The Point | Cybersecurity Blog for Defendify

Human Error: It’s Not “An I.T. Thing”

Written by Defendify | September 07, 2017

First, it was HBO and now it's Time Warner Cable. These are just a couple of household names we’ve seen in the news lately experiencing issues with data leaks and breaches. We’re talking about industry titans with droves of I.T. personnel and high-grade security measures in place. 

How in the world are these kinds of companies exposing data?

  • Vanity Fair sums up the HBO leak in an article titled, Whoops! The Latest Game of Thrones Leaker Is HBO Itself. Basically, HBO’s Spain group accidentally leaked the highly anticipated season finale episode of Game of Thrones by making it “available on-demand to its Spanish subscribers several days early.”
  • Gizmodo reports Time Warner Cable left 4 million customer records open on Amazon Servers, essentially making the information available to anyone who knew where to look. We’re talking about usernames, email addresses, billing information, and more. It’s not that the servers weren’t protected, they were simply misconfigured.

The culprit? Human error.

IBM has been talking about it since at least 2014 when they claimed 95 percent of all security incidents involve human error, discussed in a great article by SecurityIntelligence, The Role of Human Error in Successful Security Attacks (we think it’s worth a quick read!).

All it takes is a simple oversight, a missed configuration, or a misconfiguration, and the entire organization and its customers can potentially be put at risk.

The reality is we face major challenges that are not borne of I.T. and not just solved by I.T.

Business leaders are learning quickly—and sometimes the hard way—that there is a critical human element to cybersecurity that cannot be ignored nor can be resolved by a simple technology fix. That's why it's so important to:

  • Build a top-down culture of cybersecurity that takes the people in our organizations from the weakest link to the strongest defender.
  • Establish a strong framework of simple, clearly defined policies and plans to educate our defenders on and act upon in times of need.
  • Work dilligently to instill a mindset of alertness and continuous improvement through audits, testing, and ongoing education.

The more aware and proactive every single person in and around the organization is—executives, employees, partners, and vendors alike—the less chance of a misstep or missed step. It, not just I.T., can be the difference between what that next newspaper headline reads for your organization.

Stay Safe,
Your Friends @ Defendify

Subscribe to the Defendify Blog: Cybersecurity in 60 Seconds
View full post