Human Error - A Significant Cybersecurity Risk
Chuck's Cyber Wall
When discussing Cybersecurity Risk, none is more consistently challenging to mitigate than Human Error. Yes, we are literally our own worst enemy when it comes to cybersecurity. Accepting that Human Error puts each of us at risk is a harsh reality that we cannot afford to continue ignoring.
So, what do we mean by Human Error?
Three primary types of Human Error relate directly to cybersecurity.
Slips and Lapses – these occur when experienced people make mistakes doing routine work. Although it might seem innocuous or even innocent, this is a huge issue. Most slips and lapses occur due to fatigue, speed working, and poor training. All of these are addressable errors that can improve several aspects of work.
Violations – best defined as a deliberate attempt to work around existing cybersecurity, this counts as human error only in as much that it isn’t always malicious. Sharing credentials because it’s convenient, failing to use strong passwords or MFA, using professional influence or complaining until an exception is made are all examples of violations that occur in the workforce every day.
CYBER THREATS ARE MANIFOLD
We live in a world where foreign governments threaten retributory cyberattacks on the United States. As if 2022 weren’t difficult enough with increases in phishing attacks, ransomware, software vulnerabilities, and social engineering attacks. When you throw Human Error in that mix, protecting our information and digital selves becomes a near-impossible task.
Considering that a 2020 report from Stanford University and the security firm Tessian found that 9 out of 10 successful security breaches resulted from Human Error, it is a significant risk. Further, corresponding research shows that in 95% of all breaches, human error proved to be a significant contributing cause. Meaning that all that cutting-edge technology used to detect threats is only as effective at the people who install and use it.
MITIGATING HUMAN ERROR
As with many things, mitigating Human Error begins with acceptance. We are all targets of cyber attack. The days of not being important enough to hack are long gone. Automated bots search the internet for vulnerabilities, and when they find a vulnerability, the attack begins. It doesn’t matter to the cybercriminal who you are, how much money you make, or what you do for a living – all they seek is the vulnerability.
Usernames. Passwords. Contact lists. Personal information. After collecting every bit of information about a vulnerable target, they begin looking for ways to exploit it. That could be selling the information to another hacker, using credentials to infiltrate work or home, using stolen passwords in other accounts, and many others.
Acceptance brings with it awareness – and a choice. This choice takes us back to our three primary types of Human Error.
- When we are aware that threats are present, we are much less likely to fall to slips and lapses
- Awareness carries a greater understanding of the threat, making us less likely to look for workarounds to cybersecurity practices
- People who are aware that they are vulnerable to attack and still choose to disregard cybersecurity are a threat to themselves, family, and friends
Yes, there are still those who will refuse to accept it, but the more who embrace it and choose to practice good cybersecurity, the better it is for us all. And if you are in business, when employees find out that cybersecurity is important to owners, executives, and managers, it is more likely to be important to them.
We live in a time when it only takes one wrong click to destroy a business, empty a bank account, or put a friend or family member in a cybercriminal’s crosshairs. Mitigating Human Error is a choice we all have to make.
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com