Organizational Characteristics Associated with Vulnerability to Social Engineering Deception: A Qualitative Analysis

Social engineering, the manipulation and deception of individuals to gain access to otherwise secure systems and information, has become a major vector to compromise the information security of organizations. Little research has explored characteristics associated with organizations vulnerable to so...

Ausführliche Beschreibung

Gespeichert in:  
Bibliographische Detailangaben
1. VerfasserIn: Steinmetz, Kevin F. (VerfasserIn)
Beteiligte: Knight, Trina ; McCarthy, Adrienne L.
Medienart: Elektronisch Aufsatz
Sprache:Englisch
Veröffentlicht: 2022
In: Victims & offenders
Jahr: 2022, Band: 17, Heft: 3, Seiten: 421-438
Online Zugang: Volltext (lizenzpflichtig)
Journals Online & Print:
Lade...
Verfügbarkeit prüfen: HBZ Gateway
Schlagwörter:
Deception vulnerability
Organizations
Social Engineering
Target selection
qualitative methods
Beschreibung
Zusammenfassung:Social engineering, the manipulation and deception of individuals to gain access to otherwise secure systems and information, has become a major vector to compromise the information security of organizations. Little research has explored characteristics associated with organizations vulnerable to social engineering, particularly from the perspective of persons experienced in such deceptions. To address this gap, the current study uses a qualitative, grounded theory-based approach to analyze interviews with both professional and nonprofessional social engineers (n = 37). Results reveals six themes corresponding to traits participants associated with organizations vulnerable to social engineering. These themes concern an organization’s value, structural controls, organizational efficacy, openness, size, and purpose. This study concludes by exploring directions for future research and policy implications.
ISSN:1556-4991
DOI:10.1080/15564886.2021.1943092