Page 222 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 222

Human error encompasses a broad range of missteps, from using weak passwords that don’t match up
            with company password policies, to clicking on a link in a suspicious email that kickstarts the download
            of a malicious payload.

            Some errors are defined as skill-centered mistakes - momentary lapses in concentration by employees
            who are aware of the correct course of action to take, but haven’t taken it - such as an IT technician
            incorrectly configuring a firewall.

            Decision-based errors, on the other hand, happen when a person doesn’t have sufficient knowledge,
            resources, or training to recognize a threat, such as a suspicious attachment.

            While it’s a massive threat to the security of many companies, decision-based human error is something
            every business has the power to reduce.



            Human Error Continues to Reign Supreme in Latest Breach Numbers

            Tech.co surveyed over 1,000 business leaders as part of our Impact of Technology on the Work Report.
            Of the businesses that told us they’d suffered a data breach during 2023, 23% reported that a phishing
            email was responsible for the breach.

            Human error also plays a significant facilitatory role in the downloading of “computer viruses”, such as
            malware and ransomware, which 22% of respondents revealed was the source of the security incident
            at their company.

            These human error-dominated attacks were selected much more often than things like Denial-of-Service
            attacks (6%), which don’t tend to rely directly on human error.

            Concerningly,  a  further  12%  put  their  breach  down  to  even  more  direct,  decision-based  mistakes
            (“employee error”) such as sending an email to the wrong person - a mistake which can vary wildly in its
            eventual consequences depending on who the data is sent to.



            Mitigating Human Error in a Human Way


            In many cases, greatly reducing the risk of human error will require a fundamentally human approach
            that  feeds  into  every  aspect  of  your  cybersecurity  policy  -  whether  it  comes  to  training,  policies,
            procedures, or reporting processes.

            For example, a lot of companies now run phishing tests to understand how vigilant their workforce is
            when it comes to spotting suspicious emails.

            While these tests help businesses deploy training resources wisely and provide additional support for
            those who need it, if they’re run without care, they can lead employees to feel shame, distrust, and
            betrayal.








                                                                                                            222
   217   218   219   220   221   222   223   224   225   226   227