Can we eliminate basic human error?
Studies show that the majority of IT security lapses are due to basic human error – and with the rapid growth of disruptive technologies the stakes are just getting higher. So how can we mitigate the increasing threat?
As society progresses further towards the Internet of Things, the lines between the many different communications platforms and devices we use will become increasingly blurred. The networks that link our corporate and personal devices and all of the conversations we have on them are becoming ever-more entwined, creating a more complicated matrix of potential security lapses. In tandem with this is an increasingly sophisticated enemy in the form of cyber criminals. The challenge for governments, businesses and individuals is how to manage this technological evolution in a safe way.
Todd Thidobeaux, the CEO & president of the global non-profit IT trade association CompTIA, recently hosted a roundtable event to discuss these issues.
In attendance were IT professionals and cyber experts from the Middle East who are well versed in this conversation because it has been part of their domain for a long time. Yet the enormity of what lies ahead is so great that this conversation needs to break into the boardroom and infiltrate every single member of staff from the front desk receptionist to the CEO.
The CompTIA roundtable focused on the impact that the Internet of Things will have on security in the corporate world and the role that human error plays. Every single individual who steps into the corporate space – either physically or digitally – needs to understand their own role in preventing cyber attacks. And most importantly, they need to understand how their own personal behaviour can so easily leave the corporate door open to cyber criminals.
The threat that an everyday employee can unwittingly pose to an organisation has recently been illustrated in an experiment carried out by CompTIA. In the experiment, 200 USB flash drives were distributed randomly in highly public places in Chicago, Cleveland, San Francisco and Washington DC. In about one in five instances, the flash drives were picked up by strangers and plugged in to their own – or their employers – devices. These people then proceeded to engage in several potentially risky behaviours, such as opening text files, sending messages to a listed email address or clicking on strange and unfamiliar web links.
The experiment was covered by NBC 5 in Chicago, who posed the question: ‘Would you pick it up and use it, not knowing what might be on there?’ IT experts understand the danger, but the experiment illustrates that the ordinary employee’s curiosity very often gets the better of them. And this is why IT experts and the wider information technology industry need to ensure that every employee understands the risk to their business as we adopt disruptive technologies such as the Internet of Things.
In the Middle East, it seems executives understand the scale of the threat. Research shows that 70% of Middle East executives believe the cyber security threat is increasing – and 27% believe human error is growing. And so it is human error that companies and IT departments need to address. Raising awareness is an important starting point.