Human error in cyber security
Nov 15, 2019
In a world where Alexa can preheat your oven, and Elon Musk hints at merging AI with the human mind, a new age of science fiction slowly dawns upon us. However, as much as we've integrated life with technology, a not so loveable relic of our humanity persists – carelessness.
Carelessness, or human error, is the leading cause of cyber security breaches. 2019 has been a record year for data breaches, with over 4.1 billion records exposed in the first six months alone. On closer inspection, US university studies show 95% of all cyber incidents are actually down to human error, proving us to be the weakest link in the chain.
What counts as human error?
Human error means actions that were unintended or accidental. Even a simple mistake, such as sending information to the wrong person at work, counts as a major security violation. So, you can see just how easy it is to fall victim to human error in cyber security.
The fault isn’t all ours
The role of technology in most businesses is to help them pursue their objectives. In the race to gain a competitive advantage, technology is becoming extremely sophisticated. Although this means great things for innovation, the user-friendliness of a product can sometimes take a back seat. Consequently, new specialists have to be hired, as technology can become too complex to master, making humans, especially employees, more susceptible to mistakes.
This is when cybercriminals make their move.
In an age where data is gold, cybercriminals heavily rely on human error to carry out their attacks. That’s why it’s crucial to keep all of your apps updated to fix bugs and other dangers. For instance, in May 2019, Whatsapp urged users to immediately update the app due to a bug that affected all but the latest version of Whatsapp. The spyware was so advanced that it was able to give hackers full access to a phone remotely, exposing things like messages, photos and card details. These instances show how crucial a part we play in our own security. Granted, we cannot predict the security failures of the tools we trust – but we can always stay one step ahead by insisting on always using the latest versions of software.
The tools in a hacker's kit include spear phishing, social engineering, deploying malware, exploiting poor policies, and hoping for tech-induced vulnerabilities. In fact, social engineering features in an overwhelming majority of cyberattacks. Why? Because social engineers take advantage of the one weakness found in every organisation: human psychology.
Data disasters with a human touch (where we trip up)
1. Falling for phishing
A phishing attack falls under the social engineering umbrella and is a perfectly elegant weapon in a hacker's arsenal. Usually, you get an email that includes malicious links or attachments designed to lure you into clicking on them. If you do, that click releases a swarm of malware onto your device, enabling hackers to access all your sensitive data.
2. Unlocked devices
Other culprits for human error are your devices. There are countless ways you can slip up, such as leaving them unlocked in public spaces, choosing weak passwords, or using unsecured Wi-Fi. Smartphones and laptops are also an essential part of most workplaces, making them huge reservoirs of sensitive company information. Knowing this, hackers have devised elaborate ways to access your data with phishing scams and malicious sites.
3. Weak passwords
More than 20 million credentials were stolen in the first half of 2019 alone. Getting hold of usernames and passwords are one of the easiest ways for criminals to drain bank accounts, and fake identities. Weak passwords are therefore the surest way to end up in the merciless hands of cyber-criminals.
3 ways human error can destroy your data security
Human error #1 occurs when you use the same password across multiple sites. We understand the dread of forgetting your passwords, but you're essentially giving criminals one point of access to all your data.
Human error #2 occurs when a company holding your data allows employees to freely access password databases or any other sensitive database for that matter. In an instance like this, mistakes are bound to happen. Your job is to respond to any messages notifying you to ‘help protect your account’ or ‘change password’. Sometimes Gmail will notify you if your account has been logged into from an unknown device. This way, you can keep track of your security and respond in the first instance.
Human error #3 occurs when vulnerabilities within IT systems are ignored by the people in charge of fixing them. A perfect example would be the colossal data breach suffered by Equifax in 2017. According to their former CEO Richard Smith, a mass internal email was sent detailing a flaw that affected specific versions of Apache Struts. When the IT team failed to fix the problem, 145 million people in the US and 10 million UK citizens had their personal information exposed online.
These situations show us how much impact a simple action can have in protecting your security. Technology still relies on our decisions, and if we fail to act at the right time, the damage can be catastrophic.
What you can do
Think of human error as the bottom piece in a Jenga game of cyber security – however stable the infrastructure, one small act of carelessness can crumble the entire system.
Thankfully, new legislation within data security means a lot of these concerns can be eliminated or helped at least. The EU’s GDPR act of 2018 states that a data breach must be reported no later than 72 hours after its detection, allowing more time to salvage a bad situation. In addition to this, the CCPA (California Consumer Privacy Act) launches in 2020, requiring all employees to be specially trained in consumer privacy.
Working with a trusted file encryption tool can also help to eliminate a lot of these concerns. NordLocker, for example, stores all of your sensitive files under AES 256-bit encryption. Security like this puts you in the driver's seat, encrypting your files on your own device before they even reach the cloud. Giving you total peace of mind.
In the future, technology will need to put the human factor at the forefront of its design. With the advice of behavioral analysts and cognitive scientists, we can build products that help us without hindering our privacy. Who knows? With a smoother human/technology blend, we may be able to eliminate the problem of human error altogether.
John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.