahraini citizens, thus enhancing the diversity and representativeness of the sample. Furthermore, Google Forms ensures anonymity and confidentiality, which is essential when addressing sensitive subjects such as social engineering and safeguarding the privacy of respondents. The platform's capability for real-time data analysis also provided initial insights that helped continually refine the survey questions in response to participant feedback.

Convenience sampling and snowballing techniques were used to select participants for the study. Convenience sampling facilitated quick recruitment from easily accessible portions of the Bahraini population. Snowballing was then used to extend the reach, capitalising on the social networks of initial respondents to include a wider audience. This dual approach allows for gathering a diverse and representative sample, which is vital for assessing the broad impact of social engineering across various demographic groups.

Survey Questions and Rationale

Age Range & Occupation: Assesses the demographic diversity and looks for trends or specific vulnerabilities linked to certain age groups or jobs.

Familiarity with Social Engineering: Measures basic awareness, essential for designing targeted cybersecurity education and preventive actions.

Cybersecurity Training or Awareness Program Attendance: Identifies knowledge gaps and points to areas where training can be intensified.

Preventive Measures Practiced: Shows the cybersecurity habits of Bahrainis, indicating strengths and areas needing enhancement.

Experience with Social Engineering Attacks: Provides evidence of how common and impactful these attacks are, highlighting the need for specific interventions.

Types of Attacks Encountered & Frequency: Offers insights into the most frequently used attack methods, helping to tailor defence strategies.

Outcome of the Most Recent Attack: Evaluates how effective current defences are and the practical consequences of attacks on individuals.

Challenges in Recovering from Attacks: Illuminates the difficulties faced after attacks, suggesting necessary support and recovery resources.

Cautiousness When Dealing with Unsolicited Messages & Confidence in Recognising Attacks: Assesses the general alertness and confidence in identifying threats, important for gauging the likely success of awareness programs.

Responses to Suspected Scams: Shows how the community reacts to potential threats, indicating the success of existing advisories.

Opinions on Effective Protection Methods: Gathers personal opinions on cybersecurity methods, useful for improving current approaches.

Trust Levels in Various Communication Channels: Identifies which communication methods might need more security or awareness initiatives.

Cultural Influences on Susceptibility: Examines how cultural norms and values might influence vulnerability to attacks, vital for creating culturally aware policies.

Economic Consequences and Impact on Digital Economy Trust: Assesses the wider effects of social engineering attacks, important for understanding their impact on Bahrain's digital progress.

Data Analysis

For data analysis, this study used Excel to manage and analyse quantitative data and Word to analyse qualitative responses (Field, 2013; Braun & Clarke, 2012). Excel was selected for its strong data organisation, calculation, and charting features, which help easily spot patterns and trends. Word was used for qualitative analysis to deeply examine participants' experiences, making it easier to find themes and insights about the cultural and psychological elements of social engineering in Bahrain.

This mixed-methods approach fits the pragmatic research philosophy by blending statistical with thematic analysis for a comprehensive view of social engineering dynamics. Excel helps efficiently handle numerical data, while Word allows for detailed qualitative analysis, together ensuring a thorough investigation of both the tactics used in social engineering attacks and the cultural factors influencing them.