EMPATHY FOR HACKERS – AN IT SECURITY RISK ASSESSMENT ARTIFACT FOR TARGETED HACKER ATTACKS

Authors

Michael Bitzer, FIM Research Center - University of AugsburgFollow
Bastian Stahl, FIM Research Center - University of Applied Sciences AugsburgFollow
Jacqueline Strobel, FIM Research Center - University of BayreuthFollow

Paper Number

1236

Abstract

With increasing digitalization at the intra- and inter-organizational level, targeted hacker attacks are becoming an increasing threat to the business world. Especially for SMEs, these attacks are a top concern within IT Security. Despite growing importance, most companies focus on measures against mass instead of targeted attacks. To ensure effective IT Security, companies must understand hackers and their motivation. So far, academia and practice lack an approach that links business and hacker perspectives to address this issue. Consequently, companies struggle to assess and manage the risk o targeted attacks. Based on design science research, we provide an assessment tool that addresses 11 criteria that help companies assess their company-specific risk for targeted attacks. Our academic contribution lies in the amalgamation of the company and hacker perspectives. For practitioners, we offer a starting point to view IT Security through a managerial lens that does not solely focus on technology and vulnerabilities.

Recommended Citation

Bitzer, Michael; Stahl, Bastian; and Strobel, Jacqueline, "EMPATHY FOR HACKERS – AN IT SECURITY RISK ASSESSMENT ARTIFACT FOR TARGETED HACKER ATTACKS" (2021). ECIS 2021 Research Papers. 41.
https://aisel.aisnet.org/ecis2021_rp/41