Have we been getting cyber security all wrong

Say hello to the best weapon in town when it comes to cyber security

Personality affects cyber risk but just how, why and to what extent remains a moot point amongst psychologists.

While there is no consensus as to which personality traits make one more or indeed less likely to fall prey to cyberattack, one thing remains abundantly clear: it is most important that organisations are not only aware of these correlations but also that they use the insights so gleaned to better to strengthen their defences against cybercrime.

Here’s why: to fight cybercrime in the 21^st century,  you need more than firewalls. You need a killer empirically validated personality assessment and insights into personality it provides.

Hacking Humans

For the world is in the throes of a cybercrime epidemic, an epidemic that is getting worse year on year. The dark economy is becoming ever more sophisticated in its pursuit of data, passwords and financial details. Quite frankly,  some Cyber criminals are better students of psychology than many psychologists with a whole load if letters behind their name and what’s more, they know how to exploit the frailties of human nature mercilessly for financial gain.

Among the most effective tactics employed by cybercrooks in targeting individuals and indeed organisations are:

1. Phishing: a scam whereby the attacker sends fraudulent messages, usually via email or text message, in an attempt to trick the recipient into divulging sensitive information such as passwords, credit card numbers, or other personal data.
2. Spear phishing: a targeted form of phishing in which the attacker tailors the fraudulent message to a particular person or group, often using personal information or details specific to the recipient’s job or interests so as to make the message appear more legitimate.
3. Social engineering: a cunning cyber-attack which employees manipulative psychological techniques to do things that are contrary to their interests. Its takes many forms, including pretexting (creating a false scenario to gain information or access), baiting (leaving a physical device, such as a USB drive, in a public place to lure victims into plugging it into their computer). Common to social engineering is its ability to gain the trust of a mark.

Cybercrime is becoming less about hacking machines and more about hacking humans, is it not?

The Damage

If you are of a nervous disposition, look away now:

• The global annual cost of cybercrime is expected to hit $8 trillion in 2023
• 33 billion accounts will be breached in 2023.
• Cybercrime earns cybercriminals $1.5 trillion every year.
• $1.85 million is the average cost of a ransomware attack.

These figures make for sober reading. A security breach, the theft of personal data or a successful ransomware attack can be little short of catastrophic for a company. If word get out that an organisation has been hacked and sensitive information stolen,  your reputation can be in tatters in minutes, your good name irreparably damaged and your brand equity dead in the water.

Although organisations around the world have been trying to set their cyber security houses in order with  ever bigger budgets big budgets, many simply do not realise the extent to which certain personality traits of employees may put their data at risk.

How Personality can affect cybersecurity

There is a growing body of research to suggest that there are personality traits such as Agreeableness, Extroversion, Conscientiousness which when viewed through a Big-5 lens can indeed affect a company’s cybersecurity for better or for the worse.

The Big-5 model (on which Lumina Learning is based) is a much-respected empirically valid personality model which rests on 5 personality traits, each of which it measures on a continuum.

Thus:

Openness, Conscientiousness, Extroversion, Agreeableness, and Neuroticism.

Studies have shown that employees with certain personality traits, such as impulsiveness, a lack of conscientiousness, and those who take risks, may be more likely to flout cyber security best practices, thereby increasing the risk of cyber-attacks and security breaches.

5 Personality Patterns Every Leader Needs to Know

While the findings of some of these studies remain inconclusive and indeed in some cases contradictory, 5 patterns emerge:

Those who score highly on Agreeableness and conscientiousness tend to adhere better to cyber security practices.

Those who score higher on Openness are apt to be more vulnerable to phishing. This might be not unconnected with their adventurous sub-trait, though this remains a hypothesis.

Those that claim Conscientious as a trait are more likely to follow cybersecurity policies, be better organised and less lax with passwords

Extroverts can be particularly vulnerable to cybercrooks. Statistically speaking, they are more likely to flout cybersecurity policies

It stands to reasons that the highly agreeable are more likely to fall prey to cyber-attacks. By definition, they are trusting and are eager to please, traits which cybercriminals can exploit in phishing attacks. That said, much research shows that they tend to be very security-conscious and are adept at spotting deception

By contrast, companies with employees who are more aware of cyber security risks and take a pre-emptive approach to protecting themselves and their organisation are less likely to suffer security breaches.

Other studies show that organisational culture and leadership play a not unimportant role on employees’ cyber security behaviour. Thus, companies with a strong culture of cyber security awareness and a steadfast commitment to protecting sensitive information are more likely to have employees who take cyber security seriously.

Although more research is needed to understand the true relationship between personality and cybersecurity, there is no denying that personality traits, organisational culture and leadership have much to contribute to a company’s approach to cyber security. For by being aware of these relationships and incorporating their lessons into their cyber security strategy, organizations will be better able mitigate the risk of cyber-attacks.

In this, personality assessments such as Lumina Learning’s Spark can help organisations strengthen their defences against cybercrime by providing insights into the attitudes, behaviours, and habits of employees in the matter of to cyber security.

To conclude, here are 7 ways Lumina Learning can make an Impact

1. Identifying vulnerabilities: Lumina Learning can help organisations identify those who may be more vulnerable to social engineering and phishing scams.
2. Raising awareness: Lumina Learning can help raise awareness amongst employees about the grave dangers of cybercrime and issue staff with advice based upon their Spark portraits
3. Smarter hiring practices: Personality assessments such as Lumina Spark can be used as part of the hiring process to better assess the potential cyber security risks posed by new employees. This can help organisations to better identify individuals who likely to fall prey to cybercrime
4. Better training and education: By understanding the different ways of being of employees, Lumina Learning can give companies the means to tailor their cyber security training to high-risk and indeed low-risk staff. What’s more, because Lumina Learning’s products are as engaging as they are effective, they are more likely to have the desired effect in terms of raising awareness and encouraging employees to adopt best practise
5. Improved accountability: Personality assessments can help companies to identify employees who may be more likely to behave in ways which put the organisation’s data at risk. Owing to the predictive validity of Lumina Learning, organisations can put in place systems and processes to better monitor and manage these employees more effectively, so lessening the risk of a cyber security breach.
6. Detecting threats: Lumina Spark enables businesses to identify employees who more likely to exercise vigilance and adopt best practises
7. Fostering a culture of Cybersecurity: By doing more to foster a culture of cyber security awareness (one where vigilance is exercised at all times), organisations can dramatically reduce the risk of cybercrime. Personality assessments can prove indispensable because the intel they provide helps identify employees who are highly conscientious and diligent in their approach to cyber security and encouraging others to follow suit.

Do join Dr Stewart Desson (the Founder and CEO of Lumina Learning) on March 9^th, 2023 for: Disaster Masterclass – Improve your business resilience for 2023.  In it, he shall be giving a talk on  ‘The psychology of Cyber Attacks’ Find out exactly how personality assessments can be used in the fight against cybercrime to better identify and mitigate risk in employees.

To join, click :  https://www.eventbrite.co.uk/e/disaster-masterclass-improve-your-business-resilience-for-2023-tickets-477274901077

Take part in our latest research and you’ll receive your own complementary Lumina Spark and Emotion portrait! https://www.luminalearning.com/index2.php?page=userregister&pguid=bf3f4ecf48439eb664f02cedf2d5c103