Studies show 4% of users cause 80% of cybersecurity losses. It is critical to identify those users and figure out how to contend with them.
A NIST funded study was performed that administered a series of psychological assessments and then sent subjects a series of phishing messages over several months. The data was then analyzed with traditional statistics and then machine learning algorithms, which identified that phishing susceptibility was not based on a single trait, but rather multiple balances of different traits. This presentation will define those balance of traits to identify vulnerable users, and then define how to protect those users through a combination of security awareness and technical controls to limit the damage that highly susceptible users can cause.
Learning Objectives:
Understand the nature of machine learning and statistical techniques and why they are valuable in further refining how to examine psychological studies to better define specific populations among users.
Describe the mix of personality traits that make some users more susceptible to phishing attacks than others.
Better protect those users that are more susceptible to phishing and other social engineering attacks with specific enhanced protections tailored to the vulnerable users.
