The human side of cybersecurity

New work in the International Journal of Business Information Systems looks at the human side of cybersecurity. We might think of cybersecurity as being mostly about firewalls, antivirus software, spam filters, and dDOS detection, but it is often social engineering and human failure that leads to breaches of computer systems and networks rather than sophisticated malware.

Rajesh Kumar Upadhyay of the Graphic Era Hill University, Dehradun, and Anurag Singh and Brij Mohan Singh of the India and College of Engineering Roorkee surveyed professionals, non-professionals, and students working and studying in the educational sector of the Uttarakhand region. They hoped to explore the relationship between awareness of computer security issues and human behavior.

They focused on various personality traits to determine whether there were correlations between those and a person's understanding of cybersecurity. The team points out that while an organization or individual can put in place policies and tools to protect from intrusion that happens digitally it is almost impossible to protect against social engineering without ongoing education of users who might succumb to the dubious and persuasive skills of the confidence trickster.

Cybersecurity is an enormous challenge worldwide, the team emphasizes. The team has now looked at extroversion, agreeableness, conscientiousness, neuroticism, and openness of personality and how this relates to an individual's perception and understanding of cybersecurity with a view to educating where there are gaps in knowledge or where a particular personality type might well be more susceptible to social engineering than another.

Fundamentally, we all have different attitudes to cybersecurity and this can thus be an issue within an organization. However, the team did find that conscientious extroverts tended to be more aware of the issues and more likely to take a proactive approach to cybersecurity than others with different personality traits, and this was regardless of gender.

The team suggests that organizations ought to improve their security awareness among their users as well as instigate practices to help thwart social engineering attacks.