RESEARCH: Repeat Clickers – The Unintentional Insider Threat

Within most organizations there are a subset of users who continuously fall prey to phishing emails. My research in this area focuses on identifying the factors underlying these susceptible populations. In this effort, I am examining how personality traits, propensity to trust, locus of control, gullibility, expertise, previous victimization, cognitive processing, and other individual differences play a role in repeated susceptibility to phishing victimization.

Simulated Phishing Email Click Rates

Fortunately, the Repeat Clicker has a Doppelgänger, the Protective Steward. Protective Stewards are those users who rarely fall prey to phishing attempts but report a disproportionate number of phishing emails to their security departments. These users make part of the “human shield” of an organization. I am currently examining the individual traits associated with these users and working to better understand how to cultivate and diffuse this behavior more broadly across the enterprise environment.

Simulated Email Reporting Rates

You can read more about Repeat Clickers and their opposite, Protective Stewards, here.