How HR Can Prepare for a Cybersecurity Attack

Digitization has long been the pathway to business growth. However, the business process does not come without its share of challenges. 

Technological advancement has allowed organizations to manage volumes of information seamlessly. This capability ultimately led to the birth of cybersecurity to protect every ounce of sensitive information an organization possesses. It’s safe to say that businesses are doing everything in their power to avoid the disclosure of crucial information. And it’s becoming even more relevant now that cybercrime has been more prevalent.

Cybercrime is an industry itself. Illegal activity from trained criminals ranging from rogue individuals to agencies with their staff with ill-intent – mostly for monetary gains. Business news was filled with high-profile cyber breaches the past few years.

Acer, the multinational hardware and electronics corporation, fell victim to ransomware demanding 50 million dollars. Canadian aerospace company, Bombardier, suffered a breach that exposed information from employee identities to supplier data. Moreover, tech giant Microsoft discovered Chinese hackers gaining access to multiple organizations’ email accounts through its Exchange Server. 

In an attempt to avoid these security breaches, numerous businesses consider doling out huge budgets to hire technology experts. While this has been proven to be effective, another approach to reducing the likelihood of these cyber attacks is to view it as a systemic issue between IT and non-IT executives.

A staggering 95% of cyberattacks are caused by human negligence or human-based attacks such as phishing. This figure highlights the main tactic of cyber criminals’ exploitation of human vulnerabilities particularly in non-IT employees. That’s why HR and global mobility departments need to raise security awareness across the organization.

Cybercriminals have mastered the art of deducing the most vulnerable victims. They can be considered as social engineers analyzing human behaviors, motivations, and drivers. So, businesses should be a step ahead of these criminal masterminds to make themselves aware of personality types that are more susceptible to cyberattacks.

Myers-Briggs Type Indicator (MBTI)

Myers-Briggs Company is a global provider of people development solutions. It believes in the key role of self-awareness in self-development. One of its most popular outputs is the MBTI 16 personality types that helps individuals understand themselves better. Cybersecurity firm, ESET, took notice of the usefulness of the test and utilized it to gather crucial cyber behaviors of each personality type.

Since 2019, ESET has partnered with Myers-Briggs Company to explore the influence that an employee’s role and personality have over cybersecurity. Fast forward to 2020, both firms released the Cyberchology The Human Element paper investigating the link between personality type and cybercrime vulnerabilities. 

The paper elaborates on what specific traits a personality type has and its effect on cyber behaviors. For example, individuals with ENFP personality types are possibly impulsive email responders and ENTJ personality types may be more vulnerable to malicious downloads disguised as legitimate software. 

The Big Five Model

This analysis offers fewer personality traits where individuals can score high or low in the spectrum where scores are neither positive nor negative. It analyzes people’s behaviors across openness, conscientiousness, extraversion, agreeableness, and neuroticism.

Openness. The model defines this trait as the openness to experience. Individuals scoring high in the spectrum are adventurous and considered to have creative minds. But they are relatively vulnerable to phishing scams due to their curious nature. On a better note, more open people have the ability to detect things that are unusual and can be an advantage when dealing with suspicious messages or emails. 

Conscientiousness. People with this type of personality trait demonstrate exceptional levels of trustworthiness, organization, and discipline. They’re also considered to be cautious and are compliant with rules and regulations which are good if they’re set up in place to prevent security breaches. The risk presented with individuals with higher levels of conscientiousness is their achievement-driven nature that cybercriminals might exploit with phishing emails offering success-motivated content.

Extraversion. Individuals scoring high in this trait are similarly defined with the Myers-Briggs version of extraversion. They’re described to be assertive, energetic, and warm. Expert cybercriminals do however exploit their responsiveness to rewards and social attention. So HR should take the lead in supporting them to respond to potential vulnerabilities well.

Agreeableness. Agreeable people have the tendency to become excessively trusting. That’s probably why these individuals are highly susceptible to cyberattacks. Their kind nature should signal HR and global mobility teams to orient them of strict protocols when encountering unusual communications across multiple channels. Since they’re also likely to be security conscious, cooperating with rules and regulations will not be a problem for them at all.

Neuroticism. Individuals with high levels of this trait are usually demonstrated in a bad light. Perhaps it stems from their impulsiveness and their vulnerability to stress. But people with this trait are skeptical individuals. They’re proficient in detecting fake emails. Because of the risks they pose in their stressed states, it’s best to maintain low-stress levels for these individuals.