Fixing the “Phishee": How to Prevent Your Employees From Being Phished
When news of a ransomware attack on a business or organization breaks, it typically focuses on the monetary demands made by the criminals and what the victims paid to get their data back.
We’ve all seen the headlines, “XYZ Corp Pays Millions to Cyber Thieves,” but we rarely find out the exact cause of the attack. Or, to put it more succinctly, who clicked on the phishing email that caused all this trouble in the first place?
While anyone can unleash a ransomware attack with an errant click, some individuals are more likely to do so—and these weakest links can bring your entire operation to its knees.
We look at the characteristics and circumstances that make individuals more vulnerable and offer insights you can use to help fortify them.
Personality Traits
According to Sage Publications extensive report Characteristics that Predict Phishing Susceptibility, people who are prone to phishing are likely to exhibit one or more of the following personality traits:
• Agreeableness
• Conscientiousness
• Openness to Experience
• Extraversion
• Impulsivity
• Sensation Seeking
• Curiosity
• Risk Propensity
• Dispositional Trust/Tendency to believe in others’ positive attributes
• Submissiveness
Successful phishing can only occur when a target is open to the incoming email, willing to give it some consideration, or is inclined to give in to its demands or requests. As this list shows these traits are more likely to facilitate this.
Demographic Factors
The report also suggests that demographic characteristics can increase the likelihood of one person responding to a phishing attack over someone less inclined to do so.
Age
While the report cites several studies indicating individuals aged 18-25 exhibit the highest susceptibility to phishing, it goes on to say that others fail to show that age makes a difference. Moreover, some studies indicate that older adults are more susceptible to phishing than younger individuals.
Computer Literacy
The amount of experience one has using a computer, email and the internet is a highly important predictor of phishing susceptibility, states the report. “High familiarity with computers was associated with better phishing email management.” Time spent on a specific platform can also increase a user’s ability to spot platform-specific phishing attacks.
Other Demographic Factors
While the report also looked at gender and education, whether these factors had a significant impact on phishing susceptibility proved inconclusive. Findings did, however, indicate that increased technical knowledge reduced phishing susceptibility levels across all gender and education levels.
Training Raises Phishing Awareness IQ
Regardless of personality traits and demographic factors, phishing awareness training has been proven to lower phishing success rates across the board. In the blog post Does Phishing Awareness Training Work? on CyberPilot, 80% of organizations that implemented training found fewer instances of phishing.
Simulated email phishing attacks followed up with individualized training for those who clicked is a powerful training combination and an industry standard. Firms like KnowBe4, Mimecast, and Barracuda Networks are just some of the many firms that offer these services. An online search of the term “phishing awareness training” reveals several.
Sparklight Can Help Protect Your Organization
At Sparklight, we understand the important role we play when it comes to securing your business against phishing attacks and other cyber threats. From firewall protection and encrypted connections to sophisticated support, we’re here to provide peace of mind across the board.
In addition, our vast and growing catalog of self-help blogs includes several phishing-related posts you can reference, some of which are listed here:
• Turn Frontline Employees Into Cyber Shields
• Don’t Click That! The Dangers of Phishing Hyperlinks
• Protect Your Business from Cyberattacks With Cybersafe Tips for CIOs
We invite you to check these out and hope you find them useful in the ongoing battle against cyber thieves who target and phish businesses.