To read this content please select one of the options below:

Preventing social engineering: a phenomenological inquiry

Lily Pharris (Department of Computer Information Systems, Northwestern State University of Louisiana, Natchitoches, Louisiana, USA)
Begona Perez-Mira (Department of Computer Information Systems, Northwestern State University of Louisiana, Natchitoches, Louisiana, USA)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 9 June 2022

Issue publication date: 9 February 2023

729

Abstract

Purpose

The purpose of this transcendental phenomenological qualitative research study is to understand the essence of what it is like to be an information systems professional working in the USA while managing and defending against social engineering attacks on an organization. The findings add to the information system (IS) body of literature by uncovering commonly shared attitudes, motivations, experiences and beliefs held by IS professionals who are responsible for protecting their company from social engineering attacks.

Design/methodology/approach

This is a qualitative, transcendental phenomenological study that was developed to gain a deeper understanding about the essence of what it is like to be an IS professional defending a US business against social engineering attacks. This research design is used when sharing the experiences of study participants is more important than presenting the interpretations of the researcher. To target participants from the industries identified as regularly targeted by social engineers, purposive sampling was used in conjunction with the snowball sampling technique to find additional participants until saturation was reached.

Findings

Ten themes emerged from the data analysis: (1) foster a security culture, (2) prevention means education, (3) layered security means better protection, (4) prepare, defend and move on, (5) wide-ranging responsibilities, (6) laying the pipes, (7) all hands on deck, (8) continuous improvement, (9) attacks will never be eliminated and (10) moving pieces makes it harder. The ten themes, together, reveal the essence of the shared experiences of the participants with the phenomenon.

Originality/value

Understanding how to defend an enterprise from social engineering attacks is an international issue with implications for businesses and IS professionals across the world. The findings revealed that to prevent social engineer attacks, all employees – IS and non-IS professionals alike – must be unified in their desire to protect the organization. This means IS professionals and organizational leadership must establish a strong security culture, not only through layered technology and electronic controls but also through open communication between all departments and continuously engaging, training and reinforcing social engineering education, policies, procedures and practices with all employees.

Keywords

Citation

Pharris, L. and Perez-Mira, B. (2023), "Preventing social engineering: a phenomenological inquiry", Information and Computer Security, Vol. 31 No. 1, pp. 1-31. https://doi.org/10.1108/ICS-09-2021-0137

Publisher

:

Emerald Publishing Limited

Copyright © 2022, Emerald Publishing Limited

Related articles