As the world faces an unprecedented pandemic, cybercriminals are finding ways to exploit the situation, taking advantage of growing cyber vulnerability.

We’re already seeing a concerning rise in cyberattacks, with a 400% increase in March alone. With the risks spiralling day by day, in order to address the situation head on, we need to look deeper into it. This is where psychology and the theory of human behaviour comes in.

The psychology of human behaviour can tell us a lot about how and why cybercrime occurs. The truth is, despite the fancy hardware and software solutions available, most cybersecurity breaches occur due to human error or phishing attacks. Unless businesses have relatively sophisticated automated solutions, their employees often represent their greatest internal threat.

The coronavirus pandemic has transformed every part of human behaviour and the cyber sphere is no different. So, what are the human factors that affect cybersecurity and how are these unfolding over this time?

The neuroscience of a crisis

As humans, we are prewired for crisis. This has been proven over a number of recognised psychological models. There’s Paul MacLean’s notion of humans having a ‘reptilian brain’, that is, a structure that controls our heart rate, breathing, body temperature, and balance, and ultimately ensures our survival as a species. We can draw similar from the fight-flight reaction of the sympathetic nervous system, which is buried deep in the interior of the human brain and protects us in times of danger. This is ‘System 1’ thinking, as opposed to ‘System 2’, where people take their time and consider options before taking action.

These models show us that when there is a perception of crisis, the need to act is immediate. From an evolutionary point of view, in times of danger, those who acted first were often safer than those who took their time. The coronavirus pandemic is a crisis. You’ve no doubt noticed people are saying they’re more tired, even though we’re rarely leaving the house. This is because crisis mode requires more energy. During a crisis, the thoughtful, reflective parts of our brain shut down.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In other circumstances, people might hover over a suspicious link, processing whether it seems risky or not. But that requires fully functional frontal lobes, or executive functioning, which need time and undivided attention to work properly. In crisis mode, frontal lobe functioning is significantly diminished, or may go offline altogether, in favour of a quick – albeit less considered – action or reaction.

The problem we face is that cybercriminals are turning this science into opportunity. They know what emotional buttons to push to make people afraid (“just click the link”), try to help (“just click the link”), or even just register an opinion (“just click the link”). The consequences of clicking can be dire, this simple action easily lets criminals into their personal computer and, by sometimes by default, into their company’s IT system. The key is to equip people with knowledge, so they feel comfortable and are naturally more towards operating in ‘System 2’ thinking mode.

Psychology, cyber vulnerability and the pandemic: Motivating factors ripe for exploitation

After the fear, inherent in crises, comes a desire to help. This is one of the many ways in which cybercriminals exploit well-meaning people. Whether it’s a donation or a message of support, people are again motivated in ways that leave them open to online criminal behavior.

McClelland’s Social Motive Theory suggests there are three primary social motives; achievement, affiliation, and power. In times of individual crisis, the need for achievement – for example, successful social distancing – or power to control the situation come to the fore. But in a social crisis, many are hard-wired to help, triggering a need for affiliation. That desire may cause people to act impulsively without due consideration and cyber criminals can exploit this – “just click the link” to make a donation, show your support, and so on. Like the very best advertisers, these actors are clever about pushing emotional buttons.

Cybercriminals are also counting on the psychology of information fatigue, that is, where too much bad news or a desire to put positive energy back into the world leaves people more vulnerable. To avoid falling victim to this, people need to practice basic cyber hygiene. This means avoiding clicking on suspicious links without doing basic checks such as hovering over it and seeing if the URL or address correlates with who the email purports to be from.

Playing into personality

The science of personality is a complex beast, but my view boils down to the belief that personality is a story we tell ourselves and the world about who we are. This story comprises our identity and who we think we are, which together dictate how we behave in the world and process information.

Cybercriminals will use the ideal images people have of themselves to manipulate thoughts, emotions, and purse-strings. Those who see themselves as good may be tricked by scams that purport to raise money for the sick and needy. Those who feel a big part of their identity is being a good parent may fall susceptible to links that claim 10 ways to protect their family from infection. Cybercriminals are using sophisticated tactics to further this play, such as hacking social media profiles to understand what makes people tick and then using that information.

The coronavirus crisis has significant psychological implications for all parts of human life, and the first step in addressing these is understanding them. In the context of cybersecurity, businesses and individual employees need to be aware of how cognitive function and motivations are being preyed upon at this time, and take steps to remain rational, alert, and smart in the face of rising threats.

Read more: Coronavirus hackers face the wrath of the cybersecurity community

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up