The vast majority of cybersecurity breaches start with someone clicking on a link in an email. Phishing works, and continues to work, because it exploits weaknesses in human psychology and organisational culture.
New research suggests that national culture is also a factor, and an important one; perhaps as important as an individual’s overall information security awareness (ISA).
“Participants from countries associated with higher levels of individualism were better at discerning malicious emails, and this was found to be the strongest predictor,” wrote a research team from Australia’s Defence Science and Technology Group (DST) and the University of Adelaide.
“This may be attributable to low levels of individualism being linked to a desire to maintain group harmony. This, in turn, results in an increased drive to respond to requests from others, including those requests in malicious emails.”
The researchers also found that for both phishing and spearphishing — that is, generic and targeted phishing attacks — better knowledge, attitude, and behaviour specific to email use were associated with better detection of deceitful emails.
“Interestingly, there were differences between the factors that predicted phishing and spearphishing detection. Lower levels of cognitive impulsivity and high levels of agreeableness were only linked to better discrimination of phishing emails. Higher levels of neuroticism were only associated with better…