The Role of Human Error in Successful Cyber Security Breaches

Human error is a common phenomenon that can lead to results ranging from small, nearly meaningless consequences to extremely unexpected and harmful outcomes. A reference to IBM’s Security Intelligence Index Report highlights that human error was the main factor leading to 95% of all data breaches. This means that if human error can be minimized even by a small amount, cyber-attacks can be successfully prevented much more often. This article states that these types of errors are unintentional and can either be skill-based or decision-based. Skill-based errors are described as “small mistakes” in which users have the correct and necessary knowledge to accomplish secure actions in their daily tasks but are unable to because of temporary inhibitions such as fatigue or distractions. On the other hand, decision-based errors occur as a result of lacking the knowledge necessary to prevent a mistake or not having enough knowledge about a certain circumstance.
Among errors, misdelivery, passwords, patching, and physical security are recognized as the most common. The article also references Verizon’s 2018 breach report, which states that misdelivery was one of the top causes for data breaches. Password problems occur often as a majority of users maintain the same password throughout many of their personal and professional accounts. Patching happens when software developers release security updates that users can install into their computers, but users delay the installation process and their information becomes compromised. The last error that is most common among cyber security breaches is that of physical security. Though it seems like physical security should be one of the simplest aspects of having a successful institution/business, physical errors are among the most overlooked, with physical documents not being protected as much as they should be or strangers tailgating employees through a secure barrier.
There are many factors and seemingly small opportunities that cause for human error to result in successful data breaches, but with the right training and knowledge, it is possible to maximize cyber security at all levels of an institution. As the article states, reducing opportunities for human error (including things like password management), changing the work culture to be centered around cyber-security, and training employees to acquire a specific level of knowledge about security, can all result in a safer and much more protected environment.