Cyber ​​skills of employees, a perception of risks very different from reality » The economic and political newsletter of PACA

Mailinblack, the Marseille nugget that makes cybersecurity accessible to all organizations, reveals the results of the survey conducted by OpinionWay on office workers faced with the reality of their cybersecurity skills.

This study is intended to understand the habits of employees in terms of the use of digital tools and to assess their vulnerability to cyberattacks.

While 88% of employees believe that they are vigilant about the emails received and that 67% think it is easy to detect fraudulent emails, only 3% of respondents managed to detect them all. Surprising results commented on by the teams of OpinionWay, Mailinblack as well as by Bruno Teboul, DEA in Cognitive Sciences (Ecole polytechnique), Doctor in Management Sciences (PSL) and researcher in Cognitive Sciences and Behavioral Economics.

“The results of this survey reinforce our convictions about the need to raise awareness and train all employees, especially those who do not feel the need. They also teach us that working conditions have an influence on the cognitive abilities of employees, thus making them more or less vulnerable to cyberattacks.explains Thomas Kerjean, Managing Director of Mailinblack.

Employees concerned but – too – confident in the face of cyberattacks

At first glance, office workers seem aware of cyber risks: 88% say they are vigilant about the emails they receive, 79% that they would feel very guilty if they were responsible for a hack and 65% ‘between them have never had the feeling of confronting their company with any danger whatsoever. However, while 59% of employees believe they have mastered the subject, their perception of their cybersecurity skills is out of step with reality. Indeed, as part of this study, respondents were asked to identify fraudulent emails from a selection of six messages (four were actually fraudulent). Yet warned, only 3% of respondents managed to identify them all.

Over the course of the questions, we realize that 53% of respondents have difficulty understanding the jargon of IT security, that 31% go so far as not to apply the security instructions put in place by their companies or that 26% click on links in an email without verifying their origin.

Finally, nearly six out of ten employees (58%) admit cross-use of their professional or personal tools. Nearly half of them (46%) also use the same login ID or the same password at work as for their personal use.

Cognitive neuroscience to understand employee vulnerability

Hackers’ methods have become more professional and technology is no longer enough to counter them. Since employees are on the front line in the face of these attacks, they rely more on the cognitive biases and primitive instincts of individuals.

According to Bruno Teboul, cognitive neuroscience would make it possible to understand the mechanisms involved in the famous “click” preceding the cyberattack: “87% of those polled said they often manage several tasks simultaneously and 78% say they have a high workload. This has cognitive consequences: increased level of stress (57% of respondents say they are stressed) and generation of cortisol by the brain. If the stress is prolonged, this will result in lower vigilance – and therefore greater vulnerability to cyberattacks.”

He pursues : ” The results of the OpinionWay study for Mailinblack converge with the conclusions of my study on the cognitive approach to social engineering cyberattacks. The “attentional tunnel effect” is one of the effects of acute stress or? attention is hyper-focused on elements related to the cause of stress, and therefore less sensitive to other information. In the case of a phishing message, this tunneling can lead to hyper-focus on the text of the email (for example: “your subscription expires today, renew it now”) and therefore to ignoring a suspicious address or peripheral alerts (logo, spelling, syntax, URL, etc.)”.

“Stress, cognitive load and reduced alertness, three markers identified in the study, are major vectors of neurocognitive vulnerability to the risk of cyberattacks”he concludes.

The results of the OpinionWay study for Mailinblack, “Office workers face the reality of their cyber skills”join the feedback from the educational tests that Mailinblack gives employees via its cyberattack simulation solution Cyber ​​Coach (formerly Phishing Coach).

Analyzing the results of these tests makes it possible to better understand their behavior (context of the attack, psychological traits of the targeted users), and to reduce their exposure to cyber risks, in particular by phishing or ransomware.

“These data, combined with neuroscience, make it possible to improve training content and personalize it according to cognitive factors specific to each individual to optimize their learning”, concludes Thomas Kerjean.

Methodology :

This study was carried out by OpinionWay with a sample of 1010 people representative of the French population of office workers in companies with 1 employee or more. This sample was drawn up using the quota method, taking into account the criteria of sex, age, company size, sector of activity, socio-professional category and region of residence. The interviews were conducted online on the CAWI (Computer Assisted Web Interview) system from March 16 to 21, 2022. For a sample of 1,000 people, the margin of uncertainty is 1.5 to 3 points at most.

About Mailinblack:

Founded in 2003, Mailinblack is the French nugget that makes cybersecurity accessible to all organizations. Its teams, made up of 70 employees based in Marseille, design, develop and host its cybersecurity solutions in France. Among them, the Protect solution (email protection against malware, phishing, ransomware, spam, scam, etc.) or the Cyber ​​Coach awareness and training tool. Winner of the Grand Défi Cyber ​​and with more than 18 years of expertise in security, R&D and artificial intelligence, Mailinblack now has 1 million users and 14,000 customers in the public and private sector. In 2022, it is the only company in the cybersecurity sector to obtain the Best Workplaces label from Great Place To Work®.

About OpinionWay:

Created in March 2000, a pioneer in the digitalization of studies, OpinionWay innovates in Marketing and Opinion studies and develops agility in the modes of approach (Online Panels, Digital Communities, Data Hybridization and Social Media Intelligence).

Born in France and able to operate on five continents, OpinionWay has offices in the Maghreb (Algeria, Morocco, Tunisia), Eastern Europe (Poland) and Sub-Saharan Africa (Ivory Coast). The Group is involved in understanding audiences, markets and brands; in the search for products and services, for customers developing in France and internationally with BtoB and BtoC targets. OpinionWay is an active member of Esomar, certified since 2009 ISO 20252 by AFNOR and member of CroissancePlus.

We would like to say thanks to the author of this article for this incredible material

Cyber ​​skills of employees, a perception of risks very different from reality » The economic and political newsletter of PACA

Take a look at our social media profiles along with other pages related to them