People make up an important part of an organization’s security posture. That’s because some employees have the rights necessary for accessing sensitive data as well as the privileges for viewing and/or editing critical systems. If those individuals have the right focus and training, they can play a crucial part in keeping those assets safe against digital attackers. But if they aren’t paying attention, they could do something that puts their employer at risk.

Take cloud security as an example. As reported by the Wall Street Journal in August 2019, misconfigurations and other human errors constituted the leading cause of 95% of cloud-based data breaches. The Wall Street Journal reported that this trend was expected to continue for years to come.

Human errors come in many different varieties, so it’s not always easy for organizations to keep their assets secure. Let’s look at two common types of human errors to better understand these challenges.

Human Error Type #1: Skills-Based Errors

Skills-based errors tend to occur during highly routine activities. The task has probably been performed correctly many times before and is more routine, meaning they can be performed with less conscious attention on the part of security analysts.

Here’s one example. A good patch management program is one that first identifies patches, acquires them, tests them, installs them, and then verifies them. There could be scenarios where a bad patch can cause downtime. But as this is a routine task, a user may choose to install patches without proper testing, or they may not make sure that the patch they tested is the one that is pushed to all other production systems.

Here are two other examples of skills-based errors:

  • Following suspicious email links and attachments: Sometimes users reply to suspicious emails, click on embedded links, and/or download suspect attachments. These (Read more...)