Many, if not most, of our human mistakes are due to a lack of self-awareness.
Those who are not self-aware tend to view external forces as the culprit for our shortcomings rather than how we may create situations that make us vulnerable. Developing maturity involves accepting that changing how we operate and interact with things external to ourselves can lead to better outcomes. Once that happens, all challenges seem much easier to overcome.
This, of course, also works with organizations and certainly regarding cybersecurity challenges.
In a previous posting, we spoke of how a lack of cybersecurity asset awareness can lead to data exposure (https://www.arcticsecurity.com/resources/lack-of-cybersecurity-asset-awareness-leads-to-hidden-data-exposure). Databases that should be private are frequently exposed. We spoke of how the issues that arise can be based entirely on a lack of awareness of issues or simply because while they may be aware that there may indeed be issues, they don’t care. Awareness issues can be fixed fairly easily, but not caring is not as easy to fix, and it is often the biggest reason for human error.
How Improving Awareness Reduces Cybersecurity Risks
A recent article in Forbes titled “Splunk Report Highlights The Cost of Human Error”(https://www.forbes.com/sites/tonybradley/2024/06/26/splunk-report-highlights-the-cost-of-human-error/) went into some detail about how human error is the leading cause of downtime related to cybersecurity issues. According to the article, 56% of the cases are due to human error. Again, this is ultimately due to a lack of awareness.
Organizations need to be aware of configuration errors and mistakes that can lead to cybersecurity attacks and internal and external forces that can mount the attacks. Additionally, organizations need to be aware of human errors arising from a lack of awareness and people needing to care more.
This highlights the need for the organization to understand why employees may not care or are making mistakes. Are they too overloaded and give up on caring about certain things? Is it a lack of training? Is it a lack of empowerment? These are important organizational awareness questions to ponder.
Addressing Human Error in Cybersecurity
The Forbes article suggests that automation and AI may be a viable solution. While automated systems are a useful way to help curb human error, it is important to understand that it still takes continual awareness at a human level to monitor such systems for effectiveness and also know what changes need to be made to ensure that they remain effective as the security landscape evolves.
Integrating Awareness into Cybersecurity Practices
We discuss this topic because as we continue to develop early warning systems for cybersecurity, we see how a significant part of cybersecurity is about providing rapid warnings about human mistakes. A typical scenario is that someone in the organization changes a configuration setting, exposing an important and potentially vulnerable service or a management interface to the Internet. However, they didn’t realize their change had wider repercussions and perhaps didn’t care enough to investigate.
When security teams using Arctic EWS receive warnings about such issues, a palpable frustration often arises because the problem could have been prevented with a little more consideration of the change's effects. True organizational awareness combines human and digital self-awareness, a continuous effort that, once implemented effectively, simplifies maintaining operational security.