Human Error in Cybersecurity Essay
Human Error in Cybersecurity
A strong cyber security base is important for any business whether it is small or big. Yet, every day, we see huge companies failing because of their cyber security. Finding the faulty part in this mechanism is hard. The reason could be lying behind small security gaps that are not seen the cyber security provider before but if we think that is the only reason, then we are missing a great point. That point is human error. Even though it seems wrong at first, most of the breaches in security happen because of it. In this paper, I will examine the reasons behind it thoroughly.
We all make mistakes, we can even see our mistakes as a positive point because as species, we learn from our mistakes. It is a great chance to the areas where we are not sufficient, and fortify them further. Unfortunately, in cyber security, human mistakes are often overlooked. So overlooked that if we look at the statistics, 19 out of 20 security breaches happen because of them. This number fascinated me, and became the main factor why I wanted to research it further. First of all, it is vital to know what human error is. In cyber security, a human error means that a worker intentionally or unintentionally does something, or do nothing and therefore create a security breach. The size of the breach varies from error to error. But what exactly is an unintentional error? Well, it can mean a great number of things. Before listing the errors, I would like to mention that these terms have become common knowledge for most of the new generation, yet this doesn’t mean that it doesn’t happen anymore, because it does. To start with, downloading a file that is malware-infected or more commonly known as a virus, is one of them. A virus can do many things depending on what it is programmed for. It can lock all the files of that machine, transfer them, delete them or even create a bigger security breach. Although there are many antivirus software to solve the issue, it happens more than we think. The most important term about viruses is “phishing.”
Phishing is the term that is used for viruses that are sent on email, telephone or text messages. Most of the time, the messages look very legal. It has a legitimate institution name on it to lure individuals into providing sensitive data. This data may be a password, personal information or even credit card details. The sender of these messages then uses the important information to steal money, or sell them to cyber-attackers for them to attack the system. There are many ways one can tell phishing messages from legitimate ones. First one is that most of these messages are always too good to be true. There are lucrative offers like getting easy money or use statements that get the readers attention as fast as possible. For example, the messages may say that the reader has won an iPhone, a lottery, or even a house. As soon as one sees a message like this, it is a no-go. One another indication is that every phishing message contain a sense of urgency. The reason for this is that hackers want the victims to act as fast as possible because the deal they are offering are only valid for a limited amount of time. This time can be days, while in some cases it is minutes. The most important indicator I’d like to mention is hyperlinks. If one sees a website link in a message it is best to not click it at all even if it seems legit. The links contain payloads or other viruses. The reason I said even if it seems legit is that links may not be all it appears to be. While hyperlinks can lead the reader to a different site, the attackers can even create a website that’s name looks familiar to a legit website while it is a virus. Best example for this is www.bankofarnerica.com, the ‘m’ is actually an ‘r’ and an ‘n’, so the user should always look carefully at the links.
Human error only occurs when there is the opportunity, therefore a business should eliminate all the phishing chances an attacker might have. At the same time, end-users and employees can and will keep doing mistakes until they are educated to not do so. Therefore, in my opinion, the best way to stop human errors in cyber security is to teach the employees thoroughly about the subject beforehand. They should know all the details about phishing techniques, viruses and how to stay away from them because most of the end-users does not know how big of a risk they are carrying. One small error by an employee might damage the whole business in a matter of minutes as in this sector, a breach always creates a bigger one.