Tuesday 2 June 2015

The Human Error Risk in Cyber Security

Is The Future Cyborg?  Waking Up to the Human Error Risk in Cyber Security

By Stuart Peck, Pre-Sales Manager, ZeroDayLab



Human achievement is incredible, just look at digital technology and the internet, but people can also make mistakes.  When APTs are increasing and targeting weaknesses in staff and suppliers to overcome improved technical defences; can organisations control the risk of human fallibility or is the only answer to employ cyborgs?

Since 2012 there has been a 51% increase in security budgets, yet incidents are up 25% and financial costs of a breach are up 18% (The Global State of Information Security Survey 2014, PWC).  The importance of implementing improved security technologies is irrefutable and this is exactly why exploiting human weakness has become the lucrative path for cyber criminals from poor configuration and password management to social engineering and spear phishing.

IBM’s 2014 Cyber Security Intelligence Index cites human error as a contributing factor in 95% of incidents.  What we regularly see in businesses is an improved top-level approach employing technology, technical controls and automation but the technology is in reality just the safety net.  What is lacking is an understanding throughout organisations of the individual’s contribution to security both on and offline.  To achieve this, a top-down cyber strategy is required involving a combined focus on people, process and technology.

People as the First Line of Defence

When human error can happen even within IT teams who know best (we regularly come across admin accounts with passwords set as ‘admin’) how do you motivate your privileged insiders, staff and third party suppliers to be the first line of defence?

Current office culture creates a belief that it is IT’s role to protect the organisation, not staff members or third party suppliers.  Simple things such easy-to-guess passwords, carrying data on USBs, leaving desktops unlocked, or opening attachments may not be something people may be aware of.

Organisations winning the fight with human error have shifted their focus to processes and training in four areas:

1) People 
Regular education programmes are key; highlighting the individual’s role in security, the latest threats and how they target people (both on and offline), policies, procedures and just as importantly the consequences of human error; namely fines, reputation/brand damage and loss of business.  Tailor it to departments and roles and aim to refresh training at a minimum of every 6 month

2)  Processes 
Tighten processes and procedural controls from application implementation and administrator controls, to privileged access, data handling and also physical office security.

3) Test & Review 
Some organisations test their internal controls by sending phishing attacks to their own staff.  That way, they can identify who would benefit from further security awareness training.  Similarly physical security processes should be audited on a regular basis.

4)  Technology testing 
Applications and websites develop and change and weaknesses can appear in code and privileges.  Ensure you have a regular and frequent penetration testing plan to ensure all controls are properly in place and are keeping pace with changes in the external threat environment.

Do we need cyborgs?  While they might be the ultimate hybrid of the human and technology, we can mitigate the risk of human error with the right strategy.  To err is human; people, process and technology is the divine.

We ask this question to you; How do you motivate your users (and other binding parties) to be the first line of defence/IT Security conscious? 






29 comments:

  1. Great article with excellent content found very useful thank you waiting for next blog update.
    Data Analytics Course Online

    ReplyDelete
  2. I bookmarked your website because this site contains valuable information. I am very satisfied with the quality and the presentation of the articles. Thank you so much for saving great things. I am very grateful for this site.
    Data Analytics Courses in Bangalore

    ReplyDelete
  3. I am delighted to discover this page. I must thank you for the time you devoted to this particularly fantastic reading !! I really liked each part very much and also bookmarked you to see new information on your site.
    Data Science In Bangalore

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. managed a range of event formats including conferences summits trade shows field events and more. event marketing and free event registration site

    ReplyDelete
  6. Wonderful blog post. It's absolute magic on your part! I have never seen a more wonderful article than this. You really made my day today with this. Hope you continue like this!

    Best Data Science Courses in Bangalore

    ReplyDelete
  7. Really impressed! Everything is a very open and very clear clarification of the issues. It contains true facts. Your website is very valuable. Thanks for sharing.

    Business Analytics Course

    ReplyDelete
  8. I am sure it will help many people. Keep up the good work. It's very compelling and I enjoyed browsing the entire blog.
    Best Data Science Courses in Bangalore

    ReplyDelete
  9. Wonderful illustrated information. Thank you. It will certainly be very useful for my future projects. I would love to see more articles on the same topic!
    Data Analytics Course in Bangalore

    ReplyDelete
  10. This post is very simple to read and appreciate without leaving any details out. Great work!
    best data science institute in hyderabad

    ReplyDelete

  11. I feel very grateful that I read this. It is very helpful and very informative and I really learned a lot from it.
    Data Science Course in Chennai

    ReplyDelete
  12. This post is very simple to read and appreciate without leaving any details out. Great work!
    business analytics course

    ReplyDelete
  13. Incredibly conventional blog and articles. I am realy very happy to visit your blog. Directly I am found which I truly need. Thankful to you and keeping it together for your new post…

    AWS Training in Hyderabad

    ReplyDelete
  14. I have voiced some of the posts on your website now, and I really like your blogging style. I added it to my list of favorite blogging sites and will be back soon ...

    Digital Marketing Training in Bangalore


    ReplyDelete
  15. You have completed certain reliable points there. I did some research on the subject and found that almost everyone will agree with your blog.



    Data Analytics Course in Bangalore

    ReplyDelete
  16. Great article with excellent content found very useful thank you waiting for next blog update. whatsapp mod

    ReplyDelete
  17. Really, this article is truly one of the best in article history. I am a collector of old "items" and sometimes read new items if I find them interesting. And this one that I found quite fascinating and should be part of my collection. Very good work!

    Data Scientist Training in Bangalore

    ReplyDelete
  18. Very informative message! There is so much information here that can help any business start a successful social media campaign!

    Data Scientist Course Syllabus

    ReplyDelete
  19. You can take admission to one of the top institutes that offer degrees in data science. In this way, you will learn all the requirements of the field under one roof.
    data science training in lucknow

    ReplyDelete
  20. I truly adored visiting your post and this content was very unique. Thanks a lot for sharing this...
    Child Support Virginia
    Best Female Family Law Attorney

    ReplyDelete
  21. Abogado Tráfico Smyth Virginia se traduce al español como "Abogado de Tráfico en Smyth Virginia".

    "Abogado de Tráfico" se refiere a un abogado que se especializa en asuntos relacionados con el tráfico, como multas, infracciones, accidentes de tráfico, entre otros. Abogado Tráfico Rockbridge VA

    ReplyDelete
  22. The human error risk in cybersecurity remains a significant and challenging aspect of maintaining digital security. Despite technological advancements, individuals within organizations can inadvertently contribute to vulnerabilities through actions such as clicking on phishing links, using weak passwords, or mishandling sensitive information. The human factor introduces a layer of unpredictability, making it crucial for cybersecurity strategies to not only focus on technical solutions but also on educating and raising awareness among users.estate planning lawyer near me
    motorcycle accident

    ReplyDelete
  23. This comment has been removed by the author.

    ReplyDelete

  24. "The Human Error Risk in Cyber Security sheds light on the critical role human factors play in the cybersecurity landscape. This insightful review delves into the challenges posed by human errors, emphasizing their potential impact on digital security. By examining real-world examples and case studies, the review offers a pragmatic understanding of the vulnerabilities introduced by human actions. The nuanced exploration of human error in cybersecurity positions this work as a valuable resource for businesses and individuals seeking to fortify their defenses. Acknowledging and addressing the human element is crucial in developing robust cybersecurity strategies. divorce lawyers richmond va

    ReplyDelete
  25. Amazing, Your blogs are really good and informative. I got a lots of useful information in your blogs. Some organisations test their internal controls by sending phishing attacks to their own staff. That way, they can identify who would benefit from further security awareness training. Similarly physical security processes should be audited on a regular basis sex crime lawyer. It is very great and useful to all. Keeps sharing more useful blogs...

    ReplyDelete
  26. i am impressed with your great article with excellent ideas.
    arbitration for contract disputes

    ReplyDelete