Human Error is the Major Threat to Cybersecurity

Humans by nature are bound to make mistakes – that’s how we grow and learn. This is not any different for cyber security, but unfortunately, errors can have a critical impact in this domain.

We regularly hear about cyber security incidents in the news, but most of the time the cause is not external attacks but just a plain and simple human error. According to the UK’s Information Commissioner’s Office (ICO), Human errors caused 90% of cyber data breaches in 2019. Gartner estimates that up to 95% of cloud breaches arise due to Human Errors like configuration mistakes.

Companies are investing in the latest software/technologies to protect themselves from cyber-attacks/Hackers but overlooking the areas of data management processes & the need to create security awareness among employees. Sub-optimal Security practices, insufficient controls & implementing new technology without due diligence can result in data breaches. At the simplest level, it can happen by sending the information to the wrong recipient through email. Another issue could be wrongly configured servers or firewalls. Storing information in unencrypted format on the cloud is another problem.. as is paper-based storage which can easily be misplaced or accessed unauthorizedly. Unfortunately, hackers take advantage of human errors & human error has a history of causing many breaches.

“The impact can be not just monetary loss but reputation loss as well”.

Such errors can impact any organization, be it small, medium, or big with even the strongest security strategies. Implementation of good security practices is thus all the more important. Due to these and other reasons, the European Union introduced GDPR in May 2018, which has mandated strict reporting of any breach within 72 hours after detection.

The main method to combat the issue of human errors is training. One-time training will not do either. There has to be a regular calendar of training and assessments, run for the employees, to ensure that errors are minimized. A testing or review mechanism is also called for to identify errors that might have crept in. This is of particular importance in the security domain For example, a configuration review check can throw up errors in configuration. A VA/PT Test can identify errors in code. Better still – a source code review – can identify programming errors before the code gets into production. A phishing awareness testing campaign can identify employees who make mistakes by clicking on phishing emails and expose the organization to risk. There are many more such examples, however, it must be understood that training, awareness, and testing can minimize but not eliminate human errors.

For organizations who don’t want to incur extra costs in having to set up an inhouse SOC and don’t want to build in-house expertise, Managed IT services allow continuous & effective protection round the clock. Managed IT services companies have multiple levels of checks and balances to protect against human errors, so in general they are much safer. Besides the regular training and testing instituted, they do have backup and disaster recovery mechanisms, that can help systems quickly return to service, in case there is any downtime due to human error, or any other kind of error too. This extra level of backup and protection against human error is what gives you peace of mind.

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

90% of UK Data Breaches Due to Human Error in 2019. The exposure of business-sensitive information to unauthorised entities is due to human error.