020 3633 3182

Call Us for IT & Cyber Security Advice

0 %
Response times

We guarantee to get back to you within 30 seconds 99% of the time.

0 +
Benefits

100+ Customers have experienced the benefits of our IT Support.

0 %
Specialist support

95% of our customers would recommend us as a specialist.

0 %
Response times

100% of our calls are answered by specialist engineers.

Cybersecurity Beyond Code: Call for a Human-Centric Approach

“In 2020, 93% of cyber attacks started with people instead of technology.” 

This data from Dr. Erik Huffman’s research highlights the profound correlation between internet security and human behaviour. Every time someone reads an email or opens a link, they must determine if it is safe to proceed. 

While firewalls and other technical solutions help protect us from many of the web’s bad actors, we can also think critically and respond appropriately. That is the most powerful weapon of all. 

Dr. Erik Huffman is a specialist in the psychology of why individuals fall victim to cyberattacks. As a cyberpsychology researcher, he has delved deep into the psychology of humans to answer problems such as, “Why do people fall for phishing emails?” and “Are particular personality types more inclined to be victims of cyberattacks?” Dr. Huffman presented his research findings and recommendations at a compelling Infosec Inspire session. 

Here are some essential insights for understanding the connection between human actions and cybersecurity. 


The Field of Cybersecurity Relies on Decision-Making As a Fundamental Science

When someone launches an internet browser, they are overwhelmed with options: should I open this email? Should I download the attachment? Is this a message from my boss, or is it someone pretending to be him? The process of making choices is fast, complicated, and susceptible to emotional influence. “People, unlike machines, do not often change their behaviour in line with logical information: they need PR and propaganda,” said Dr. Huffman. This says, “We fall for propaganda. The machine does not.” In other words, rather than thinking logically, people are influenced by their emotions. 

But how does emotional influence work? Dr. Huffman outlines a set of psychological concepts known as the principles of influence:

  • Reciprocity: People tend to give back when offered something.
  • Commitment and consistency: People do not like giving up after starting anything.
  • Social proof: People are more inclined to trust a person or organisation whom other people trust.
  • Liking: People are more prone to trust persons they know and like, just as they are with reciprocity.
  • Authority: People are more prone to listen to individuals and organisations with a strong sense of authority.
  • Scarcity: People who believe they have little resources may take rash actions.

The goal of these attacks is to elicit a dramatic, knee-jerk emotional reaction known as “amygdala hijacking.” This becomes evident when you examine the threat language used in phishing emails. Although these emails are frequently mocked for their numerous errors and unusual changes of words, they do have a tremendous emotional impact. Some messages aim to instill fear or humiliation, such as “We adjusted the virus on an adult website you recently visited…”, while others emphasise the need to send money within 24 hours of opening the message. 


Psychological Aspects of a Cybersecurity Victim

Dr. Huffman has conducted substantial research into the psychological factors that render people prone to hacking. To further understand what makes people at risk, he recommends the Big Five Model for Cyber Victims. These personality characteristics include:  

  • Extraversion
  • Agreeableness
  • Conscientiousness 
  • Emotional stability
  • Open to new experiences
  • Impulsiveness

Dr. Huffman feels that the last feature, impulsiveness, is the reason why ransomware frauds are changing. Previously, the fraud was quite straightforward: we lock up your data and you pay us to return it. However, current variants of the scam now use threat language that exploits the victim’s impulsiveness and scarcity. Instead, the script may say, “Pay us three Bitcoin within 72 hours — otherwise, it will double.”


Expertise in technology doesn’t guarantee immunity from failures.

One of Dr. Huffman’s most shocking results is that technological knowledge does not always protect people from becoming victims of cyberattacks. His research demonstrates that cybersecurity professionals are just as vulnerable to phishing and attempts at social engineering as anyone else. They’re also just as likely to give information to a hacker as non-technical employees. This unexpected discovery led Dr. Huffman to conclude, “This isn’t a technical issue, it’s a human issue.”

However, there is one area where technology workers excel: spotting suspicious websites. Dr. Huffman presented thirty websites to a group of professional and non-technical personnel. He discovered that technical people were better able to spot conventional security signs such as Hypertext Transfer Protocol Secure and the recognisable padlock icon in the URL bar. This mismatch demonstrates that typical security indicators are not as well understood or useful to non-technical people.

This is a knowledge gap that security awareness training for every level of personnel can assist bridge.


What Can You Do? 

Dr. Huffman recommends conducting a threat assessment. The cybersecurity staff must understand its users and what may drive them to click on a malware vector. He also advocates doing coping assessments for all important personnel in your firm. A coping appraisal will answer crucial questions for your team, such as “If something happened, how would this person cope?” and “Would they comply with the policy?” 

Blogs

Weekly Blogs For A Quick Informative Read!

Our Partners

Clients Testimonials

We take pride in our service and maintaining strong relationships with our customers.

Being partnered with WPC is a joy. Their level of service and turnaround is exceptional. As is every member of the support team that I am in contact with. Savvy support and great to work with!

 

Stephen Sawley, Director

I have worked with this company for over 4 years and can safely say that the customer service is second to none. The staff go above and beyond to assist with clients and suppliers and are always very friendly and responsive. I would highly recommend Workplace to anyone looking for a quality IT partner.

Elliot Azim, Director

We have been using Workplace Connect for around 2 years now, and have found them to be a great company to work with. The change over from our last provider was seamless, and we have enjoyed an uninterrupted service since then. They are always available to assist with any enquiries, and deal with all matters promptly. I wouldn't hesitate to recommend them to other businesses.

Mark G, Director

Your Partners in Professional Excellence

Round-the-Clock Assistance:

Our commitment to your success knows no bounds. Experience unwavering support with our 24/7 service, ready to serve you anytime, any day.

Strategic Locations for Strategic Partnerships:

Basingstoke: Never Despair Studios, Unit 2, Alton Road, Hook, RG29 1RT

London: 86-90 Paul Street, London, EC2A 4NE

Dedicated Expertise for Specialised Sectors:

Speak to a Specialist

If you have any queries or would like to learn more about how we can support your business, contact us today.

Certifications

Get Our Free Guide

Get our free guide today to learn the key threats you should be looking out for when using your device and working online.

This free guide includes:

If you would like further advice and support then contact us today!

Latest Resources

Use our latest resources to learn more and keep updated on news regarding cyber security and IT.