What is Human Error?
In plain words, human error can be defined as an action that is done and or taken that was not intended nor meets the set of rules. The term mostly appears in reference to human error vs machine failure.
Human Error in Cybersecurity
There is no person alive on earth who never made a mistake—in fact, making mistakes is the core part of human nature and the learning process. However, in cybersecurity, human errors are far too often overlooked. Loopholes in cybersecurity caused by human mistakes are very common occurrences in today’s work settings. A study posted by IBM mentions that the root cause of 95% of cybersecurity breaches is accrued because of human errors. To put this into perspective, 19 out of 20 breachers would not have occurred if human error had been eliminated fully.
Statistics and Findings Around Human Error in Cybersecurity
- 36% of employees believe they have made a workplace mistake that has compromised security in the last 12 months, according to research published by Tessian.
- IBM & Ponemon report states that it took an average of 239 days to identify and contain a breach caused by human error.
- Verizon’s report estimates that human mistakes are responsible for 74% of data breaches in different forms.
- Thales Group report identifies that 55% of cloud data breaches are caused by human error.
- A study posted by GIT Security mentions that 82 percent of data breaches are related to human errors directly or indirectly.
These studies point out that human error is a leading cause of not only data breaches but errors that can also result in hefty regulatory fines, productivity losses, lawsuits, loss of revenue, damaged brand reputation, opening doors for potential ransoms, and increasing attack vectors for cyber attackers.
What are the Common Types of Human Errors in Cybersecurity Terms?
Despite the millions of ways humans can make mistakes, the following are the basic ones that are the root cause of human error in cybersecurity settings.
- Skill Gap: The most common type is skill-based errors. Employees make mistakes while performing a task that they do not know how to complete, or they lack the technical skills required to complete that task.
- Micro Example: A skill gap error might involve configuring a firewall and forgetting to push the security policies toward the end users.
- Unintentional Action: Humans are prone to make unintentional mistakes. They might act carelessly or experience a slip-up, which may cause a serious breach or loss.
- Micro Example: An employee may unintentionally use a weak password out of habit, which can cause significant issues for the organization and may compromise the network.
- Decision-based Errors: These errors arise when an employee makes a decision under uncertainty or lack of complete information. These errors may lead to cybersecurity errors due to a poor assessment of the situation at hand.
- Micro Example: A decision-based error is clicking on a suspicious link due to spam email, mistaking it as a legitimate email, and ignoring an endpoint security alert as a false positive. This is a decision-based human error that can lead to cybersecurity issues.
Real-Life Examples Involving Human Errors in Cybersecurity
Some real-life examples involved human errors and caused significant losses for the respective organizations are as follows:
SolarWinds Supply Chain Attack
SolarWinds is a renowned company specializing in network and system monitoring and management tools. Many organizations widely use their tools, of which many are high-profile companies and businesses. According to Reuters, the SolarWinds hack was the largest and most sophisticated attack ever.
The attacks come due to a negligent mistake an employee made. The mistake was unintentionally setting a very weak password, “solarwinds123" which the hackers easily compromised. The hackers have gained access to supply chain systems that contain the data of approximately 18,000 SolarWinds Orion customers. Out of those customers, the U.S. Treasury, Justice, and Commerce departments were compromised, and apparently, hackers gained access to their emails.
A simple password set unintentionally by a SolarWinds intern has played a part in the massive cybersecurity incident that the world has seen.
Twitch Data Leak
In 2021, Twitch encountered a data leak incident that exposed 125 GB worth of data to the public. According to Twitch’s official statement, the exposed data primarily contained documents from Twitch’s source code repository and a subset of creator payout data. Upon further investigation and audit, it turns out that the error was classified as a human error. Twitch engineer configured the server and changed some parameters that led to data exposition that was subsequently accessed by a malicious third party.
Twitch was forced to reset all stream keys out of an abundance of caution; they informed customers that they may need to manually update their software with a new key to start their next stream. Finally, the misconfiguration was attributed to a human error while setting up the server’s access controls appropriately.
Facebook Data Scrape Incident
In April 2021, it was revealed by Twingate’s report that a configuration error allowed the scraping of data of hundreds of millions of Facebook users, surpassing over 106 countries. The breach exactly affected 533 million users, representing up to 20% of Facebook's user base at the time of the incident. The data was exposed by exploiting Facebook’s contact import feature rather than directly hacking Facebook’s systems. The exploited loophole was later patched once the company found out. The exposed data contained phone numbers, full names, locations, bios, date of birth, and, in some cases, email addresses, employers, genders, and relationship statuses were also exposed.
Finally, this incident can be attributed to human error that led to a misconfiguration in the import tool, which inadvertently allowed the scraping of Facebook’s users' data.
T-Mobile Data Breach
A cyberattack exposed data from 50 million T-Mobile users, a renowned US mobile carrier. While T-Mobile did not share the complete details, it is observed that the data exposition took place due to an improperly secured testing environment. According to Forbes, T-Mobile was fined over $60 million to settle the allegations it failed to disclose and share publicly and take action against the unauthorized access to internal data. The compromised customer data contained names, addresses, and dates of birth. The company has also paid $350 million as part of a 2022 agreement to impacted customers by data breaches.
Finally, the breach occurred due to a non-secure testing environment that suggests a human oversight to configure the security parameters properly.
Consequences that Organizations may Face Due to Human Error
As we have seen from the above real-life examples, it is imperative that organizations face a number of consequences due to data breaches and data exposition.
Following are some of the most common ones:
- Loss of customer trust: Today’s customers are highly dynamic, online news and social media reliant. With a saturated market and many competitors available, people don’t hesitate to switch from one provider to another based on trust, security, and privacy safety.
- Regulatory Fines: Coming at a second position, hefty regulatory fines and out-of-compliance issues can bear monumental losses and damages for an organization. It was estimated that Amazon was fined 877 million dollars as a result of GDPR violation.
- Downtime: In the event of a data breach and cybersecurity incident, systems might be taken offline for days or sometimes for weeks, depending upon the size of the vulnerability and scale of impact. The average cost of downtime is about $5,600 per minute. Still, in more recent studies, it is estimated that this number has increased to about $9,000 per minute because digital transformation has taken over many aspects of our daily lives.
- Data Breaches: An insider threat can cause significant data breaches for the organization. A famous example of the Disney Slack Hack in which information about unreleased projects, images, and computer codes linked to internal API and login details were leaked. Privilege misuse can also be attributed to human error in some way, as someone can eavesdrop on the passwords of an employee responsible for a more sensitive role and cause a data breach.
These are just a few consequences to name; organizations' losses can be unparalleled regarding cybersecurity attacks or data breaches.
The Importance of Mitigating Human Error in Cybersecurity
The good news is that Human Error in cyber security can be mitigated by following industry standard best practices and procedures. Following are some effective methods to reduce the chances of human error in cybersecurity.
- Opportunity: Human error can only occur when a human has an opportunity to do so. This means that an employee can make a mistake if that person has access to specific technology or tools that should not be there in the first place. A network engineer should not have access to a firewall, as that should be with a security engineer. Organizations can substantially reduce the risk of human error by applying privilege control and strictly implementing user’s role-based access to information technology systems.
- Password Policies & MFA: From the above-shared example, it is clear that a weak password can cause significant damage to the company. A company should enforce strong password policies for all employees, whether they are interns or senior engineers. Additionally, multifactor authentication and rotating password policies should be implemented so that if a password is compromised or obtained by someone due to social engineering tactics, it can be rotated seamlessly.
- Employee Training and Awareness: Often neglected and ignored, employee training and awareness are among the best ways to protect your organization from human error. Organizations should thoroughly inform employees about passwords, using sensitive systems, reading and responding to emails, and spotting any social engineering attempt. These training and awareness sessions prevent innocent errors and foster a sense of proactiveness between employees. Remember that a properly trained employee can act as a first line of defense against your organization.
Leveraging AI and Advanced Tools to Reduce Human Error
Leveraging technology and AI-based solutions hand-in-hand with human effort is crucial in today's digital landscape. The latest tools allow better threat detection and employ automated security protocols and policies with the help of artificial intelligence, which can provide an additional layer of defense where human capability may fall out. Humans don’t have to be the weakest link in cybersecurity.
Today, artificial intelligence and advanced tools allow far better protection against cyberattacks and work independently with automated protocols and threat management with minimal human intervention. Sangfor, a global vendor of IT infrastructure solutions specializing in Cloud Computing & Network Security with a wide range of products & services, offers next-level solutions that can remarkably reduce cybersecurity breaches or incidents.
Following are some of the products that can uplift your organization’s security posture in a reactive and proactive manner:
Sangfor Security GPT
Sangfor Security GPT merges Generative AI with advanced cybersecurity to enhance detection accuracy and operational efficiency. It speeds up investigation, enables proactive threat hunting, and streamlines incident responses through simple chat-based interactions. Developed over eight years and trained on extensive security data, Security GPT navigates complex cyber threats with exceptional precision. It has the following key benefits:
- 99% Threat Detection Accuracy: Security GPT achieves 99% accuracy in detecting advanced threats like zero-day attacks and ransomware within 5 minutes, thanks to AI and behavioral analytics, enabling swift responses to minimize impact.
- 90% Decrease in Alert Volume: By correlating data from various sources, Security GPT reduces false positives by 90%, turning numerous alerts into single, actionable incidents, enhancing operational efficiency and allowing focus on critical threats.
- 90% Faster Investigation Time: Security GPT cuts investigation times by 90% with its autonomous capabilities, allowing analysts to interact in natural language, transforming hours of work into minutes for quick and effective incident response.
Sangfor’s Network Secure – Next Generation Firewall
World’s first next-gen firewall that combines AI technology, cloud-based threat intelligence, IoT security, NG-WAF, and SoC lite. The top highlighted features of this firewall are:
- AI-enabled threat detection that eliminates 99% of external threats at the network permiter.
- First-of-a-kind NGFW that uses deception technology to detect and mitigate malicious actors proactively.
- Built-in SoC Lite assists security teams in rapidly determining the security status of threats and responding to them.
- Efficiently integrates endpoint security and NDR solutions, offering a holistic all-in-one security system.
Sangfor Endpoint Secure — The Future of Endpoint Security
Sangfor’s endpoint secure offers a unique approach to defending systems from malware and APT threats compared to traditional Next-Generation Anti-Virus (NGAV) or Endpoint Detection & Response (EDR) solutions.
Top-of-the-line features include but are not limited to:
- Intelligently works in a phased manner with a complete overview (Pre-Attack -> During Attack -> Post Attack).
- Offers world-class malware protection that integrates various engines with endpoint security and NGFW technologies.
- Ransomware protection and recovery with an impressive detection rate of 99.83%.
- Endpoint Secure impeccably integrates with Sangfor’s security ecosystem for multi-layered threat detection, correlation, and streamlined incident response.
Sangfor Cyber Command - NDR Platform
Sangfor Cyber Command is a Network Detection and Response (NDR) solution that can be trusted to improve your organization's overall IT security posture while eliminating potential cybersecurity risks.
The most important features of the NDR platform include:
- Superior threat detection and response capabilities by intelligently monitoring internal network traffic.
- Employing AI & behavior analysis technology to correlate existing security events while tasking assistance from global threat intelligence.
- The unique “Golden Eye” feature studies the behavior of compromised assets and uses this information to strengthen defenses, making cyber threat hunting easier.
- Cyber command is cross-platform compatible and eliminates blind spots at a 100% rate, with visibility spanning from East-West to North-South traffic.
Sangfor Access Secure - A SASE Solution
Sangfor Access Secure is a comprehensive SASE (Secure Access Service Edge) solution that offers advanced SD-WAN capabilities and ZTNA (Zero Trust Network Access) security.
Some of the Access Secure features are listed below:
- Consolidates multiple network functions into one device, thus reducing the total cost of ownership (TCO).
- Offers exceptional user experiences, empowering businesses to operate securely, swiftly, and seamlessly across all locations.
- Suitable for hybrid work environments, ensuring seamless and secure remote access to corporate resources and applications.
- Finally, it saves security services, hardware, licensing, and maintenance costs to meet your budgetary needs.
Conclusion
The integration of AI-based advanced tools in cybersecurity presents a promising approach to mitigate human errors, which is a significant vulnerability in many organizations’ defense strategies. By employing highly advanced tools offered by Sangfor, organizations can foster a robust and adaptable defense against ever-evolving cyber threats. As we move forward, continuous education, adaptive AI-based systems, and a culture of security awareness will be key to staying ahead and on top of the battle against cyberattacks.