ESET: Ignoring human element in cyber safety a mistake
FYI, this story is more than a year old
Neglecting the human element in cyber safety protocols could potentially expose businesses to cybercrime, according to IT security firm ESET.
According to the Cyberchology paper, which investigates the link between personality types and vulnerabilities to cybercrime, which was launched by ESET and The Myers-Briggs Company, only four in 10 (42%) businesses focus on compliance training as part of their cybersecurity protocol to ensure sensitive data is kept secure.
More worryingly, ESET says, is that 63% rely predominantly on passwords.
The Cyberchology paper highlights that cybersecurity should be on every boardroom’s agenda. Management needs ongoing one on one meetings and training to highlight and mitigate potential vulnerabilities within teams.
Jake Moore, security specialist at ESE, says by leveraging ESET’s deep research capabilities, the Cyberchology paper highlights current cyber threats such as Formjacking, PowerShell and IoT attacks.
"Cyberattacks are almost considered business as usual because they have become so frequent," says Moore.
"Criminals’ modus operandi are extremely diverse and unpredictable and, aside from a reputable and trustworthy cyber solution, having a solid front line of employees who are armed with ample information and support is critical for businesses," he explains.
Moore says that securing the human element is vital in today’s fast-changing cyber landscape.
"We are seeing a growing need for companies to streamline their teams’ cyber safety protocols," he says.
While the motivation behind a cyber-attack may be varied and impossible to predict, Moore says companies can take the time to learn more about their employees’ personalities and behavioural preferences to help them understand the role they play in securing company data.
Research collated by The Myers-Briggs Company that looked at individuals across Europe revealed that people who focus their attention on the outside world (Extraversion) are more vulnerable to manipulation and persuasion by cybercriminals.
In contrast, people that lean towards Sensing preferences (people that observe and remember details) may be better suited to spotting risks as they arise.
According to John Hackston, head of thought leadership at The Myers-Briggs Company, says identifying people’s potential strengths and weaknesses not only highlights how different team members may be at risk without even knowing it, but it can also be used to foster a collaborative team dynamic as members may call on each other’s strengths if there is something they are not sure of.
“When it comes to cyber safety protocols, we strongly advocate delivering a personalised cybersecurity management programme to employees," Hackston says.
"We believe that when employees are aware of their potential blindspots, they are naturally more invested and better prepared to be wary of things that may not seem quite right," he explains.
"By improving employees’ self-awareness, employers can maximise individual and team performance," adds Hackston. "This is particularly important in a fast-moving industry like cybersecurity, which combines constantly shifting challenges with the need to place trust in individuals.”