Litcius/Paper detail

Organizational Characteristics Associated with Vulnerability to Social Engineering Deception: A Qualitative Analysis

Kevin F. Steinmetz, Trina Knight, Adrienne L. McCarthy

2021Victims & Offenders11 citationsDOI

Abstract

Social engineering, the manipulation and deception of individuals to gain access to otherwise secure systems and information, has become a major vector to compromise the information security of organizations. Little research has explored characteristics associated with organizations vulnerable to social engineering, particularly from the perspective of persons experienced in such deceptions. To address this gap, the current study uses a qualitative, grounded theory-based approach to analyze interviews with both professional and nonprofessional social engineers (n = 37). Results reveals six themes corresponding to traits participants associated with organizations vulnerable to social engineering. These themes concern an organization’s value, structural controls, organizational efficacy, openness, size, and purpose. This study concludes by exploring directions for future research and policy implications.

Topics & Concepts

DeceptionGrounded theoryOpenness to experienceSocial engineering (security)Vulnerability (computing)CompromiseQualitative researchPerspective (graphical)Social psychologyValue (mathematics)PsychologyPublic relationsKnowledge managementEngineering ethicsSociologyComputer securityPolitical scienceEngineeringSocial scienceComputer scienceArtificial intelligenceMachine learningInformation and Cyber SecurityCybercrime and Law Enforcement StudiesTerrorism, Counterterrorism, and Political Violence