Out of Our Hands: Human Error and The Future of Cyber Defence.
As organisations, we are all knowledgeable enough to expect an element of human error. This will not just sit within the confinements of cybersecurity, as human error spans a plethora of areas in the day-to-day running of any organisation.
By definition, [human] error means that something has been done which was: not intended by the actor; not desired by a set of rules or an external observer; or that led the task or system outside its acceptable limits.
What matters most in the cyber world, is the errors that are made that then bring risk to the organisation. IT Departments across the UK and beyond hold great power to educate staff, but even those with the best intentions (and education) are still able to make regrettable mistakes.
So just how much of this is out of our hands? I am sure that if left untouched, that the very lack of cybersecurity education in organisations could and would have a detrimental impact. We must not forget the power that cyber criminals have once inside a network. We can’t always control the behaviour and actions of staff, that is a given. But, through ongoing training we can at least influence mindsets to help prevent any accidental wrongdoing.
Let’s not forget that employed staff still pose one of the biggest risks to organisational cyber defenses and, more commonly, the mistakes that are made are genuine. Heavy workloads, lack of security knowledge or a general distraction all play a part. It is this ‘human risk’ factor that is too often overlooked.
However, we do have the power to at least try and make an impact. Our staff can be educated on better cybersecurity behaviours, rules and generally guidance. Through ongoing education, we have the ability to turn this risk into our strongest line of defence. One that will also have a major impact on overall security posture.In an ideal world, employees will spot signs of phishing emails or other malicious content and organisations are then able to reduce their vulnerability against attacks from external sources.
User awareness training is an educational process that helps increase employees’ understanding of data security policies, procedures, and best practices. It enables users to recognise common threats and attacks with the goal to reduce human error. The main goal of user awareness training is to empower staff members with the knowledge needed to properly identify, handle, and protect any sensitive or private information they might encounter while using company computers or devices.
We can take back control by introducing techniques such as phishing simulation, which allows us to test the effectiveness of organisational cybersecurity training by sending simulated phishing emails to employees and measuring their response. This helps to identify any areas where additional training may be needed, and allows organisations to see the direct impact of their training efforts.
The best steps we can take are to get a deep understanding of the human risk element in your organisation, prioritise training on risk reduction and to train all staff the basic requirements of secure working. Education around phishing techniques will also be hugely beneficial as many staff members are not able to correctly identify an attempt at gaining entry into a network via a malicious link.
Inside a 2023 Gartner report on cybersecurity*, it predicted that by 2025 a lack of talent or human failure will be responsible for over half of all significant cyber events. The the answers seem increasingly obvious: better cybersecurity training is in our hands.
You can read more about reducing human risk inside our White Paper, ITB’s Guide to Reducing Human Risk.
https://it-b.co.uk/pdf/itb-guide-to-reducing-human-risk/
Alternatively, you can sign up for a Free Human Risk Report over on our User Awareness Training page.
User Awareness Training – ITB Cyber Solutions (it-b.co.uk)
References:
*https://www.gartner.com/en