Organizational Characteristics Associated with Vulnerability to Social Engineering Deception: A Qualitative Analysis

Social engineering, the manipulation and deception of individuals to gain access to otherwise secure systems and information, has become a major vector to compromise the information security of organizations. Little research has explored characteristics associated with organizations vulnerable to so...

Descripción completa

Guardado en:  
Detalles Bibliográficos
Autor principal: Steinmetz, Kevin F. (Autor)
Otros Autores: Knight, Trina ; McCarthy, Adrienne L.
Tipo de documento: Electrónico Artículo
Lenguaje:Inglés
Publicado: 2022
En: Victims & offenders
Año: 2022, Volumen: 17, Número: 3, Páginas: 421-438
Acceso en línea: Volltext (lizenzpflichtig)
Journals Online & Print:
Gargar...
Verificar disponibilidad: HBZ Gateway
Palabras clave:
Deception vulnerability
Organizations
Social Engineering
Target selection
qualitative methods
Descripción
Sumario:Social engineering, the manipulation and deception of individuals to gain access to otherwise secure systems and information, has become a major vector to compromise the information security of organizations. Little research has explored characteristics associated with organizations vulnerable to social engineering, particularly from the perspective of persons experienced in such deceptions. To address this gap, the current study uses a qualitative, grounded theory-based approach to analyze interviews with both professional and nonprofessional social engineers (n = 37). Results reveals six themes corresponding to traits participants associated with organizations vulnerable to social engineering. These themes concern an organization’s value, structural controls, organizational efficacy, openness, size, and purpose. This study concludes by exploring directions for future research and policy implications.
ISSN:1556-4991
DOI:10.1080/15564886.2021.1943092