Time after time, we have seen that the next "Big Thing" in cybercrime goes live before we have even started getting to grips with the last "Big Thing."
That's why new research is suggesting a different method to mitigate cyberattacks: your personality.
According to a report, Cyberchology: The Human Factor, from ESET and The Myers-Briggs Company, organizations engaging in the war against cybersecurity breaches can use cyberchology, which is a method of applying psychometric tests.
What is notable about the most successful cyberattacks, says the report, is that they rely on a degree of human error and/or ignorance. For example, cybercriminals are able to install phishing codes onto systems via Alexa because many people are unaware of the need to protect their smart devices as well as their desktop computers. In a business context, there is often a lack of awareness about the need for a truly integrative and self-aware approach to cybersecurity, which is one that encompasses everyone and not just the folks in the IT department, the report notes.
In addition, many people still have an old-fashioned view of cybercrime as something done for fun by malcontents. According to this mindset, the unwary may end up with a file-garbling virus.
The report found that as far as cybersecurity is concerned, different personality types have different strengths and weakness.
The report looked at several personality types to show how different kinds of cybersecurity errors are more common among people with certain personality preferences.
Extraverted personality types, those that work out ideas by talking them through, tend to be more vulnerable to manipulation, deceit and persuasion from cybercriminals. These kinds of attacks are social engineering attacks, and they’re particularly effective against Extraverted types who may be more susceptible to social overtures. However, being highly tuned towards external communication does work in Extraverts’ favor in other situations: Extraverted people are generally faster to pick up on attacks coming in from outside.
Sensing personality types, those that observe and remember details, are more likely to spot phishing attacks than their Intuitive counterparts. However, those that have the preference for Sensing are also more likely to take cybersecurity risks, particularly when they also have a preference for Perceiving, those that are more flexible and casual, and/or Extraverted (those who are sociable and are expressive).
Feeling personality types, those guided by personal value, and people with a preference for Judging, those who are systematic or structured, are more likely to fall victim to social engineering attacks than those with a preference for Thinking (those who solve problems with logic). However, people who have the preference for Thinking can overestimate their own competence, leading to mistakes, whereas Judgers and Feelers tend to be more cautious and therefore more rigorous when following cybersecurity policies.
So, all personality types have different strengths and blind spots that can impact the outcome of a cybersecurity attack. Identifying where these lie and how they might correspond to your cybersecurity protocols could be a first step in building a coherent, integrative cybersecurity program. For example, people with a reference for Intuition (the opposite to Sensing) will really benefit from being reminded to look at the detail of emails – does the sender’s email address look odd, for example?
Those with a Thinking preference can be encouraged to see a correct approach to cybersecurity as an expression of their own competence. Building an individual’s self-awareness will help them to take responsibility for their own cybersecurity. Overlaying organization-wide self-awareness with a robust cybersecurity system can create a net of human/digital skills and proclivities that cybercriminals will have trouble slipping through. The report suggests that psychometric tests can be used to build self-awareness, thereby reducing vulnerability to cybersecurity breaches.
Overall, says the report, cybersecurity is something that too many businesses leave up to dedicated IT specialists, when in fact, a lot of breaches could be avoided if a more integrative and business-wide approach to cybersecurity were adopted, which includes taking into consideration the human factor.
Are you studying employee personalities in your enterprise to mitigate cyber risks? I’d like to know. Email me at firstname.lastname@example.org