Cybersecurity Awareness: Transform Human Errors into Human Firewalls
June 10,2022Let’s set the scene for this blog with a hypothetical situation:
It’s a chilly day outside and you’re getting ready to rush to work for a morning meeting. As you put on your coat and check your phone for train timings, you receive a text message from your water company asking you to pay your overdue bill by clicking on a link. You click the link, but the login page doesn’t load so you save it for later since your train departs in 15 minutes. In the next few days or even hours, a cybercriminal has locked your critical files and information.
Now let’s look at a real-world example of the recent Australia Post scam:
In March 2022, customers received a legitimate-looking text and WhatsApp message with details of the shipment of their parcel with an equally legitimate-looking link and website that asked for credit/debit card information This made Australia Post alert their customers of the scam through their website.
Smishing, the SMS version of phishing, are becoming increasingly common – the scam package includes professional-looking texts, the creation of urgency to pay bills and tricking you into entering personal details. Australia Post is a large organization, but medium and small-scaled organizations aren’t exempt from cyberattacks such as smishing.
“Every day, cybercriminals send out millions of smishing texts and phishing emails and wait for the receivers to fall into the trap. These scams are not targeted – making organizations of all sizes and scales susceptible to cyberattacks”
Think Beyond Rudimentary Cyber Protection:
A recent report by IBM found that human error was a contributing factor in more than 90% of cyberattacks across the globe. In Australia, there was a 57% increase in phishing attacks and a 30% increase in identity theft in 2021.
The conversation around cybersecurity practices has radically changed in the last 3 years, reflecting the ever-evolving crafty methods that cybercriminals are employing.
Rudimentary cybersecurity solutions such as anti-virus software no longer provide complete protection to an organization’s IT infrastructure because the attackers are relying on employees unknowingly giving them the keys to the main door.
Once they’re in, the possibilities are endless – taking over your account to send fake emails, redirecting payments to different accounts, stealing IP for new products and selling it to competitors, etc.
As human error steps to the forefront of cybercrime targeting, cybersecurity training and awareness as a defence response is imperative across multiple departments of organizations.
Build Human Firewalls with Cybersecurity Training:
With cybercriminals targeting human errors to launch attacks, everyday employees are being referred to as the ‘weakest links’ in the current cybersecurity conversation. But first, let’s understand a bit more about human error and how it happens.
What is human error?
Human error in cybersecurity is the unintentional action or the lack of action by employees that enable a security breach or attack by hackers. It be initiated by the bad actors in many ways – an employee accidentally downloading a malware-infected email attachment or attacking through weak passwords or even through social engineering where hackers manipulate employees into handing over sensitive information. Based on the level of awareness and knowledge of cybersecurity practices that an employee has – human error can be classified into:
- Skill-based: These human errors happen when employees have a fair bit of knowledge and understanding of everyday cybersecurity practices, but distractions, negligence, urgency, fatigue or lapse of memory cause them to slip up during their day-to-day tasks and activities
- Decision-based: These human errors happen when employees do not have the necessary knowledge about specific security protocols or sometimes through not doing anything at all, giving opportunities to hackers to attack
Transform Human Errors into Human Firewalls
Watch: Advanced Training’s Certified Cybsecurity Expert and Trainer takes you through EC-Council’s ‘Certified Secure Computer User’ course and how it helps organizations turn their employees into human firewalls (click on thumbnail):
Key Takeaways:
- Mitigate Human Error Opportunities: From an organization’s perspective, reducing the opportunities for data breaches caused by employee errors can be done by aligning the culture, work practices, technologies and routines with a solid cyber resilience gameplan. It can start with something as simple as having more conversations about daily security practices and queries to implementing strong passwords and two-factor authentication.
- Engaging Cybersecurity Training for Sustained Awareness: What makes cybersecurity awareness challenging for non-IT employees is the complex and expansive nature of cybersecurity and the endless possibilities through which security breaches can happen. Hence, the best way to reduce the opportunities for human error is through digestible and engaging training conducted periodically that results in sustained cybersecurity awareness and practices.
