Fujitsu Turns to Psychology to Battle Cyber-Attacks
The company is working on software that will identify users most vulnerable to attacks and scams and send customized warning messages to them.Fujitsu engineers are working on technology that they say could reduce problems caused by the No. 1 vulnerability in cyber-attacks: the employee in front of the keyboard. Despite all the products on the market today—from antivirus software to firewalls to virtual private networks (VPNs)—humans continue to be the key weakness in the security field. They click on malicious links in their email or go to the wrong Websites, potentially opening the floodgates to a cyber-attack. "In recent years, cyber attacks have been growing increasingly sophisticated, with attacks designed to exploit the psychological vulnerabilities of targeted users to defraud them or infect their PCs with viruses, such as by setting traps in email messages or websites designed to appear to be from trusted sources in line with the targeted user's interests or job duties," Fujitsu officials said in a statement. "These kinds of attacks are often difficult to distinguish from ordinary network access, and are difficult to detect using conventional email filters and firewalls. Moreover, the accidental actions that are the main cause of information leaks will not simply go away." Because of this, it's becoming increasingly important to figure out which users are most vulnerable to these types of attacks and develop security measures that can be customized to individuals based on their level of risk. Fujitsu officials believe they are on the way to developing such a product. The Japanese tech giant outlined details of the technology Jan. 20 at the Symposium on Cryptography and Information Security show in Japan.
Fujitsu and Fujitsu Laboratories are using the results of a questionnaire and activity logs of PCs to analyze the psychological traits of employees who are prone to clicking on the malicious link or the dangerous Website, opening themselves up to viruses, scams and data breaches. The vendor sent questionnaires to 2,000 employees in Japan, half of whom had experienced a cyber-attack.