Human Error (nobody is perfect!)

Security breaches are unfortunately quite common due to human error within an organization.  2011, I went on my first deployment in the United States Navy.  Our first port visit was to Portsmouth, England.  I was ecstatic to share pictures of this first naval adventure with my family and friends from home.  I immediately plugged my iPad into the unclassified computer and began uploading pictures to my Facebook.  I did this not for malicious intent but due to ignorance and lack of education soon after the DOD implemented Cyber Awareness training—this educated end users like myself on the vulnerabilities of plugging personal devices into government computers.  User education is paramount in preventing self-inflicted security breaches.  
The Colonial Pipeline cyber breach in 2021 was preventable. However, the network was penetrated due to poor password complexity and password reuse requirements not being enforced.   An organization should have operating procedures in place that force end users to update passwords regularly and forbid users from reusing the same password repeatedly.  Multi-factor authentication should be implemented, and PIV cards and a password should be issued to end users to increase authentication measures. 
Preventing human error and security breaches should not be the sole responsibility of cybersecurity analysts or system administrators.  Currently, as a network engineer, we are carrying out an effort to enforce Network Access Control (NAC).  NAC restricts devices lacking proper security patches to be permitted on a network.  NAC prevents an employee from bringing his home wifi router into his office, which would create a Rogue Access point, which is essentially a device that acts as an unauthorized backdoor, giving threat actors a clear path and entrance into a network.  In summary, preventing human error is everyone’s responsibility, but it starts with employee education and is followed by technical safeguards.

Very Respectfully,

Daniel

Leave a Reply

Your email address will not be published. Required fields are marked *