Organizational Characteristics Associated with Vulnerability to Social Engineering Deception: A Qualitative Analysis

Social engineering, the manipulation and deception of individuals to gain access to otherwise secure systems and information, has become a major vector to compromise the information security of organizations. Little research has explored characteristics associated with organizations vulnerable to so...

Full description

Saved in:  
Bibliographic Details
Main Author: Steinmetz, Kevin F. (Author)
Contributors: Knight, Trina ; McCarthy, Adrienne L.
Format: Electronic Article
Language:English
Published: 2022
In: Victims & offenders
Year: 2022, Volume: 17, Issue: 3, Pages: 421-438
Online Access: Volltext (lizenzpflichtig)
Journals Online & Print:
Drawer...
Check availability: HBZ Gateway
Keywords:
Deception vulnerability
Organizations
Social Engineering
Target selection
qualitative methods
Description
Summary:Social engineering, the manipulation and deception of individuals to gain access to otherwise secure systems and information, has become a major vector to compromise the information security of organizations. Little research has explored characteristics associated with organizations vulnerable to social engineering, particularly from the perspective of persons experienced in such deceptions. To address this gap, the current study uses a qualitative, grounded theory-based approach to analyze interviews with both professional and nonprofessional social engineers (n = 37). Results reveals six themes corresponding to traits participants associated with organizations vulnerable to social engineering. These themes concern an organization’s value, structural controls, organizational efficacy, openness, size, and purpose. This study concludes by exploring directions for future research and policy implications.
ISSN:1556-4991
DOI:10.1080/15564886.2021.1943092