95% of cybersecurity incidents occur due to human error

Almost all successful cyber breaches share one variable in common: human error. Human error can manifest in a multitude of ways: from failing to install software security updates in time to having weak passwords and giving up sensitive information to phishing emails.

Despite the rapid rise in cyber security growth rate over the last few years, organizations worldwide are still haunted by the increasing number of cyberattacks. The major reason for this is that while organizations are spending a lot of money and resources on strengthening their technological defenses, they often overlook the human aspect of security.

After all, the technical security solutions, no matter how sophisticated, can only help if humans utilize them properly. Human error can manifest in a multitude of ways: from failing to install software security updates in time to having weak passwords and giving up sensitive information to phishing emails and it is one of the major contributing factors to the majority of cyber security breaches.

In several cases, human error has allowed hackers to access an organization’s sensitive data and encrypted channels. In fact, according to the IBM Cyber Security Intelligence Index Report, 95% of cyber security breaches are primarily caused by human error. Also, the Cost of a Data Breach Report 2020 by IBM states that the average cost of cyber security breaches caused by human error stands at $3.33 million.

The most common human errors that lead to cybersecurity breaches: -

·Weak password security – Using simple and commonly used passwords, sharing it or storing it incorrectly leads to weak password security and enhances probability of a breach

·Use of unauthorized software If employees install applications without the knowledge and approval of IT teams, it can lead to attack and unauthorized access of the organization’s IT infrastructure and applications.

·Neglecting software updates that contain important security patches is another major reason that may lead to a security breach.

·Opening email links or attachments without paying attention to small cues such as incorrect spelling in the domain, can lead to the recipient and indirectly the organization becoming a victim of a phishing attack.

·Ineffective data access management: A stringent administrator who adheres strictly to an organization wide access policy is critical. This will ensure security at all access points and prevent any imposters with malicious intent to gain access and control over the organization’s data and systems.

·Improper management of sensitive data - If sensitive data has been sent over email, it can open doors for a cyberattack

·Using public Wi-Fi without using a VPN and plugging insecure devices such as USB drives can also cause unauthorized access to data and entry into sensitive systems.

However, organizations need to understand why human errors happen and reduce the probability of such errors by using appropriate tools as well as by educating employees on the impact of their mistakes. Although the risk of human error cannot be eliminated completely, the practices mentioned earlier can help to reduce its impact to a great extent.

Dr. Deepak Kumar Sahu, President & CEO, VARINDIA