Canadian Cyber Security Journal
Filed under: Featured, Training

The role of human error in cybersecurity breach

The role of human error in cybersecurity breach



According to a study by IBM, 95% of cyber security breaches result from human error. Even though humans make mistakes, this mistake is so overwhelming in cybersecurity that 19 out of 20 cyber breaches result from human error. Another report indicated that human error resulted in a loss of $3.33 million in 2020. Human error in cybersecurity accounts for either unintentional or lack of action that results in a data breach. It includes activities like downloading an infected software and keeping a weak password or compromising the IP address that can be checked on What Is My IP and not updating the software.

Types Of Human Errors In Cybersecurity

The types of human errors in cybersecurity can be categorised into skill-based and decision-based errors. Skill-based errors are generally minor errors that occur while carrying out a daily task. It is often the result of negligence due to inattentiveness, tiredness and distraction. On the other hand, decision-based errors are the ones where the user makes a faulty decision. Decision-based errors result from a lack of knowledge, skills and information about a specific circumstance. It further includes inaction during a particular scenario too.

Misdelivery, including sending information to the wrong recipient, is the fifth most common cause of all cybersecurity breaches. Email services often auto-suggest an email address to increase the user’s convenience, which increases the risk of sending an email to the wrong person if not carefully checked. The other most common reason for a cybersecurity breach is keeping passwords which are extremely popular and are therefore easy to guess. Also, 45% of the users keep reusing their passwords for accessing one service or another. Additionally, users also save these passwords in a careless manner which makes it easier to land hands on them.

Updating The Latest Update Is Important

Patching is another issue that threatens cybersecurity. Most cyber criminals look for vulnerabilities in software or operating systems. When the software developers notice such issues, they work on fixing them and send the patches to their users before the loophole can be used to compromise the data. However, when a user engages in inaction and, as a result, does not install the security updates, they risk their level of being prey to cyber criminals.

The WannaCry ransomware attack that took place in 2017 was the result of inaction by the users of Microsoft. The attack affected many companies and organizations and the loss occurred in millions. Interestingly, Microsoft sent its users the patch a month before the attack happened. If the users had updated the software, they could have saved themselves from such a heavy loss.

Enjoy this article? Don’t forget to share.