cyber threat alert in email inbox and mobile phone

Fixing the “Phishee.” Take Employees from Weakest Link to Impenetrable Defender

When news of a ransomware attack on a business or organization breaks, it typically focuses on the monetary demands made by the criminals and what the victims paid to get their data back.

We’ve all seen the headlines, “XYZ Corp Pays Millions to Cyber Thieves,” but we rarely find out the exact cause of the attack. Or, to put it more succinctly, who clicked on the phishing email that caused all this trouble in the first place?

While anyone can unleash a ransomware attack with an errant click, some individuals are more likely to do so—and these weakest links can bring your entire operation to its knees.

We look at the characteristics and circumstances that make individuals more vulnerable and offer insights you can use to help fortify them.


Personality Traits

According to Sage Publications extensive report Characteristics that Predict Phishing Susceptibility, people who are prone to phishing are likely to exhibit one or more of the following personality traits:


• Agreeableness

• Conscientiousness

• Openness to Experience

• Extraversion

• Impulsivity

• Sensation Seeking

• Curiosity

• Risk Propensity

• Dispositional Trust/Tendency to believe in others’ positive attributes

• Submissiveness


Successful phishing can only occur when a target is open to the incoming email, willing to give it some consideration, or is inclined to give in to its demands or requests. As this list shows, these traits are more likely to facilitate this.


Demographic Factors

The report also suggests that demographic characteristics can increase the likelihood of one person responding to a phishing attack over someone less inclined to do so.


While the report cites several studies indicating individuals aged 18-25 exhibit the highest susceptibility to phishing, it goes on to say that others fail to show that age makes a difference. Moreover, some studies indicate that older adults are more susceptible to phishing than younger individuals.

Computer Literacy

The amount of experience one has using a computer, email, and the internet is a highly important predictor of phishing susceptibility, states the report. “High familiarity with computers was associated with better phishing email management.” Time spent on a specific platform can also increase a user’s ability to spot platform-specific phishing attacks.

Other Demographic Factors

While the report also looked at gender and education, whether these factors had a significant impact on phishing susceptibility proved inconclusive. However, findings indicated that increased technical knowledge reduced phishing susceptibility levels across all gender and education levels.


Training Raises Phishing Awareness IQ

Regardless of personality traits and demographic factors, phishing awareness training has been proven to lower phishing success rates across the board. In the blog post Does Phishing Awareness Training Work? on CyberPilot, 80% of organizations that implemented training found fewer instances of phishing.

Simulated email phishing attacks followed up with individualized training for those who clicked is a powerful training combination and an industry standard. Firms like KnowBe4, Mimecast, and Barracuda Networks are just some of the many firms that offer these services. An online search of the term “phishing awareness training” reveals several.


Hargray Can Help Protect Your Organization

At Hargray, we understand the critical role we play in securing your business against phishing attacks and other cyber threats. We provide peace of mind, from firewall protection and encrypted connections to sophisticated support.

In addition, our vast and growing catalog of self-help blogs includes several phishing-related posts you can reference, some of which are listed here:

Are You Doing Enough to Protect Customer Privacy Online? | Hargray

Getting Ahead in Business: Stopping Ransomware Before It Stops You | Hargray

We invite you to check these out and hope you find them useful in the ongoing battle against cyber thieves who target and phish businesses.