Studies show 4% of users cause 80% of cybersecurity losses. It is critical to identify those users and figure out how to . A NIST funded study was performed that administered a series of psychological assessments and then sent subjects a series of phishing messages over several months. The data was then analyzed with traditional statistics and then machine learning algorithms which identified that phishing susceptibility was not based
on a single trait but multiple balances of different traits. This presentation will define those balance of traits to identify vulnerable users, and then define how to protect them.

Learning Objectives:

• Understand the nature of machine learning and statistical techniques and why they are valuable in further refining how to examine psychological studies to better define specific populations among users
• Describe the mix of personality traits that make some users more susceptible to phishing attacks than others
• Better protect those users that are more susceptible to phishing and other social engineering attacks with specific enhanced protections tailored to the vulnerable users