Nice people become bigger targets for cybercriminals


A new study from Stellenbosch University (SU) that focuses on the so-called Big Five personality types has found that people with a pleasant personality stand a greater chance of being manipulated by cybercriminals into sharing private and sensitive information.

This study by Vian Smit, a Cape Town systems analyst, indicates a striking connection between personality types and cyber security risk.

Susceptibility to the attacks was determined by asking 700 people about their personality type and how likely they are to respond to different social engineering attacks. This is when cybercriminals trick people into providing private information or passwords by clicking on malicious links.

The results of the study show that agreeable people are most likely to fall victim to social engineering attacks, followed by those who are conscientious, as well as extroverts. Neurotic and so-called open-minded people are less likely to be deceived. Extroverts violate cybersecurity policies more often because they tend to comply with malicious requests more often.

The study finds that individuals with high levels of agreeableness are particularly susceptible to manipulation by cybercriminals. Conversely, neurotic people, characterized by emotional instability and anxiety, showed the lowest susceptibility to such attacks.

According to Smith, people with a pleasant personality are compassionate, altruistic, kind and forgiving. These people have the tendency to always be kind and want to help others. However, they often harm themselves when faced with a social engineering attack.

“They are more susceptible to phishing (phishing, if someone is tricked into opening fake emails, instant messages or text messages), spear phishing (spear phishingwhen a specific person is targeted), impersonation, impersonation, watering hole attacks, QR code phishing and SMS phishing,” says Smith.

Smit emphasizes that neurotic personality types are easy targets for attacks through fake apps or plug-ins, and extroverts for fake ads and doppelgänger Wi-Fi attacks. Conscientious people are susceptible to phishing, spear phishing, impersonation, spoofing, watering hole and QR code attacks, while open-minded people are more likely to fall for spoofing, watering hole and doppelgänger Wi-Fi attacks.

He believes that information about people’s personality types and their susceptibility to social engineering attacks helps cyber security teams in businesses and organizations to incorporate effective mitigation strategies for each personality type. Organizations will also know which employees are more susceptible to these attacks if they have a better understanding of their personality type.

“Understanding the personality traits that are most vulnerable to social engineering attacks can help cybersecurity experts develop more effective protection strategies. Equipped with a deeper understanding of the human psyche, organizations can confidently navigate the complexities of cyber security and protect their most valuable assets in an ever-changing threat landscape,” says Smith.

Smith believes that organizations improve employee awareness and training, especially for those with likable personality traits, to reduce the risk of successful social engineering attacks.

“In addition to addressing human vulnerabilities, organizations must also implement robust cybersecurity measures, such as those outlined in the top five vulnerability mitigation strategies – asset discovery, vulnerability identification, implementation of security controls, management of computer enhancements and ongoing monitoring.”