Date of Award

2023

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

First Advisor

Dr. Gregory Hunter

Second Advisor

Dr. Stephanie White

Third Advisor

Dr. Quping Zhang

Abstract

This study aims to explore, understand, and explain the hacking of business information systems (BIS) and the measures managers can take to secure their systems. Eight research questions guide the study: 1. What are managers' perceptions of hacking business information systems? 2. What types of attacks do business managers perceive as current and potential dangers to their organizations? 3. What issues prevent participants from participating in BIS security research studies? 4. What protocols are in place to prevent hacking? 5. What measures can managers take to secure their business information systems against hacking? 6. How can knowledge management and information technology specialists collectively work to identify backdoors and vulnerabilities? 7. What are some of the vulnerabilities or limitations that prevent managers from securing their business information systems? 8. What are the purposes of hacking business information systems? This study presents a broad view of systems hacking, its evolution, and its transformation from different perspectives. The literature review infers a learning process comprised of knowledge management (KM) and computer programmers working collectively to design, develop, and implement business systems from third-party technology components. Data was collected from the Fortune 500 companies in the US, the DEF CON hacker community, and HackerOne members. DEF CON and HackerOne were combined to form one group. Subsequently, two groups represent the participants of this study. Separate questionnaires were developed for each participant group in the first phase of the data collection. In addition, Separate interview questions were developed for each group of participants who volunteered to participate in the second phase of the data collection. The survey questionnaires, and the interview data were analyzed using qualitative content analysis. The findings of this study show that hackers used readily available tools to hack BIS. For example, of the respondents, the hackers (97.20%) say social engineering and business users (71.58%) say software is the top method to introduce attacks in BIS. Also, 89.72% of hacker respondents say software and 69.47% of business user respondents say social engineering is the second top attack method utilized to attack BIS, respectively. In addition, 45.74% of business user respondents say social engineering is the method that poses the most significant threat to their organizations. The hacker respondents (72.90%) primarily utilized social engineering to exploit business systems. The findings indicate that to get the attention of Chief Executive Officers (CEOs), the system risks must be converted to business risks associated with the company's value propositions and profitability. Once the perception of hacking has changed and is in the CEOs' grips, the system security problems can be addressed, and measures will be developed to secure BIS. Also, employees' education training and security awareness (including mindset) on social attacks are measured that can be taken to secure BIS from hackers' threats. In addition, incentives for employees to practice safe cyber habits and cyber hygiene can be used to secure the systems. The findings show that BIS's internal design, development, and implementation would depend on several factors. Even though the systems would be more secure, they would be costly and difficult to maintain, and organizations should acquire good-quality systems. The term backdoor is confusing based on the two words, intentional and unintentional. Business users understand that backdoors are left intentionally or unintentionally by the developers and manufacturers of the systems. In contrast, hackers understand backdoors as intentionally designed methods or software defects to gain access to the systems later. The findings show that business professionals are concerned and reluctant to participate in business systems security studies due to job security and advancement. The study's findings highlight systems architecture and designers' shortcomings. In addition, the study's insights from hackers and workers contribute to business systems security and information science improvement.

Share

COinS