Cyber attacks are hugely costly to firms around the world, so it’s perhaps no surprise that many are investing in training to help staff ward off any cyber attacks they themselves encounter. A new study from Michigan State University suggests that a good place to start might be with employees with a certain personality type.
“People who show signs of low self-control are the ones we found more susceptible to malware attacks,” the researchers explain. “An individual’s characteristics are critical in studying how cybercrime perseveres, particularly the person’s impulsiveness and the activities that they engage in while online that have the greatest impact on their risk.”
This low self-control can manifest itself in many ways, including negligence, short-sightedness and a general inability to delay gratification.
“Self-control is an idea that’s been looked at heavily in criminology in terms of its connection to committing crimes,” the authors continue. “But we find a correlation between low self-control and victimization; people with this trait put themselves in situations where they are near others who are motivated to break the law.”
A cyber risk
The researchers surveyed some 6,000 people to understand both their online behavior and their personality type. For instance, participants were asked how they would respond in certain situations, whilst they were also asked whether their computer behaved in a way befitting a machine infected with malware, such as having strange pop-ups or running slowly.
The researchers believe that hackers are all too well aware that people with low self-control are scouring the web for what they want, which gives them an easy target to prey on. The authors believe that a better understanding of our personality types and how that effects risk is crucial if that risk is to be mitigated.
“There are human aspects of cybercrime that we don’t touch because we focus on the technical side to fix it,” they explain. “But if we can understand the human side, we might find solutions that are more effective for policy and intervention.”
Ultimately, the researchers hope that their work will help to break down the silos between the computing and social science worlds so that the cyber security industry can take a more holistic approach to fighting cybercrime. Only when the social risk factors are known can the technical teams begin to develop strategies to help reduce that risk.
“It’s a pernicious issue we’re facing, so if we can attack from both fronts, we can pinpoint the risk factors and technical strategies to find solutions that improve protection for everyone,” they conclude.