{"id":3113,"date":"2022-04-12T21:35:14","date_gmt":"2022-04-13T03:35:14","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=3113"},"modified":"2022-04-12T21:35:17","modified_gmt":"2022-04-13T03:35:17","slug":"project-post-the-effect-of-human-error-on-cyber-security%ef%bf%bc","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/04\/12\/project-post-the-effect-of-human-error-on-cyber-security%ef%bf%bc\/","title":{"rendered":"Project post: The effect of human error on cyber security\ufffc"},"content":{"rendered":"\n
\"\"
Image source: https:\/\/www.labmanager.com\/big-picture\/data-integrity-security\/protecting-your-lab-from-cybersecurity-threats-23970<\/figcaption><\/figure><\/div>\n\n\n\n

Human error causes problem.<\/h2>\n\n\n\n

Cybersecurity refers to all the technologies, processes and attitudes that aim to protect data, devices, programs, systems and networks from cyber threats and attacks. [1] Experts take all possible\u00a0measures and precautions\u00a0to minimize the risk of cybercrime affecting system security.<\/p>\n\n\n\n

However, we found that the fact is, most\u00a0threats to organizational information systems (IS) are due to vulnerabilities and breaches caused by\u00a0employees. About\u00a072-95 per cent\u00a0of cyber threats to organizations are due to users\u2019 mistakes. Human error can occur both at home, involving your personal devices and data, and at the workplace, where its consequences can be much farther-reaching. If business data and systems are affected, the company may lose time, money, clients, partners and can even face lawsuits. [9] For years, \u201chuman error\u201d has consistently been identified as a major contributing factor to cybersecurity breaches. Several recent reports revealed that 43% of C-Suite leaders who reported a data breach cited human error as the second major cause. The average cost of human errors in cybersecurity breaches was $3.33 million.[7]<\/p>\n\n\n\n

From ransomware attacks to serious data breaches, human error invariably plays a role in information security incidents. Almost all successful cyber breaches have one variable in common: human error. Human error can manifest in a multitude of ways: from failing to install software security updates in time to having weak passwords and giving up sensitive information to phishing emails. Yet it remains true that many organizations still fail to take into consideration this important factor when thinking about their information security strategy. [2] Human errors are used by cybercriminals to effect unauthorized access, steal credentials, and infect IT systems and endpoints with malware such as ransomware. Without the human-in-the-machine effect, cybercrime would be much more difficult. Therefore, if we can fully analyze the network security problems caused by human factors, extract potential problems according to the case, reflect and correct the loopholes, and minimize the cybersecurity problems caused by human errors. Then this will have a positive effect on the entire network security environment and greatly reduce the attack methods of cyber criminals. [5]<\/p>\n\n\n\n

How many cyber security incidents are caused by human error?<\/h2>\n\n\n\n
\"\"
Image source: https:\/\/www.pandasecurity.com\/en\/mediacenter\/tips\/cybersecurity-trends\/<\/a><\/figcaption><\/figure><\/div>\n\n\n\n

There are\u00a0three<\/strong>\u00a0types of human error in cybersecurity.\u00a0The first type<\/strong>\u00a0is unintentional human error. Errors of this type result from a lack of knowledge or skill, or perhaps distraction. Some human error, however, is intentional: an IT worker might deliberately take a risk with their organization\u2019s systems that could cause a cybersecurity incident. These errors often violate ethics and laws on data stewardship.\u00a0The third<\/strong>\u00a0kind of human error is even more intentional. Malicious error occurs when an employee deliberately makes a system vulnerable in order to steal (exfiltrate) confidential data.<\/p>\n\n\n\n

There are the\u00a0800<\/strong>\u00a0largest data breaches to occur between 2007 and 2019 in the US, how many were the result of human error? The answer is\u00a0291<\/strong>, roughly\u00a036%<\/strong>. However, another 47% may have been due to human error as well. Of the 291,\u00a0102<\/strong>\u00a0are selected for further analysis since enough data exists about them to make that possible. In this dataset, the author identifies three different types of human error in cybersecurity: skills-based mistakes (mistakes in repetitive, familiar activities that do not require conscious thought), rule-based mistakes (mistakes in using a known rule or procedure to respond to a familiar situation) and knowledge-based mistakes (mistakes in using slow, conscious, analytical processes to solve new and unfamiliar problems) and matches them to three different types of vulnerabilities that often cause breaches: system misconfiguration errors, skills-based errors and rule-based errors.<\/p>\n\n\n\n

Relevant Researches<\/h2>\n\n\n\n

Researchers from the\u00a0Old Dominion University<\/strong>\u00a0have conducted a cross-sectional\u00a0survey study of employees in different organizations. Their results suggest that\u00a0gender<\/strong>\u00a0has moderate effects on safety self-efficacy, prior experience, and computer skills, but has little effect on action cues and self-reported cybersecurity behaviors.\u00a0[2]<\/a> <\/p>\n\n\n\n

In addition, According to the research from\u00a0<\/strong>Vilnius University,\u00a0there is a relationship between genetically informed traits such as impulsiveness and the likelihood of IT workers to accidentally cause cybersecurity breaches. These personality traits are particularly important due to the long working hours, stress and wide-ranging responsibilities entailed by IT.<\/p>\n\n\n\n

Researchers from\u00a0Middel Georgia State <\/strong>University\u00a0designed a set of scenarios-based hands-on tasks to measure the cybersecurity skills of\u00a0non-information technology (IT) professionals<\/strong>. Their study shows the importance of skills and hands-on assessment appears applicable to cybersecurity skills of non-IT professionals. Therefore, by using an expert-validated set of cybersecurity skills and scenario-driven tasks, this study established and validated a set of hands-on tasks that measure observable cybersecurity skills of non-IT professionals without bias or the high-stakes risk to IT. [3]<\/p>\n\n\n\n

Survey from cyber security companies<\/h2>\n\n\n\n

We also surveyed several employees from the industry. Some results are showed as follow:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Our Story Map<\/h2>\n\n\n\n

The format of our project is the Story Map. This blog only contains part of its content. For more details about this topic and our project. Please browser our story map to explore. Link of Story Map:<\/p>\n\n\n\n

https:\/\/arcg.is\/19yOiq1<\/a><\/p>\n\n\n\n

References<\/h2>\n\n\n\n

[1]. aAmbrozaityt\u0117, Laima, et al. \u201cHuman Characteristics and Genomic Factors as Behavioural Aspects for Cybersecurity. Augmented Cognition, Springer International Publishing, Cham, 2021, pp. 333\u2013350. Lecture Notes in Computer Science.<\/p>\n\n\n\n

[2]. Anwar, Mohd, et al. \u201cGender Difference and Employees’ Cybersecurity Behaviors.\u201d Computers in Human Behavior, vol. 69, 2017, pp. 437\u2013443.<\/p>\n\n\n\n

[3]. Melissa Carlton, et al. \u201cMitigating Cyber Attacks through the Measurement of Non-IT Professionals\u2019 Cybersecurity Skills.\u201d Information Management & Computer Security, vol. 27, no. 1, 2019, pp. 101\u2013121.<\/p>\n\n\n\n

[4]. Cornejo, Gabriel A. Human Errors in Data Breaches: An Exploratory Configurational Analysis, 2021.<\/p>\n\n\n\n

[5]. Hoske, Mark T. \u201cAdvice from Cybersecurity Incident: Cybersecurity Incident: Human Errors Enabled It, but the Triconex Safety Controller Shut down the Plant as Designed, Say Experts with Schneider Electric and ARC Advisory Group. But It’s Still a Call to Action for Industry. Have You Implemented Changes since Then?\u201d Control Engineering, vol. 65, no. 4, 2018, p. 10.<\/p>\n\n\n\n

[6]. Maalem Lahcen, Rachid Ait, et al. \u201cReview and Insight on the Behavioral Aspects of Cybersecurity.\u201d Cybersecurity, vol. 3, no. 1, 2020, pp. 1\u201318.<\/p>\n\n\n\n

[7]. Malatji, Masike, et al. \u201cValidation of a Socio-Technical Management Process for Optimising Cybersecurity Practices.\u201d Computers & Security, vol. 95, 2020, pp. 101846\u201317.<\/p>\n\n\n\n

[8]. Khalid Khan, Shah, et al. \u201cA Conceptual System Dynamics Model for Cybersecurity Assessment of Connected and Autonomous Vehicles.\u201d Accident Analysis and Prevention, vol. 165, 2022, p. 106515.<\/p>\n\n\n\n

[9]. Kim, Hee Eun, et al. \u201cSystematic Development of Scenarios Caused by Cyber-Attack Induced Human Errors in Nuclear Power Plants.\u201d Reliability Engineering & System Safety, vol. 167, 2017, pp. 290\u2013301.<\/p>\n\n\n\n

[10]. Nobles, Calvin. \u201cBotching Human Factors in Cybersecurity in Business Organizations.\u201d Holistica : Journal of Business and Public Administration, vol. 9, no. 3, 2018, pp. 71\u201388.<\/p>\n\n\n\n

[11]. Pollini, Alessandro, et al. \u201cLeveraging Human Factors in Cybersecurity: an Integrated Methodological Approach.\u201d Cognition, Technology & Work, 2021, pp. 1\u201320.<\/p>\n\n\n\n

[12]. Sawyer, Ben D, and Peter A Hancock. \u201cHacking the Human: The Prevalence Paradox in Cybersecurity.\u201d Human Factors, vol. 60, no. 5, 2018, pp. 597\u2013609.<\/p>\n\n\n\n

[13]. Jeremy Straub, “Physical security and cyber security issues and human error prevention for 3D printed objects: detecting the use of an incorrect printing material,” Proc. SPIE 10220, Dimensional Optical Metrology and Inspection for Practical Applications VI, 102200K (15June 2017); https:\/\/doi-org.ezproxy.lib.ucalgary.ca\/10.1117\/12.2264578<\/p>\n","protected":false},"excerpt":{"rendered":"

Human error causes problem. Cybersecurity refers to all the technologies, processes and attitudes that aim to protect data, devices, programs, systems and networks from cyber threats and attacks. [1] Experts take all possible\u00a0measures and precautions\u00a0to minimize the risk of cybercrime affecting system security. However, we found that the fact is, most\u00a0threats to organizational information systems … <\/p>\n

Continue reading “Project post: The effect of human error on cyber security\ufffc”<\/span><\/a><\/p>\n","protected":false},"author":445,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-3113","post","type-post","status-publish","format-standard","hentry","category-cpsc-329-602-w22","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Kai Xue","author_link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/author\/kai-xue\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/3113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/users\/445"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/comments?post=3113"}],"version-history":[{"count":6,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/3113\/revisions"}],"predecessor-version":[{"id":3127,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/3113\/revisions\/3127"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/media?parent=3113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/categories?post=3113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/tags?post=3113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}