Human Error – How training leads to Behavioural Changes

Cybersecurity policies have a very important purpose – to encourage safe practices and avoid errors leading to security incidents. But even with the most thoughtfully designedsecurity policy, most employees will still fail to comply with expected behaviors.

In this post, I’ll unpack the common human errors leading to security incidents and present an effective strategy for ending insecure employee habits once and for all.

The Role of Human Errors in Data Breaches

Most cyber security incidents share one commonality – employee error. Verizon’s 2021 DBIR report estimates that human errors caused 85% of cybersecurity breaches, and according to the latest data breach report by the Office of the Australian Information Commissioner (OAIC), data breaches caused by human error have increased by 43%.

Data breaches caused by human error aren’t just getting more common; they’re also getting a lot more expensive.

IBM’s latest data breach damage cost estimates have reached a record high of AUD$5.3 million. Because human error is so prevalent, each business is likely to suffer multiple breaches, and at such a price tag, it won’t take long before most SMEs are forced out of business.

The Top 3 Most Common Human Errors Leading to Data Breaches

The first step towards addressing the issue of human error is to be aware of the types of behavior leading to security incidents. The three most common are listed below

1. Misdelivered Emails

Misdirecting an email with sensitive information is probably the most embarrassing type of data because human error is entirely at fault. According to Verizon’s 2021 DBIR report, it is the most common type of error to cause a breach.

2. Simple Passwords

61% of data breaches are caused by compromised user credentials, not through theft, but password cracking methods. Most employees choose passwords as simple as “admin1234” or even just “password.”

A password containing a four-letter word followed by a four-digit number could be cracked with brute-force methods in under 1 minute.

3. Password Recycle

Another prevalent password-related error is password reuse. The growing number of data breaches means that most user accounts have already been compromised, and stolen data is usually shared amongst cybercriminals on the dark web. So even a highly complex can easily comprise if it was involved in a previous data breach.

LastPass’ 2021 Psychology of Passwords Report estimated that 71% of Australians mostly use the same password variation.

Why Cybersecurity Awareness Training is the Answer to Best Security Practices

Strong security policies and verbal instructions fail to prevent human errors because they’re usually poorly designed and difficult to recall. Even well-designed security policies are ineffective because, at best, they just address the prerequisites of a solution.

Positive cybersecurity habits are only developed when foundational knowledge is accompanied by targeted cybersecurity awareness training. Cybersecurity awareness training doesn‘t just help employees visualise the implications of their actions; it also offers a feedback loop to solidify new knowledge and embed a new set of secure behaviours.

PhishNet Can Help You Encourage Positive Cybersecurity Behaviour

PhishNet offers best-in-class cybersecurity awareness training that addresses the most common employee errors facilitating security incidents. By combining foundational cyber threat knowledge with practical, fun and engaging training PhishNet can help you build sound employee habits to prevent breaches.

To learn more about cybersecurity awareness training contact us today.