Fujitsu psychology tool profiles users at risk of cyberattacks
The manufacturer's Fujitsu Laboratories is developing an enterprise tool that can identify and advise people who are more vulnerable to cyberattacks, based on how they use email and Web browsers as well as their keyboard and mouse actions.
The software is designed on a belief that most cyberattacks exploit mistakes made by users such as clicking malicious links or inadvertently emailing the wrong person. Fujitsu describes the technology as the first that is based on behavioral and psychological characteristics.
Rather than being like an antivirus program, the software is more like "an action log analysis than looks into the potential risks of a user," a spokesman for the lab said via email. "It judges risk based on human behavior and then assigns a security countermeasure for a given user."
As part of its research, Fujitsu consulted social psychology experts and surveyed about 2,000 Japanese, half of whom had experienced attacks, to determine what traits make some users more vulnerable to viruses, scams and data leaks.
It found that those who are more comfortable taking risks are also more susceptible to virus infections, while those who are confident of their computer knowledge were at greater risk for data leaks.
The tool can display warnings such as "You are vulnerable to being scammed. Be careful," after a risk analysis. It can also produce bar graphs showing a user's vulnerability to viruses, scams and data breaches compared to the risk profiles of other departments in his or her company. Furthermore, it can analyze a user's attention level when reading privacy policies by tracking the distance his or her mouse moves.
Fujitsu says the information gathered is stripped of identifying information before analysis, and that data would only be collected with the consent of users.
"Most organizations have a single set of security countermeasures in place, but depending on the people and department, these can either be too strict or too lenient," the spokesman said. "Cyberattacks are becoming more and more intricate in how they adjust to their targets, so there are limits to what one kind of security countermeasure can do."
Fujitsu is still developing the tool and is now focusing on how the software will assign security countermeasures based on individual user behavior. It hopes to commercialize the system in 2016.
Tim Hornyak covers Japan and emerging technologies for The IDG News Service. Follow Tim on Twitter at @robotopia.