Contrary to popular belief, phishing is aimed to take advantage of the way humans interact with computers and interpret messages, rather than taking advantage of technical vulnerabilities. Research tells us that humans can be easily manipulated into disclosing confidential information by exploiting their cognitive biases and habits.
According to Gov.uk, £4,590 is the average spend on cyber security for businesses in the UK, and for larger organisations, the average annual spend is as much as £387,000. UK businesses spend large sums of money on systems to combat threats such as anti-malware, spam filters and firewalls, yet on average, only 10% of this budget is spent on cyber education.
Alarmingly, 90% of all successful corporate cyber attacks are attributed to human factors, mainly because employees are seen as the easiest route into carrying out a cybersecurity attack on a business.
Thinking from the mindset of a cybercriminal, would you target a company’s technological defences which they heavily invest in, or target people’s cognitive biases which can be easily taken advantage of?
The answer is evident and this is why we take the human factor of cyber security so seriously and put this at the forefront of our training.
To help gain a better understanding of the psychological process behind phishing emails, Sathpal Panesar, a psychologist from The University of Huddersfield recently joined the Bob’s Business Technical Team as part of a Knowledge Transfer Partnership (KTP) project.
A KTP is a collaborative partnership between a business, University academics, and a highly skilled graduate, aimed to deliver a strategic innovation project. By acquiring specialist knowledge from the academic experts, the graduate aims to make new changes, enabling a company to become more innovative, effective and efficient.
As part of Sathpal’s project, he is looking at developing the first evidence-based & psychologically-informed cyber security training program in the UK with support from leading academics in Psychology and Cybersecurity, Dr Chris Street, Dr Simon Parkinson and Prof. Peter Clough.
Sathpal is investigating the psychological causes of risky cyber security behaviour by exploring human factors in depth to further our understanding into what actually makes people click on phishing emails. His research into the psychology behind phishing will not only be embedded into our training courses but he will also be running psychological analysis on simulated phishing campaign results. Through the use of behaviour analytics, Sathpal will be carrying out a psychological analysis of employees behaviour tailored for each simulated phishing campaign by identifying key vulnerabilities. The results will be able to show how your employees actually behave when it comes to phishing and why some employees may be much more susceptible than others.
Make sure to follow our social media pages and regularly visit our website to keep up to date with Sathpal’s project and findings.
