With increasing digitalization at the intra- and inter-organizational level, targeted hacker attacks are becoming an increasing threat to the business world. Especially for SMEs, these attacks are a top concern within IT Security. Despite growing importance, most companies focus on measures against mass instead of targeted attacks. To ensure effective IT Security, companies must understand hackers and their motivation. So far, academia and practice lack an approach that links business and hacker perspectives to address this issue. Consequently, companies struggle to assess and manage the risk o targeted attacks. Based on design science research, we provide an assessment tool that addresses 11 criteria that help companies assess their company-specific risk for targeted attacks. Our academic contribution lies in the amalgamation of the company and hacker perspectives. For practitioners, we offer a starting point to view IT Security through a managerial lens that does not solely focus on technology and vulnerabilities.
Bitzer, Michael; Stahl, Bastian; and Strobel, Jacqueline, "EMPATHY FOR HACKERS – AN IT SECURITY RISK ASSESSMENT ARTIFACT FOR TARGETED HACKER ATTACKS" (2021). ECIS 2021 Research Papers. 41.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.