Modern Australian
The Times

Human error is the weakest link in the cyber security chain. Here are 3 ways to fix it

  • Written by Jongkil Jay Jeong, Senior Research Fellow in the School of Computing and Information System, The University of Melbourne
Human error is the weakest link in the cyber security chain. Here are 3 ways to fix it

Despite huge advances in cyber security, one weakness continues to overshadow all others: human error.

Research has consistently shown human error is responsible for an overwhelming majority of successful cyber attacks. A recent report puts the figure at 68%.

No matter how advanced our technological defences become, the human element is likely to remain the weakest link in the cyber security chain. This weakness affects everyone using digital devices, yet traditional cyber education and awareness programs – and even new, forward-looking laws – fail to adequately address it.

So, how can we deal with human-centric cyber security related challenges?

Understanding human error

There are two types of human error in the context of cyber security.

The first is skills-based errors. These occur when people are doing routine things – especially when their attention is diverted.

For example, you might forget to back up desktop data from your computer. You know you should do it and know how to do it (because you have done it before). But because you need to get home early, forgot when you did it last or had lots of emails to respond to, you don’t. This may make you more exposed to a hacker’s demands in the event of a cyber attack, as there are no alternatives to retrieve the original data.

The second type is knowledge-based errors. These occur when someone with less experience makes cyber security mistakes because they lack important knowledge or don’t follow specific rules.

For example, you might click on a link in an email from an unknown contact, even if you don’t know what will happen. This could lead to you being hacked and losing your money and data, as the link might contain dangerous malware.

Person holding a mobile phone with a speech bubble containing a suspicious message and link.
Many cyber attacks are successful because people click on unknown links in emails and text messages. ParinPix/Shutterstock

Traditional approaches fall short

Organisations and governments have invested heavily in cyber security education programs to address human error. However, these programs have had mixed results at best.

This is partly because many programs take a technology-centric, one-size-fits-all approach. They often focus on specific technical aspects, such as improving password hygiene or implementing multi-factor authentication. Yet, they don’t address the underlying psychological and behavioural issues that influence people’s actions.

The reality is that changing human behaviour is far more complex than simply providing information or mandating certain practices. This is especially true in the context of cyber security.

Public health campaigns such as the “Slip, Slop, Slap” sun safety initiative in Australia and New Zealand illustrate what works.

Since this campaign started four decades ago, melanoma cases in both countries have fallen significantly. Behavioural change requires ongoing investment into promoting awareness.

The same principle applies to cyber security education. Just because people know best practices doesn’t mean they will consistently apply them – especially when faced with competing priorities or time pressures.

New laws fall short

The Australian government’s proposed cyber security law focuses on several key areas, including:

  • combating ransomware attacks
  • enhancing information sharing between businesses and government agencies
  • strengthening data protection in critical infrastructure sectors, such as energy, transport and communications
  • expanding investigative powers for cyber incidents
  • introducing minimum security standards for smart devices.
Man wearing navy suit with patterned navy tie talking in parliament. Earlier this month the minister for cyber security Tony Burke introduced new cyber security laws. Mick Tsikas/AAP

These measures are crucial. However, like traditional cyber security education programs, they primarily address technical and procedural aspects of cyber security.

The United States is taking a different approach. Its Federal Cybersecurity Research and Development Strategic Plan includes “human-centred cybersecurity” as its first and most important priority.

The plan says

A greater emphasis is needed on human-centered approaches to cybersecurity where people’s needs, motivations, behaviours, and abilities are at the forefront of determining the design, operation, and security of information technology systems.

3 rules for human-centric cyber security

So, how can we adequately address the issue of human error in cyber security? Here are three key strategies based on the latest research.

  1. Minimise cognitive load. Cyber security practices should be designed to be as intuitive and effortless as possible. Training programs should focus on simplifying complex concepts and integrating security practices seamlessly into daily workflows.

  2. Foster a positive cyber security attitude. Instead of relying on fear tactics, education should emphasise the positive outcomes of good cyber security practices. This approach can help motivate people to improve their cyber security behaviours.

  3. Adopt a long-term perspective. Changing attitudes and behaviours is not a single event but a continuous process. Cyber security education should be ongoing, with regular updates to address evolving threats.

Ultimately, creating a truly secure digital environment requires a holistic approach. It needs to combine robust technology, sound policies, and, most importantly, ensuring people are well-educated and security conscious.

If we can better understand what’s behind human error, we can design more effective training programs and security practices that work with, rather than against, human nature.

Authors: Jongkil Jay Jeong, Senior Research Fellow in the School of Computing and Information System, The University of Melbourne

Read more https://theconversation.com/human-error-is-the-weakest-link-in-the-cyber-security-chain-here-are-3-ways-to-fix-it-241459

Chatswood Tutoring And Its Role In Academic Achievement

Academic success often requires more than classroom attendance alone. Students face increasing expectations as they progress through school, particu...

Why Laser Hair Removal Treatments Continue Growing In Popularity

Managing unwanted hair can become time-consuming and frustrating for many people, especially when shaving, waxing, and other temporary methods requi...

Choosing the Right Devices for a Flexible Workplace

For IT leaders managing large fleets, the device layer is where workforce productivity and security policy meet. The shift towards flexible and hybrid...

How Business Advisory Services Help Companies Achieve Sustainable Growth

Every business owner aims to build a profitable and sustainable organisation. While dedication, innovation, and hard work are important, achieving l...

Why Body Contouring Has Become A Popular Cosmetic Treatment

Many people maintain healthy lifestyles through regular exercise and balanced eating habits but still struggle with stubborn areas of fat that are d...

How to Choose the Right POS Hardware for Your Business in Australia

A lot of Australian business owners spend weeks researching POS software but buy hardware almost as an afterthought. That's a mistake. The wrong har...

Why Material Handling Hose Is Critical for Industrial Efficiency

A high-performance material handling hose is an essential component in industries that transport abrasive, dry, or bulk materials on a daily basis...

How to Choose the Right Lawyer in Melbourne for Your Situation

Choosing legal support can feel difficult, especially when the stakes are personal or business-related. The right lawyer in Melbourne should underst...

Hoteliers Look to Clever Value Adds to Increase Revenue

The Australian hospitality industry is still in recovery mode after a notoriously rough patch in recent years. While there has been a post-COVID tra...

Moving to Queensland? Here’s How to Prep Your Car for the Big Move North

There’s no sign of the northern migration slowing down, with thousands of southerners fleeing from chaotic lifestyles and cooler climates for a brig...

Diesel Shortage to Impact Trades and Contractors

Strait of Hormuz blockage affecting all major parts of trades and construction Trades and construction across residential, commercial and industria...

Why Holiday Home Owners Turn to Rental Management Agents

The Allure — and the Reality — of Renting Out Your Property Owning a holiday home is a dream for many Australians. Whether it's a beachside sha...

Why Finding Reliable Doctors In Bundoora Is Important For Long-Term Health

Access to quality healthcare plays an important role in maintaining overall wellbeing and managing health concerns early. Trusted Doctors in Bundoor...

Understanding the Different Types of Car Services: Minor vs Major

When it comes to car maintenance, one of the most important things every vehicle owner should understand is the difference between a minor and a maj...

How Superannuation and TPD Insurance Work Together

Superannuation is an essential part of financial planning in Australia. It is designed to provide individuals with income during retirement, helping...

Tiny Towns funding granted for Mt Hotham and Mt Buller upgrades

Alpine Resorts Victoria (ARV) has welcomed funding support from the Victorian Government’s  Tiny Towns Fund, with both Mt Hotham and Mt Buller se...

Locksmith Services: Why Professional Security Solutions Matter More Than Ever

Security is a critical concern for homeowners, businesses, and vehicle owners alike. Whether it involves protecting a property, replacing damaged lo...

Why Tooth Fillings Are Important For Protecting Damaged Teeth

Cavities and minor tooth damage are common dental problems that can worsen if left untreated. Professional tooth fillings help restore damaged teeth, ...