Human error plays a major role in cyber security breaches. Whether it is a disgruntled employee, an uneducated worker, or a mishap that occurs via human error, the human and psychological aspects of cyber security are paramount. In the blog entitled “Why is Cyber Security About Human Behavior”, there are 9 areas identified in their psycho-technological matrix of cyber security. Six of these involve some form of human involvement, while only 3 do not include human behavior as the source of the breach. This matrix presents a clear picture of how most security breaches occur and supports the idea that social engineering plays the leading role in cybercrimes. Using tactics such as phishing emails or untrustworthy internet sites, cyber criminals use social engineering as a method of gaining access to an individual’s or a corporation’s private data. The question remains, do we focus on educating employees and individuals on these attack methods in order to eliminate the success of these criminals, or do we eliminate the human factor all together? While the author of this blog supports the idea that cyber security is about human behavior, the blog falls short of offering specific and detailed solutions to the human error factor.

Capone (2018) goes in an entirely different direction by stating that the threat of cyber security breaches is far too dangerous to leave to human success or failure. His approach to cyber security rests in the elimination of human error. This would entail prohibiting access to private or secure data to a very small amount of people. Only administrators and privileged users would be able to access sensitive data. By eliminating the human factor, Capone (2018) believes the threat of cyber breaches becomes exponentially lessened. Technologically this would create a need for a much higher level of cyber security capabilities. A company would need to employ specific technology, such as identification intrusion devices, that are capable of monitoring traffic and patterns within their system. This technology would have to be able to react to threats and implement processes that would stop an intrusion or virus from disrupting or breaching sensitive data. While this approach is a much more clean-cut approach to eliminating cyber security threats, the cost to implement this type of high capability technology would be cost prohibitive to most individuals and businesses.

The solution to minimizing the threat of a cyber-attack lies in a hybrid version of both approaches. It is hard to put a price tag on the security of personal data however, it is a reality that must be dealt with in the current cyber climate. Finding a solution that involves both the correction and minimization of human error and the procurement of more capable technology is the most effective course of action. The enactment of behavioral science that includes educating individuals and employers on effective measures to eliminate human error would be the starting point for some type of resolution. Scheduled training, educational seminars, reading materials, and other forms of communication would need to be put in place within corporations. A specific training schedule would be implemented and required of all employees. The goal of this ongoing and continuing education is to communicate clearly and with detailed instructions on what to anticipate, how to recognize cyber scams and threats, and how to react to these threats with confidence. The second piece to the solution would require companies invest in more capable systems that can quickly and effectively detect an intrusion or threat to the system. While the initial costs might be high, the long-term security of their data would prove these upgrades in their technology to be a great investment. Along with the upgraded technology would come a more specific compilation of users and those people given access to sensitive data. A company would need to examine who needs what information and how they can best eliminate the need for multiple users to have across the board access to sensitive data. This would involve a lengthy process of investigating the roles of individual employees and their logistics however, the time commitment to streamlining access to private data would prove beneficial in the long term by reducing the amount of human error that might occur due to unlimited accesses.

As cyber security threats grow at an exponential rate, the need for updated procedures increases also. There is no easy solution to this ever-evolving security issue and therefore as consumers, business owners, and national security personnel, it is imperative that we evolve at a faster pace than that of our attackers. By combining both knowledge of behavioral science with the technological advances being developed daily, it may be possible to incorporate a better system of protecting personal and private data from cyber security criminals.

References:

Capone, J. (2018, May 25). The Impact of Human Behavior on Security.

(n.d.). Why is Cyber Security about Human Behavior? [Review of Why is Cyber Security about Human Behavior?]. Cyberbitsetc.org.

‌