With news headlines regularly announcing a new data breach, one wonders whether hackers are becoming more skilled and bolder, or whether organisations are not taking the security of the information they process seriously. Unfortunately, what businesses may not realise is that often there is a far more critical cause of vulnerabilities within their organisation, that being the human factor, says Drew van Vuuren, Data Protection Officer at ESET South Africa.
Often, negligence or a lack of appropriate processes, policies and procedures or the application of these is what results in a data breach. The lack of vigilance by users is what normally leads to these errors.
A brief overview of the sorts of errors users tend to make, points to such basic conditions like; emails being sent to the wrong people, lost, stolen or inadequately disposed of paperwork; web sites being incorrectly configured or secured as well as the loss or theft of unencrypted devices.
All too often the CEOs confronted with cyber-attacks tend to worry about possible weaknesses in their technological defences, when it is becoming more and more apparent that the source of most data leakages can be prevented through the continued education and vigilance of the users of these self-same information systems.
Business should rather consider taking a hard look at the people inside their organisation and consider investing more time and resources in educating and training their staff.
Organisations need to understand that the threat of a data compromise is very real and therefore, it is essential that they cultivate a security culture and instil a sense of responsibility throughout the organisations so that staff are aware of the pitfalls of not being vigilant.
The human factor is often ignored, and yet it is a critical element in building a strong security defence of corporate information systems. Investment in enterprise security solutions can only go so far in increasing the security posture of the organisation, what is a critically more important component in building this defence is identifying and understanding the constantly evolving sources of security incidents, which although may vary across businesses, often point to the complacency, or lack of education of the userbase at that organisation.
Computers don’t create crimes – incorrect usage by humans of those computers do.