Hacking Humans? Social Engineering and the Construction of the “Deficient User” in Cybersecurity Discourses

&
Science, Technology, and Human Values 46 (6):1316-1339 (2021)
  Copy   BIBTEX

Abstract

Today, social engineering techniques are the most common way of committing cybercrimes through the intrusion and infection of computer systems. Cybersecurity experts use the term “social engineering” to highlight the “human factor” in digitized systems, as social engineering attacks aim at manipulating people to reveal sensitive information. In this paper, we explore how discursive framings of individual versus collective security by cybersecurity experts redefine roles and responsibilities at the digitalized workplace. We will first show how the rhetorical figure of the deficient user is constructed vis-à-vis notions of security in social engineering discourses. Second, we will investigate the normative tensions that these practices create. To do so, we link work in science and technology studies on the politics of deficit construction to recent work in critical security studies on securitization and resilience. Empirically, our analysis builds on a multi-sited conference ethnography during three cybersecurity conferences as well as an extensive document analysis. Our findings suggest a redistribution of institutional responsibility to the individual user through three distinct social engineering story lines—“the oblivious employee,” “speaking code and social,” and “fixing human flaws.” Finally, we propose to open up the discourse on social engineering and its inscribed politics of deficit construction and securitization and advocate for companies and policy makers to establish and foster a culture of collective cyber in/security and corporate responsibility.

Categories

Add categories

Keywords

Reprint years

DOI

10.1177/0162243921992844

Links

PhilArchive



    Upload a copy of this work     Papers currently archived: 93,098

External links

Setup an account with your affiliations in order to access resources via your University's proxy server

Through your library

My notes

Similar books and articles

Social Engineering in Cybersecurity: The Evolution of a Concept.Joseph Hatfield - 2018 - Computers and Security 73:102-113.
Human risk factors in cybersecurity.Tom Cuchta, Brian Blackwood, Thomas R. Devine & Robert J. Niichel - 2023 - Interaction Studies 24 (3):437-463.
Cyber security threats: A never-ending challenge for e-commerce.Xiang Liu, Sayed Fayaz Ahmad, Muhammad Khalid Anser, Jingying Ke, Muhammad Irshad, Jabbar Ul-Haq & Shujaat Abbas - 2022 - Frontiers in Psychology 13.
Review and Meta : Analysis Psychological Conceptual Frameworks and Concepts Applied in Social Engineering.Kuffour Adusei Anthony & Xu Ziduan - unknown
Utilizing Prompt Engineering to Operationalize Cybersecurity.Ken Huang, Grace Huang, Yuyan Duan & Ju Hyun - 2024 - In Ken Huang, Yang Wang, Ben Goertzel, Yale Li, Sean Wright & Jyoti Ponnapalli (eds.), Generative AI Security: Theories and Practices. Springer Nature Switzerland. pp. 271-303.
Social Responsibility in French Engineering Education: A Historical and Sociological Analysis.Christelle Didier & Antoine Derouet - 2013 - Science and Engineering Ethics 19 (4):1577-1588.
Virtuous Human Hacking: The Ethics of Social Engineering in Penetration-Testing.Joseph Hatfield - 2019 - Computers and Security 83:354-366.
When the future meets the past: Can safety and cyber security coexist in modern critical infrastructures?Awais Rashid, Sveta Milyaeva & Ola Michalec - 2022 - Big Data and Society 9 (1).
Design for values and conceptual engineering.Herman Veluwenkamp & Jeroen van den Hoven - 2023 - Ethics and Information Technology 25 (1):1-12.
Engineering As An Art.H. H. Rosenbrock - 2007 - AI and Society 21 (4):673-678.

Analytics

Added to PP
2021-09-26

Downloads
12 (#1,115,280)

6 months
2 (#1,259,876)

Historical graph of downloads
How can I increase my downloads?

Citations of this work

Add more citations

References found in this work

Add more references