Japanese tech firm Fujitsu is building a platform that uses psychological profiling to ramp up computer security in the workplace.
The company’s reseach arm Fujitsu Laboratories said it was developing an enterprise tool that will be able to identify workers who’re most vulnerable to cyberattacks, and give advice on how to sidestep them, based on their behavior while checking and sending emails, and browsing the web.
The tool is being developed on the back of a study of more than 2,000 employees. The study saw participants fill out a security questionnaire, while software monitored their keyboard and mouse movements. From this, the new tool is able to identify those are most at risk of clicking on malicious links or sending emails to the wrong person.
Fujitsu’s software is based on the belief that the majority of cyberattacks take place after emails containing confidential data are sent to the wrong person, or through so-called ‘phishing’ attacks that involve sending emails containing a link to a compromised website. As opposed to regular antivirus programs, Fujitsu’s new tool is described as being more like “an action log analysis than looks into the potential risks of a user,” the company told the IDG news service. The level of risk is judged on user’s past behavior, and countermeasures are assigned to specific users depending on what they’re most vulnerable to.
“The results of the analysis showed, for example, that people who prioritized benefits over risks (benefit-oriented people) were more vulnerable to virus attacks, and that people who were highly confident in their own ability to use a computer were at higher risk for data leakage,” the company said.
Somewhat surprisingly, those users who’re most confident in their ability to use computers were considered to be at the highest risk of falling victim to cyberattacks.
“This technology reveals the security risks that individuals and organizations create, raises users’ literacy on IT, and is the first step in devising proactive security measures tailored to the organisation,” Fujitsu said.
Besides identifying risks, the tool is also able to display warnings like “You are vulnerable to being scammed. Be careful,” to at-risk users. It’s also possible to view various graphs detailing a specific user’s level of vulnerability to malware, scams and data breaches, and these can be compared against the risk profiles of other users.
Fujitsu says its tool is still under development, and it’s currently focusing on how to assign security measures based on user’s behavior. The firm hopes to make the tool commercially available sometime in 2016.