IT-säkerhet och människan : De har världens starkaste mur men porten står alltid på glänt

Sammanfattning: In the ever-changing environment of the digital world one thing remains the same, the humans sitting in front of the screen. Today protecting company secrets and information is becoming more and more vital and companies invest massive amounts of money on technological defenses such as firewalls and antivirus programs, but the threats that the user and employees pose for companies go unnoticed by many. However, there are people that notice this weakness in companies’ security and try to take advantage of it for their own gain. By manipulating the human instead of the technology can a con-artist bypass companies’ security by means called social engineering. The threat that social engineering pose is no news to many within the field of information security but it’s still happening. The focus of this study is to examine why this is still an issue for a lot of companies and why it's so hard to counter social engineering. By going over previous research we identified that security culture in a company and the awareness of its employees influence the attitudes which a person needs to have to be able to fend of social engineering attacks. This study argues that attitudes determine if a person processes an incoming message through a central or peripheral route. Since a company’s security culture seemed to influence how people could counter social engineering we went to a manufacturing company and examined the security culture to try and get a better understanding on the complexity of the problem. The study concludes that being completely resilient to social engineering attacks is practically impossible. If a user will have access to a certain information, a skilled con-artist will have a chance to get their hands on that information through the user. However, the study emphasize that a company can work with improving resistance towards incoming social engineering attacks by focusing on their security culture and their employees’ attitudes and awareness concerning the problem.