HUMAN FACTORS & ERGONOMICS
THE HUMAN FIREWALL By focusing on their behaviour, empowerment and support, organisations
can create its strongest defence against cybercrime, say Spencer Misstear and Neil Clark, Human Factors Specialists.
As today’s workforce goes increasingly mobile, and health and safety, building services and workplace technologies migrate to the cloud, the face of cybersecurity is ever changing. Our perimeters extend far beyond physical walls, raising many new challenges for the protection of assets and data. Yet one element remains constant; our people, the most valuable yet vulnerable aspect of our system.
More traditionally associated with the realms of compliance and processes, human factors expertise is now being applied by forward-thinking organisations to understand the online behaviour of its workforce and the new cyber vulnerabilities hackers are exploiting. While you wouldn’t typically link health and safety with cybersecurity, if an oil tanker is targeted and shut down by cybercriminals, suddenly health and safety and IT become critically interlinked.
To break into our businesses today, cybercriminals are turning to employees directly. Over 90% of reported cybersecurity incidences can be attributed to human behaviour within an organisation. Last year alone, phishing attacks (a social engineering attack often used to steal user data, including login credentials) on employees were up a staggering 400%.
There is a common misconception that in a system with ultra-advanced technology, the user’s importance/ status within the system is diminished. Not so in the world of cybersecurity. If a hacker can glean login details directly from an unassuming employee, they can sometimes hack into an organisation undetected for a matter of weeks or months.
Now capable of reaching employees not only on email, but directly over the phone or ‘vishing’,
38
cybercriminals use the ‘fear of missing out’ to coerce us into making knee-jerk decisions. A popular one is payday – contacting employees for private credentials to authorise salary payment – not a phone call many of us would question from ‘HR’, or so we think.
So, what can be done to mitigate evolving cyber risks in your organisation? Traditional approaches would be to use software systems to monitor employees’ online activity, e.g. if Louise is logging in at 2am on a Sunday, or from a different location or from multiple devices at once security measures should flag. But where companies are seeing the most success, is a more personalised approach to cyber training with workers directly.
While software programs are consistent, humans by our very nature are not. There is a common phrase that ‘to err is human’.
It implies that people can and will
fail; strong safety cultures and robust risk assessments recognise and allow for this. In the world of cyber security, this is not only a statement of fact, it is an opportunity that can be exploited – attack where the defences are weakest and that often means targeting the human. We could be travelling, tired, on a deadline, unwell or just preoccupied one day at work, and that is all the cybercriminal needs. Employees need the most up-to-date training on a regular basis to both inform and reinforce the importance of cyber-awareness.
Empowering and educating our workforce to take ownership of cybersecurity is vital. After all, our foot soldiers are our greatest defence.
Download the ‘Cyberscurity: a Human Factors Dichotomy’ here.
www.ergonomics.org.uk www.tomorrowshs.com
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50
