· News

Human error continues to pose cybersecurity challenges during COVID-19

There has been a 63% increase in cybercrime since the outbreak of COVID-19, according to the annual Cyberchology report from IT security software company ESET and business psychology provider The Myers-Briggs Company.

For 80% of companies in the report, the increased cybersecurity risk has reportedly been due to human error or oversight, rather than the high skills of a hacker.

As remote working will become more permanent for many employees, the organisations’ concern is that businesses could face higher, more long-lasting risks throughout the pandemic.

Yet despite a clear increase in cybersecurity threats and a lack of employee skills, 40% of chief information security officers (CISOs) consulted in the report said that IT security budgets are not being increased.

The authors advised HR to introduce a cybersecurity strategy that considers the personality of employees to make sure it is adhered to when working remotely, particularly in times of heightened stress.

Jake Moore, cybersecurity specialist at ESET, said: “Remote working has brought greater flexibility to the workforce, but has also dramatically altered business processes and systems.

“The combination of fractured IT systems, a lack of central security, the sudden shift to home working, and a global climate of stress and concern is a perfect breeding ground for a successful cyberattack.

“The fact that only a quarter of businesses have faith in their own remote working strategy is shocking and shows there is much work to be done to secure working from home.”

As stress affects different personality types in different ways according to the Myers-Briggs type indicator, each individual employee may have their own specific blind spot when it comes to cybersecurity.

Mediators (Introverted, Intuitive, Feeling, and Prospecting, INFP types), for example, have a tendency to ignore facts that do not fit with their overall ideas when under stress.

This differs from Analysts (Introverted, Observant, Thinking, and Prospecting, ISTP types) who, under stress, can have a tendency to make decisions without informing others.

John Hackston, head of thought leadership at Myers-Briggs, has therefore suggested that a ‘multi-departmental’ approach is needed if companies are to be adequately protected from security risk.

He said: “Cybersecurity has long been thought of as the responsibility of IT departments alone, but in order to build a holistic cybersecurity strategy that accounts for the human factor, IT and HR departments must work together.

“Through the use of psychometric testing and self-awareness tools, HR can help to identify the makeup of teams and pinpoint potential vulnerabilities. IT teams can use this insight to create comprehensive security protocols and a proactive cyber strategy to stay one step ahead of potential threats.”

Statistical findings from the Cyberchology: The Human Side of Cyber Security report are based on the attitudes of 2,000 consumers and more than 100 UK CISOs.