HUMAN FACTORS AND SOCIAL ENGINEERING: THE MOST VULNERABLE LINK IN CORPORATE CYBERSECURITY
DOI:
https://doi.org/10.47820/recima21.v6i11.6955Keywords:
Cybersecurity, CybercrimeAbstract
This study aims to analyze how human factors and social engineering techniques constitute the most
vulnerable link in cybersecurity, even with the constant advancement of digital protection
technologies. The descriptive research, with a qualitative and quantitative approach, was based on
a literature review and analysis of recent corporate and institutional reports, such as those from
Verizon, IBM, ENISA, and NIST. The results demonstrate that human behavior is present in
approximately 74% of security breaches reported globally, highlighting that most incidents stem from
attention lapses, negligence, overtrust, and psychological manipulation. Moreover, the research
revealed that social engineering has evolved with the use of artificial intelligence and deepfakes,
making attacks more sophisticated and difficult to detect. The findings also indicate that security
policies focused solely on technology are insufficient without human engagement and a solid
organizational security culture. The study concludes that human vulnerability, while inevitable, can
be significantly reduced through continuous digital education, behavioral awareness, and the
integration of technology, psychology, and management. In this way, the weakest link in cybersecurity can become a pillar of defense, as long as it is supported by training, culture, and
shared responsibility.
Downloads
References
CIALDINI, Robert B. Influence: The Psychology of Persuasion. New York: Harper Business, 2006.
ENISA – EUROPEAN UNION AGENCY FOR CYBERSECURITY. ENISA Threat Landscape 2023. Athens: ENISA, 2023.
GIL, Antonio Carlos. Métodos e Técnicas de Pesquisa Social. 7. ed. São Paulo: Atlas, 2019.
IBM SECURITY. Cost of a Data Breach Report 2024. Armonk, NY: IBM Corporation, 2024.
MARCONI, Marina de Andrade; LAKATOS, Eva Maria. Fundamentos de Metodologia Científica. 5. ed. São Paulo: Atlas, 2003.
MITNICK, Kevin D.; SIMON, William L. The Art of Deception: Controlling the Human Element of Security. Indianapolis: Wiley Publishing, 2011.
NIST – NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY. Special Publication 800-50: Building an Information Technology Security Awareness and Training Program. Gaithersburg, MD: NIST, 2022.
PARSONS, Kathryn; MCCORMAC, Agata; BUTAVICIUS, Marcus; PATTINSON, Malcolm. The Human Aspects of Information Security Questionnaire (HAIS-Q): Two Further Validation Studies. Computers & Security, v. 66, p. 40–51, 2017. DOI: https://doi.org/10.1016/j.cose.2017.01.004
ROSS, John; BENIGNI, Michael. Human Factors in Cybersecurity: Aligning Security and Behavior. Oxford: Routledge, 2020.
SCHNEIER, Bruce. Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. New York: W. W. Norton & Company, 2018.
SÊMOLA, Marcos. Gestão da Segurança da Informação: Uma Visão Executiva. 3. ed. Rio de Janeiro: Elsevier, 2014.
VERIZON. Data Breach Investigations Report 2024. New York: Verizon Enterprise Solutions, 2024.
Downloads
Published
License
Copyright (c) 2025 RECIMA21 - Revista Científica Multidisciplinar - ISSN 2675-6218
This work is licensed under a Creative Commons Attribution 4.0 International License.
Os direitos autorais dos artigos/resenhas/TCCs publicados pertecem à revista RECIMA21, e seguem o padrão Creative Commons (CC BY 4.0), permitindo a cópia ou reprodução, desde que cite a fonte e respeite os direitos dos autores e contenham menção aos mesmos nos créditos. Toda e qualquer obra publicada na revista, seu conteúdo é de responsabilidade dos autores, cabendo a RECIMA21 apenas ser o veículo de divulgação, seguindo os padrões nacionais e internacionais de publicação.
