Yilmaz, Yagiz, Cetin, Orcun, Grigore, Claudia, Arief, Budi, Hernandez-Castro, Julio (2023) Personality Types and Ransomware Victimisation. Digital Threats: Research and Practice, 4 (4). pp. 1-25. ISSN 2692-1626. E-ISSN 2576-5337. (doi:10.1145/3568994) (KAR id:102123)
PDF
Publisher pdf
Language: English
This work is licensed under a Creative Commons Attribution 4.0 International License.
|
|
Download this file (PDF/4MB) |
Preview |
Request a format suitable for use with assistive technology e.g. a screenreader | |
PDF
Author's Accepted Manuscript
Language: English |
|
Download this file (PDF/4MB) |
Preview |
Request a format suitable for use with assistive technology e.g. a screenreader | |
Official URL: https://doi.org/10.1145/3568994 |
Abstract
Ransomware remains one of the most prevalent cyberthreats to individuals and businesses alike. Psychological techniques are often employed by attackers when infecting victims’ devices with ransomware, in an attempt to increase the likelihood of the victims paying the ransom demand. At the same time, cybersecurity researchers are continually putting in effort to find new ways to prevent ransomware infections and victimisation from happening. Since employees and contractors are often considered to be the most frequent and well-known attack vectors, it makes sense to focus on them. Identifying factors to predict the most vulnerable population to cyberattacks can be useful in preventing or mitigating the impact of ransomware attacks. Additionally, understanding victims’ psychological traits can help us devise better solutions to recover from the attack more effectively, while at the same time, encouraging victims not to pay the ransom demand to cybercriminals. In this paper, we investigated the relationship between personality types and ransomware victimisation, in order to understand whether people with certain personality types would be more prone to becoming a ransomware victim or not. We also studied the behavioural and psychological effects of becoming a ransomware victim, in an attempt to see whether such an experience can be used to reinforce positive cybersecurity behaviours in the future. We carried out a survey involving 880 participants, recruited through the Prolific online survey platform. First, these participants were asked to answer a set of standard questions to determine their personality type, using the Big-Five personality trait indicators. They were then asked to answer several follow-up questions regarding victimisation, as well as their feelings and views post-victimisation. We found that 9.55% (n=84) of the participants had been a victim of ransomware. Out of these, 2.38% (n=2) were found to have paid the ransom. We found no compelling evidence to suggest that personality traits would influence ransomware victimisation. In other words, there are no discernible differences regarding potential ransomware victimisation based on people’s personality types alone. Therefore, we should not blame victims for falling prey – in particular, we should not apportion the blame to their personality type. These findings can be used to improve positive cybersecurity behaviours, for example, by encouraging victims to invest more in cybersecurity products and tools. Additionally, our results showed that the aftermath of a ransomware attack could be quite devastating and hard to deal with for many victims. Finally, our research shows that properly dealing with ransomware is a complex socio-technical challenge that requires both technical and psychological support.
Item Type: | Article |
---|---|
DOI/Identification number: | 10.1145/3568994 |
Projects: | EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS) |
Additional information: | For the purpose of open access, the author has applied a CC BY public copyright licence to any Author Accepted Manuscript version arising from this submission. |
Uncontrolled keywords: | ransomware, personality types, big-five, victimisation, socio-technical security, user study, cybercrime, cybersecurity behaviours |
Subjects: | Q Science > QA Mathematics (inc Computing science) |
Divisions: |
Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing University-wide institutes > Institute of Cyber Security for Society |
Funders: | Engineering and Physical Sciences Research Council (https://ror.org/0439y7842) |
Depositing User: | Budi Arief |
Date Deposited: | 18 Jul 2023 15:18 UTC |
Last Modified: | 05 Nov 2024 13:08 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/102123 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):