question

Running Head: Human Error in Cyber Security 1

BULLYING 6

Human Error in Cyber Security

Arij Johri

University Of Virginia

Introduction

Human error is a proponent at the center of multiple horrific events surrounding Cyber security. As we get more advanced as a civilization, technology becomes more secure and less prone to error. Human error on the other hand is extremely difficult to deal with as human nature intervenes. 

There’s not a single individual living who will never make mistakes. In reality, making mistakes is at the core the human civilization. It is how we develop and learn. However in cyber security, human mistakes are commonly overlooked. (Ahola, M, 2020)

According to a study by IBM, human mistake are the predominant cause of 95% of cyber security breaches. In other words, if human blunder was by one means or another dispensed with completely, 19 out of 20 cyber breaches may not have taken put at all. (Ahola, M, 2020)

Study's portray that businesses do have great reason to be stressed around employees contributing to cybersecurity dangers. Staff may make mistakes that put their company’s information or frameworks at danger, either since they are careless and accidently slip up or since they don't have the needed training to instruct them how to act fittingly and to secure the business they work for. (The Human Factor in IT Security, 2020)

Careless or ignorant staff, for illustration, are the second most likely cause of a genuine security breach, second to malware. In expansion, 46% of cybersecurity episodes within the last year, are caused by careless/ uniformed staff who contributed to the attacks face by the companies. (The Human Factor in IT Security, 2020)

Human mistake on the part of staff isn't the only ‘attack vector’ that businesses are falling victim to. Within the last year inner staff have moreover caused security issues through noxious activities of their own, with 30% of security occasions within the final 12 months allegedly including staff working against their own employers. (The Human Factor in IT Security, 2020)

Snapchat Security Incident

The incident of Snapchat’s security vulnerability from 2016 is one of the most well-known and well documented.

Snapchat in 2016 said it was just incomprehensibly sorry for a information breach uncovering payroll data of a few 700 current and previous workers. The cause was an assailant imitating to be the social media company’s CEO Evan Spiegel who deceived an representative into emailing over the data. (Times Employees Caused Damaging Data Breaches, 2020)

The Snapchat information wasn't stolen by a coding mastermind who hacked the company's servers utilizing a few obscure imperfection. Instead, it was stolen by an assailant who abused a much easier, more human vulnerability: belief. The aggressor imitating to be Snapchat chief official Evan Spiegel and deceived an representative into emailing over the data, highlights the emphasis on human error causing damage. (Peterson A,2019)

According to estimates, 700 current or previous employees had data including their names, Social Security numbers and wage information compromised within the assault, concurring to the Los Angeles Times. (Peterson A,2019)

The occurrence highlights one of the greatest challenges for companies battling to ensure delicate data: Even on the off chance that your specialized security is up to date, your individuals may let you down. (Peterson A,2019)

Impact on Organization

After the incident, the company apologized to its staffers after the phishing assault deceived the HR representative into giving over finance data. (Hern A,2016)

The company made a statement “Needless to say, we responded swiftly and aggressively. Within four hours of this incident, we confirmed that the phishing attack was an isolated incident and reported it to the FBI. We began sorting through which employees – current and past – may have been affected. And we have since contacted the affected employees and have offered them two years of free identity-theft insurance and monitoring.” (Hern A,2016)

The organization had damage limitations as none of Snapchat’s client information was given to the scammer. The only influenced parties are the employees, both current and previous, whose data was given over. (Hern A,2016)

Snapchat was fortunate within the grand scheme of things. Comparative tricks have gotten far more than a little sum of finance data: one company, Ubiquiti Systems, sent a installment of $46.7m in June after an spoof email was sent by its supposedly CEO, whereas the Financial Times reports that a total of $2bn has been lost to comparable tricks within the past two and a half years. (Hern A,2016)

According to the Guardian, Jonathan Sander, the VP of Product Strategy at security software providers Lieberman Software, said: “The fact that Snapchat got snagged with this shows that being young, cool, and high-tech doesn’t protect you from being a phishing target. (Hern A,2016)

According to the Guardian, when further asked about how an educated snapchat employee can fall prey to such a incident, he states “Bad guys are getting so good at phishing that they aren’t just fooling that older relative who calls a grandchild every time they need to print something. Even people born into the internet, apps and the cloud are clicking on bad links. That’s very good news for attackers, in case they were worried that millennials would put them out of the phishing business with their tech savvyness.” (Hern A,2016)

 

References

`. (n.d.). The Role of Human Error in Successful Cyber Security Breaches. Retrieved September 20, 2020, from https://blog.usecure.io/the-role-of-human-error-in-successful-cyber-security-breaches

The Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within. (n.d.). Retrieved September 20, 2020, from https://www.kaspersky.com/blog/the-human-factor-in-it-security/

7 Times Employees Caused Damaging Data Breaches. (2020, September 01). Retrieved September 20, 2020, from https://www.redteamsecure.com/blog/danger-ranks-7-times-employees-caused-data-breaches/

Peterson, A. (2019, April 08). The human problem at the heart of Snapchat's employee data breach. Retrieved September 20, 2020, from https://www.washingtonpost.com/news/the-switch/wp/2016/03/01/the-human-problem-at-the-heart-of-snapchats-employee-data-breach/

Hern, A. (2016, February 29). Snapchat leaks employee pay data after CEO email scam. Retrieved September 20, 2020, from https://www.theguardian.com/technology/2016/feb/29/snapchat-leaks-employee-data-ceo-scam-email