When it comes to cybersecurity, ensuring software is up to date, data is backed up, and preventative measures like anti-virus software and firewalls are in place is helpful. But one essential ingredient to cybersafety is something less technical: human vigilance.
A new study from the Security Lancaster Institute at Lancaster University examined the role of human error and oversight in creating vulnerabilities to cyberattacks. Based on interviews with academics, consultants and security managers, the study's results demonstrated that most vulnerabilities were due to inattention related to "biases, gaps and limitations."
"These included, for example, a bias towards physical security and away from cybersecurity, and a bias towards denying insecurities to avoid embarrassment," the authors wrote.
Recently, a few high-profile cyberattacks or errors led to the loss of terabytes of data. When the WannaCry ransomware attack ravaged the globe in May, the impact was massive. The U.K.'s National Health Service and a prominent Spanish telecom were among the most prominent networks crippled as a result. However, Microsoft had released an update that addressed the vulnerability two months prior, meaning affected systems could have easily been insulated from WannaCry's devastating assault. [Want to better protect your business from cyberattacks? Check out our cybersecurity guide for small businesses.]
In another big-time error, a data-mining company hired by the Republican Party to gather information on American voters during the 2016 presidential election accidentally made its database public, revealing voters' dates of birth, home and mailing addresses, phone numbers, registered parties, racial demographics, and voter registration. This botched handling of personal information wasn't even the result of a cyberattack; it was merely a serious oversight that divulged data the subjects were likely unaware even existed.
In each of these headline-grabbing data catastrophes, human error and a lack of best practices – not a failure of technology – was to blame. In other words, the systems all worked properly while human users were asleep at the wheel. The good news, then, is that the cause of these errors is easily addressed by redoubling efforts and implementing a new set of rules to ensure those best practices do not lapse again.
"[This study] showed how readily vulnerabilities in attention could be ascribed to simple, general rules that were functional in an organizational setting," the authors wrote. "The focus should thus be on what is normal, in contrast to the typical technical focus on what is anomalous. This normality of vulnerability is similar to Vaughan's ideas about 'normalized deviance,' and suggests vulnerability often goes unnoticed."
Cybersecurity isn't just a matter of upgrading technology, but of placing vigilant guards in the watchtowers. With a coherent set of cybersecurity rules, up-to-date software and the watchful eye of careful administrators, you can rest assured that your network is safe.