The company is working on software that will identify users most vulnerable to attacks and scams and send customized warning messages to them.
Fujitsu engineers are working on technology that they say could reduce problems caused by the number-one vulnerability in cyber-attacks: the employee in front of the keyboard.
Despite all the products on the market today—such as from anti-virus software to firewalls to VPNs—humans continue to be the key weakness in the security field. They click on malicious links in their email or go to the wrong Web sites, potentially opening the floodgates to a cyber-attack.
“In recent years, cyber attacks have been growing increasingly sophisticated, with attacks designed to exploit the psychological vulnerabilities of targeted users to defraud them or infect their PCs with viruses, such as by setting traps in email messages or websites designed to appear to be from trusted sources in line with the targeted user’s interests or job duties,” Fujitsu officials said in a statement. “These kinds of attacks are often difficult to distinguish from ordinary network access, and are difficult to detect using conventional email filters and firewalls. Moreover, the accidental actions that are the main cause of information leaks will not simply go away.”
Because of this, it’s becoming increasingly important to figure out which users are most vulnerable to these types of attacks and develop security measures that can be customized to individuals based on their level of risk. Fujitsu officials believe they are on the way to developing such a product. The Japanese tech giant outlined details of the technology Jan. 20 at the Symposium on Cryptography and Information Security show in Japan.

Fujitsu and Fujitsu Laboratories are using the results of a questionnaire and activity logs of PCs to analyze the psychological traits of employees who are prone to clicking on the malicious link or the dangerous Web site, opening themselves up to viruses, scams or data breaches. The vendor sent questionnaires to 2,000 of employees in Japan, half of whom had experienced a cyber-attack.

“The results of the analysis showed, for example, that people who prioritized benefits over risks (benefit-oriented people) were more vulnerable to virus attacks, and that people who were highly confident in their own ability to use a computer were at higher risk for data leakage,” officials said in the statement.
The company has created software that officials said calculates the risk a user runs of launching a cyber-attack based on their behavior by making connections between their behavioral characteristics at the computer and the psychological traits that make them vulnerable to attacks. In developing the software, Fujitsu created a tool to log a user’s computer activity—such as email traffic, Web browsing and their keyboard and mouse activities—and another tool to create false errors, such as the computer freezing up.
“Approximately 250 employees of Fujitsu filled out questionnaires, and this information was used to analyze and quantify the relationship between the psychological traits and behavior of a user vulnerable to attacks,” officials said. “For example, it was found that users who are highly confident in their ability to use a computer would often perform keyboard actions when the false freezes occurred, whereas benefit-oriented users would spend little time reading privacy policies.”

Fujitsu engineers said their software could be used to customize security measures for individual users. For example, for users who are found to click on malicious links in phishing emails could see a warning message pop up before the click on the URL. Another example would be an increase in the threat level of “suspicious email messages sent between departments with people who are especially vulnerable to being scammed,” they said.
Officials with Fujitsu and Fujitsu Labs said they hope to get the technology on the market in 2016.

Leave a Reply