Most cyber attacks succeed because the cybercriminals manage to bypass the human element. Take phishing attacks for example. A successful phishing attack will require the victim to unknowingly give away sensitive information in email correspondence. Similarly, IoT (Internet of Things) attacks happen because people will casually forget or choose not to secure their devices. The common theme here is that human error is still a major factor in many cases of cyber attacks.
This research by The Myers- Briggs Company and ESET showed that there is a correlation between personality type and vulnerabilities to different types of cyber attacks.
What most businesses and people do not realise is that cyber security awareness encompasses everyone and not limited to the IT guys. The paper suggests that senior management can play a bigger role in identifying vulnerabilities within their teams and implement cyber security systems with a human/machine approach to reduce the human risk factor.
The research showed that people who focus their attention on the outside world (extraversion) are more likely to be manipulated and persuaded by cyber criminals, known as social engineering attacks. However, these group of people is also fast to pick up attacks coming from the outside, as they are highly tuned towards external communication.
The other group of personality, known as Sensing – those who observe and remember details, are more likely to sense a phishing attack. Employees with this personality type are also more likely to take cyber security risks, especially if they are more flexible and casual.
People who are more guided by personal values (Feeling) and people who are more systematic and structured (Judging) are also more likely to be victims of social engineering attacks, compared to those with people who like to solve problems with logic (Thinking). However, the thinkers can sometimes over-estimate themselves and lead to mistakes whereas the Judgers and Feelers are more cautious and tend to be more careful when following cyber security policies.
This research showed that different personalities come with a different set of strengths and weaknesses, each having different outcomes in a cyber attack. Can implementing a more personalised cyber security policy that caters to each employee help in mitigating attacks? It may or may not. However, by helping employees understand their blind spots, they may be more prepared and aware of potential attacks.
