Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks

One of the most difficult challenges in information security today is phishing. Phishing is a difficult problem to address because there are many permutations, messages, and value propositions that can be sent to targets. Spear phishing is also associated with social engineering, which can be difficult for even trained or savvy employees to detect. This makes the user the critical point of entry for miscreants seeking to perpetrate cyber crimes such as identity theft and ransomware propagation, which cause billions of dollars in losses each year. Researchers are exploring many avenues to address this problem, including educating users and making them aware of the repercussions of becoming victims of phishing. The purpose of this study was to interview security professionals to gain better insight on preventing users and employees from succumbing to phishing attack. Seven subject-matter experts were interviewed, revealing nine themes describing traits that identify users as vulnerable to attack or strongly resistive to attack, as well as training suggestions to empower users to resist spear phishing attacks. Suggestions are made for practitioners in the field and future research.