NABET, NABET 2019 Conference

Font Size: 
Social Engineering Susceptibility in Small Businesses
Amy Washo, Alan Levine

Last modified: 2019-10-03

Abstract


The purpose of this research study is to examine the susceptibility of employees to social engineering attempts in small businesses using their demographic characteristics. Social engineering can be defined as the act of manipulating human beings, most often with the use of psychological persuasion, to obtain unauthorized access to systems and data that the social engineer should not have access to.

Human beings are complex with fluctuating needs and emotions, and the countless interactions employees have with each other every day are all opportunities for a social engineering attack to occur. When a business faces a social engineering threat, the number of people that can be impacted is unlimited. Employees, investors, and clients of the company might have confidential data compromised leading to lack of trust, termination of the business relationship, or loss of assets.

The Humans Aspects of Information Security Questionnaire (HAIS-Q) developed by Parsons, McCormac, Butavicius, Pattinson, & Jerram (2014) will be utilized in this study and given to small business owners and employees in Northeastern Pennsylvania. The HAIS-Q measures information security awareness (ISA) which will be converted to a susceptibility score based on the assumption from the literature: the higher the ISA, the lower the susceptibility to social engineering. Demographic characteristics will be collected to explore the relationship to susceptibility to social engineering, and whether those characteristics can be used to predict it.

This study is currently in progress so no results have been provided.


Keywords


social engineering; small business; information security