High Stress And Human Nature: The IT Security Angle

Are you introverted or extroverted? A thinker or a feeler? Chances are you’ve taken a Myers-Briggs test some time in your career, but regardless of personality type, studies show that the stress of remote work during the COVID-19 pandemic has everyone under pressure.

A new report by The Myers-Briggs Company and ESET, an Internet security company, warns that heightened levels of stress has employees more likely to fall for cyberscams. The report polled over 2,000 consumers and 100 CISOs on cyber scams since the onset of the pandemic, and in four out of five cases, the risk to their systems was reported to be significantly increased.

And it’s not just the human element—organizations worldwide have reported a 400% uptick in cybercrime this year. Cybercriminals are taking advantage of the tense social climate as much as they are the decentralization of workplace IT security, which is now spread across an expansive remote workforce and an ever-growing IoT (Internet of Things) that intermingles work and home devices. To say the least, IT security measures are stretched thin this year, as are employees themselves.

A good IT security strategy is also a holistic one. Understanding all facets of an encroaching cyber threat is as important as understanding your people’s response to it. As the Myers-Briggs/ESET report shows, even trained employees can fall for simple scams when under an abundance of stress.

So today we ask these important questions:

  • How does elevated stress affect your team’s interactions with cyberscams? 
  • What should IT security departments have an eye out for? 
  • And what can you do as an organization to acknowledge and help your team overcome the stress of working amid a global pandemic?

Keep Calm…

The Myers-Briggs/ESET report found that individuals with elevated stress are more likely to click on a suspicious link or download unusual email attachments, both of which are favored tools of the ever-popular phishing scam.

Usually, the best way to combat a phishing scam is to keep an eye out for the typical indicators: misspellings and inconsistencies in the text or email addresses, links with a suspect address when you hover over them, and generally unsolicited correspondence.

However, experts warn that elevated stress can affect that sense of perception and make people more likely to click without thinking. Employees that feel pressured on multiple fronts may do as an email tells them just to get it out of the way, without thinking to investigate further.

Stress also makes it less likely for affected individuals to report an incident to in-house IT security teams. This can be due to anything from the perceived hassle of checking in with another department to fear of judgment or repercussions for falling for a scam.

Nevertheless, it’s essential for employees to report to their organization’s IT security department when they feel they may have jeopardized their data or otherwise put the network at risk. An early warning can be the difference between pushing out a malicious actor and a system-wide security breach.

Organizations on all levels will benefit from a normalized IT security culture. Take the pressure off employees by sharing resources and implementing regular security assessments to raise awareness and incentivize your people to stay secure. Anyone can, and has, fallen for the most rudimentary of phishing scams—all that matters going forward is keeping it from happening again.

… And Carry On

Catering to the human element is just as important as combating human error. We’re here to help combat stress with our timely, comprehensive Pandemic Special Services, designed to keep your people and your systems safe.

Social engineering weaknesses alone put 90% of organizations at risk, and the need to evolve employee behavior and build company-wide security consciousness is paramount. Our innovative Social Engineering Evaluation uses real-world engineering tactics and scenarios used in present-day breach activity to develop defense tactics against social manipulation.

For more information, contact us today.

Posted in BAI Security Blog, Reducing Security Risks, Security Risks, Social Engineering and tagged , , .