The cyber blame game
Hackers recently breached MGM Resorts casinos in Las Vegas and telecoms giant AT&T suffered a cyberattack earlier this year. Alongside numerous other attacks on a variety of companies and businesses, it’s a growing issue that needs careful consideration.
Organisations have been urged to stop blaming employees for cyberattacks and instead focus on user-centric solutions that deal with the cause of human behaviour. Former CIEHF President Amanda Widdowson, Head of Human Factors Capability at Thales UK, highlighted the fact that scams are becoming increasingly sophisticated. She called for human factors to be designed into policies and processes from the start to minimise the chance of errors.
Writing on the Professional Security website, she said: “Despite the majority of cybersecurity breaches being attributed to human error, we can’t keep blaming employees. Instead, an organisation’s cybersecurity strategy must account for the risks posed by human and system vulnerabilities, including work design which prevents employees from thinking critically about potential threats, and the use of passwords, which are intrinsically weak, to protect sensitive data.
“When it comes to designing process and technology around people, there is a trade-off between usability and security. Humans are wired to find the easiest way to do their job and, if security procedures are too cumbersome or strict, they’ll find a workaround. Good practice takes human factors into account, including consulting the end user, imagining the user journey, and minimising the possibility for error.”
Also see our White Papers on Cyber Security Frameworks and the Role of Human Factors in Delivering Cyber Security