Human Error in Cyber Security
While many of the recent high-profile attacks targeted information like emails, bank account credentials, and government employee data, some have shown how hackers can execute attacks of even greater consequence. Despite billions spent worldwide to build new technologies to prevent these attacks, cyber crime are on the increase.
Most investments in cyber security go towards building more sophisticated technology and bigger firewalls. However, in doing so, security experts neglect the fact that humans are at the center of these systems. While you might believe that rogue hackers pose the greatest threat to your cyber security apparatus, experts estimate that most of the challenges attributed to cyber attacks emanate from human error. Developers who unintentionally build errors into software and users who procrastinate installing security updates contribute more to cyber attacks than hackers.
Cyber security analysts believe the context of the attack doesn’t matter and that awareness does not guarantee action. All humans have predictable biases, and security experts should focus less on how people should act, but how they actually act. Human behavioral factors present a rich vein of opportunity for making cyber systems safer, more robust, and more resilient.
Classical economists believe that investment decisions executive make come from carefully weighing the cost benefits and risks using all information available to them. Behavioral economists recognize that's not likely the case . Uncertain about the costs and benefits, executives simplify the question or take mental shortcuts. Instead of ensuring security, they change the question to: are we compliant? In determining whether their business needs additional cyber security investments, they may ask: did we have a breach this year?
Organizations should build tools that help executives see such security not as an investment but as a fundamental aspect of an operation. The business may need to re-frame finding failures in cyber security systems as critical successes and elevate cyber risk as a key risk area for organizations. By turning the lens on various human challenges, businesses can identify new opportunities and interventions to improve cyber security.
Want to know more about cyber security? Contact us today.