Abstract
Information is a vital asset needed by many organizations to function effectively. However, this asset can easily be compromised thus its protection is crucial to the efficacy of an organization. A common information security breach used is social engineering. Social engineering is the use of manipulative and deceptive techniques against the inherent nature of human beings to access sensitive and confidential information to achieve an illicit action or omission of action. Through a qualitative inquiry, this article investigated the perceptions of employees concerning social engineering in the workplace to extract practical lessons from local businesses located in Gauteng Province, South Africa.The findings confirm that human beings should be at the forefront of defense against social engineering attacks and advocates for a multi-inter-trans-disciplinary social engineering protection model to practically assist organizations in developing a healthy and effective information security culture.
Highlights
Many information security breaches, which transpire in the workplace, are largely the result of noncompliance to information security policies (Kessler et al, 2020; Safa & Maple, 2016; Verizon Enterprise, 2018)
An International Business Machines (IBM, 2020) security study on the cost of information security breaches revealed that the global average cost of a data breach is $3.86 million
The Experian data breach resulted in the socially engineered loss of personal information belonging to 24 million South Africans as well as almost 800 000 businesses (South African Banking Risk Information Centre [SABRIC], 2020)
Summary
Many information security breaches, which transpire in the workplace, are largely the result of noncompliance (intentional or unintentional) to information security policies (Kessler et al, 2020; Safa & Maple, 2016; Verizon Enterprise, 2018). Within the South African context, scientific and pragmatic research on information security and the multi-inter-trans-disciplinary (MIT) nature of social engineering in the workplace is under-developed. The paper is organized as follows: a global perspective of information security and contextualization of social engineering in a (MIT) milieu, research methodology, findings and discussion.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
