Making mistakes is part and parcel of the human experience – it’s how we go about growing and learning. However, when it comes to matters to do with cybersecurity, human error is by far too often overlooked.
Based on a recent study conducted by IBM, it is evident that human error caused a staggering 95% of cybersecurity breaches. Put in other words, if human error is somehow entirely done away with, 9 out of 10 cybersecurity breaches may not have been reported at all!
Just last year alone, one-quarter of cybersecurity breaches were a result of human error. During this time, the average cost of the entire breach totaled to $3.92 million, a 1.5% increase from the year before (2017). Sadly, the average overall cost of data breach shows no signs of hitting a reverse gear with reports indicating that it has grown exponentially (12% to be specific) over the last five years.
Further, the time it takes to remediate errors caused by human beings is growing as well with a study conducted by IBM and Ponemon Institute, indicating that it takes 279 days on average to bring back everything back to normal. This is 4.9% longer than an average of 266 days in 2018.
Read on the weakest link in the security chain.
What is a human error in cybersecurity?
In an attempt to discuss human error in terms of cybersecurity, in more general terms, what is meant by this term is somewhat different from its use. However, in the context of security, the human error means any unintentional actions or even lack of action by users and employees that go-ahead to cause, spread, or allow some instances of leading towards a security breach.
The above consists of a wide range of actions, such as failing to put in place a strong password or downloading malware-infected files. When it comes to cybersecurity, human error can be divided into two groups:
- Skilled-based errors – they are lapses and slips or rather small mistakes that take place when undertaking familiar tasks.
- Decision-based errors – this happens when a faulty decision is made by a user, such as a user not possessing enough information regarding a specific circumstance or not knowing that through their inaction, they are making a mistake.
How companies can limit cybersecurity breaches
There are plenty of options in place that companies can resort to as a means of reducing cybersecurity breaches. However, some of the most common ones include the following:
- Using strong passwords
- Regularly updating the corporate security policy
- Educating employees regarding potential threats and how dangerous they could be
- Monitoring employee’s cybersecurity initiatives
- Using the principle of the least privilege that allows privileged access only
- Constantly updating the software
A majority of cybersecurity breaches are due to human error, and sadly, they are highly costly. However, such can be prevented by implementing strict policies and procedures. To save drastic time and money required to fix such mistakes, companies need to adopt drastic actions immediately.