Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

User error is an expected business problem

Ira Winkler | June 17, 2015
When I read the article that human error was the source of most breaches and data loss in 2014, it was not a surprise. You can pick any study about computer-related crimes and data breaches in the last few years and you will find that humans are the primary attack vector for most significant breaches, and the criminals intend to initiate human error. In order to prevent this error, you have to understand what causes humans to make errors.

The fundamental issue is that we see IT related user errors that are now causing millions of dollars of damage. In return, we do not see a similar scope of effort to reduce those errors. We see security programs begrudgingly buy subscriptions for videos or acquire phishing services with the appearance that this is the appropriate business response.

I want to be clear that I am not downplaying the potential of CBT and phishing services as a part of a good awareness program. However, these efforts are clearly not first performing a good proactive study into why the errors occurred in the first place and what are the best methods to address the reason for those errors.

Until CISOs and the IT community as a whole recognizes that user error is an expected part of the business process, and that these errors are costly and deserve the respect that human error gets in every other discipline associated with the business, security awareness programs will have massive failures and user error will continue to be costly. IT professionals seem to believe that user error is unique to our community, and just telling users not to do something will work. That does not work in any other discipline. Until CSOs, CISOs and other executives realize this, and promote this issue to their management, losses associated with user error will only continue to increase. It is time to accept this fact.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.