sb-nz logo
Story image

Internet security researcher seeking assistance from cybercrime victims

27 Jun 2018

An Auckland researcher is seeking the assistance of 1000 New Zealand internet users as part of a project to understand the nature of human risk factors in the world of cybersecurity.

Chris Hails is a member of Deloitte’s national cybersecurity team by day but spends his spare time on a research project funded by InternetNZ to assess an individual’s ‘Security Quotient’ score.

By taking an online survey, Hails hopes to be able to identify internet users who may be more likely to fall for social engineering tricks such as email phishing and other common scams that rely on exploiting human vulnerabilities.

“My aim is to use psychometric profiling to prevent Kiwis from falling victim to cybercrime,” says Hails, who became passionate about finding a solution whilst working at NetSafe.

“Between August 2010 and August 2016, New Zealanders reported almost 28,500 online incidents involving $35million in direct financial losses,” says Hails.

“Speaking with hundreds of victims who had lost anywhere from a couple of hundred dollars to more than $2million to ransomware, business email compromise, investment scams or romance scams made me realise there’s a real need to identify high-risk human behaviours and mitigate it through additional security controls or by educating people in a targeted manner.”

Hails went on to work at the National Cyber Security Centre, part of GCSB, where phishing attacks designed to harvest usernames and passwords or infect a computer remained the number one method of choice for advanced attackers targeting New Zealand organisations.

“Phishing is popular across cybercrime gangs and nation-state actors simply because it works - computer users are vulnerable to deception, clicking on malicious links or opening attachments.”

A pilot Security Quotient survey requested basic demographic details and used 62 questions from three psychometric scales to measure computer use, health and lifestyle factors and individual risk appetite and risk perception.

“That initial data suggested that 3-4% of people may be more vulnerable to social engineering attacks based on facets of their personality,” says Hails.

The survey has now been improved upon and Hails needs 1000 New Zealanders to help progress his research.

“Anyone over 18 is welcome to take the survey. If you’ve previously been a victim of cybercrime that would also help confirm if the scoring mechanism is effective and could help prevent people suffering harm in the future.”

More information on the study is available here.

The Security Quotient survey is now available here

Story image
Unbound seeks channel growth with new partner programme
Those who sign up will have access to Unbound’s security solutions, sales and partner enablement, deal registration and partner portal.More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More
Link image
How to head off a rise in DDoS attacks
Many businesses invest in costly DDoS mitigation and protection solutions, but few test them. NCC Group tests all environments and is one of only two AWS DDoS Test Partners. Claim 10% off your next DDoS service today.More
Story image
The business case for an in-house ethical hacker
Ethical hackers, also known as penetration testers or white-hat hackers, mimic the techniques used by malicious hackers to try and break into computer systems and discover vulnerabilities before the bad guys can exploit them.More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More