With over 90% of all cyber security breaches coming as a result of human error, it's safe to say that mistakes in the workplace are more than costly. So, what mishaps are your end users making and what exactly are the repercussions to your organisation?
Many of these are successful security attacks from external attackers who are preying on human weakness, waiting patiently for employees to be lured into providing access to sensitive information. Their errors can be incredibly costly, especially since the insiders involved have access to a host of sensitive data.
One of the greatest impacts of a successful security breach is the exposure of this kind of information, loss of intellectual property and the infection of malware. A report by Vormetric found that 59% of respondents agree that most information technology security threats that directly result from insiders are the result of honest and simple mistakes, rather than the abuse of privileges.
The Threat of Human Error (and how we mess up!)
One of the most common mistakes made by employees is the sending of sensitive documents to unintended recipients. This is relatively easy to solve when deploying security controls to monitor sensitive information being leaked out of the organisation. These controls were once considered complex to deploy, but have now been made considerably easier to implement by vendors in recent years. This has dramatically reduced the level of user involvement required and increased the use of such controls.
These tools can also prevent users from engaging in inappropriate behaviour. Sending documents home via email or placing them on file-sharing sites or removable media such as USB sticks can all be avoided. The growing culture of bring-your-own-device (BYOD) exposes more major concerns, especially with the risk of lost or stolen mobile devices. Again, technology is available to help companies control what happens to data stored on such devices, even allowing sensitive data to be remotely wiped so that it doesn't fall into the wrong hands.
Even the most trusted and highly skilled employees run major risks of human error. System and network administrators are commonly guilty of system misconfigurations, poor patch management practices and the use of default names and passwords. There are numerous security controls that organisations can explore to guard against these types of threats.