Human error is at the root of a large spike in cybersecurity risks that has beset eight in 10 companies during the coronavirus (COVID-19) pandemic, a new report said.
COVID-19-associated stress, as it turns out, not only can unnerve people in their personal lives but also negatively affect employees’ performance at work, according to a joint research effort of cybersecurity specialist ESET, a Slovakia-based firm, and Myers-Briggs, a Sunnyvale, California-headquartered business psychology provider, entitled Cyberchology: The Human Element.
The report, which gleaned data from a universe of 2,000 consumers and 100 chief information security officers (CISOs) in the United Kingdom, triangulates a 63 percent increase in cyber crime among the businesses during the pandemic to the nearly 50 percent of people worried about managing COVID-19-associated stress to the challenge organizations face to devise a security strategy that fits a mushrooming remote workforce.
Stress is the common denominator that ties together the various factors, said ESET and Myers-Briggs:
“Stress affects different personality types in different ways, meaning that each individual employee has their own specific blind spot when it comes to cybersecurity. As the pandemic has raised stress levels, staff members may be more likely to panic and click on a malicious link, or fail to report a security breach to the IT team, depending on their personality type.”
The answer, the authors said, is a “holistic cybersecurity strategy that takes individual personalities into account.” In other words, where humans under stress are involved don’t assume a cookie-cutter will solve the problem, particularly when it comes to avoiding cybersecurity missteps.
The report found that 75 percent of companies said that half of their business is being undertaken by employees who are now working remotely but weren't doing so before COVID-19. With remote working likely to continue for many employees, businesses are more at risk than ever. As a case in point, only 25 percent of businesses trust their strategy to protect remote workers from cyber attacks.
On the consumer side, more than two thirds of people are concerned about their cyber safety but don’t know what to do about it.
The two principals behind the report pointed to the symbiosis effect of remote working and the human factor on cyber risk. “The combination of fractured IT systems, a lack of central security, the sudden shift to home working, and a global climate of stress and concern is a perfect breeding ground for a successful cyberattack,” said Jake Moore, ESET cybersecurity specialist.
A purposeful holistic cybersecurity strategy must account for the human factor as well as collaboration between the IT and human resource (HR) departments, said John Hackston, who heads thought leadership at Myers-Briggs. “Using psychometric testing and self-awareness tools, HR can help to identify the makeup of teams and pinpoint potential vulnerabilities. IT teams can use this insight to create comprehensive security protocols and a proactive cyber strategy to stay one step ahead of potential threats."