Reduce the [Human] Error

Human error is the main cause of 95% of cybersecurity breaches. Our global security, risk, and resilience practice strategist, Melissa Cohoe, shares three practical recommendations to prevent human error in your business.

Published:

We talk a lot about the technical elements of cybersecurity – from software vulnerabilities to DDOS attacks, but the data is in. Humans are the weakest link to any security program.

Over 74% of all breaches include a human element, and over 30% of incidents and breaches are the result of human forces internal to the organization – either deliberate or accidental. What's more, social engineering attacks remain lucrative for cybercriminals, with Business Email Compromise (BEC) having doubled.*

External bad actors, mostly organized crime acting on financial motives, are handled through robust cybersecurity, including vulnerability management and patching, security incidents and event monitoring, and reliability programs which help restore services during an outage or ransomware. The technical controls are easy, but dealing with cybersecurity threats from within requires a different approach.

Understanding the Problem

According to the 2022 Gartner Drivers of Secure Behavior Survey, 74% of employees would violate cybersecurity policies to meet or to help team members meet business objectives. 67% use the same password for different accounts, 61% have sent sensitive information unencrypted via email, and 93% acknowledge that these actions increase risk to the enterprise.

Increased speed and convenience and experiencing no adverse consequences for their actions are the most common reasons employees engage in insecure behavior.

In short, employees will prioritize business needs over protecting the organization. They will believe that the business's needs outweigh its potential risk and are making a conscious decision to do so.

Therefore, security awareness has succeeded – however, security diligence which is the presumed outcome of security awareness, did not.

Three Practical Recommendations to Prevent Human Error in Your Businesses

Here are three actions you can take today and over the following months to help you minimize the potential for human error.

Consider the Human Experience When Designing Security Controls

Security programs should be as frictionless as possible, making it easy for security controls to fade into the background of day-to-day work. Controls that are complex or difficult to navigate will invariably be circumvented or ignored, which can expose organizations to unnecessary risk. Security teams should work with their business partners to understand the organization's day-to-day reality and how to best interweave the security controls to decrease disruption. This allows security to be an enabler of business rather than a disabler.

Leveraging techniques, such as nudging techniques that use positive reinforcement to direct behavior and make the desired behavior the path of least resistance, is helpful here. So is using organizational change management.

Make it Easy for People to Admit When They've Screwed Up

This recommendation is good for organizations even beyond the security context because it creates a culture where people, including leaders, can admit when they've made a misstep, but in the security context, it pays literal dividends.  

In the case of BECs, these often result in a loss of funds for an organization, either through the purchase of gift cards or the transfer of funds. It is not always possible to recoup the funds lost in a BEC, but to have any opportunity to do so, speed is of the essence. Therefore an individual's willingness to speak up when they realize they have made a mistake is paramount.

This recommendation also supports people who may make quick decisions in favor of business objectives and then begin to feel the cold breeze of dread in the aftermath. Of course, we want people to always act in a secure manner – but when they haven't, we want them to admit it before the organization feels the ramifications.  

Use Artificial Intelligence & Data Analytics to Monitor Behavior

Artificial intelligence can be used to monitor behavior for deviation from baseline and alert security teams as necessary. Data analytics can help identify causal links between behavior and incidents and identify trends and event correlations, which can help inform security teams and enable better decision-making as to what works, what doesn't, and where organizations are most exposed. This can allow tuning of a Security by Design Culture to focus where the organization's security controls are least adhered to, to either redesign the controls or increase the training and focus upon them.

In Conclusion

Human behavior most influences an organization's cybersecurity posture. By leading with human-focused solutions when designing controls, creating a culture that allows individuals to speak up when they realize they have bypassed the controls, and using artificial intelligence and data analytics to identify deviation from baseline and links between behavior and incidents, organizations can begin to improve their stance, decreasing breaches and incidents and increasing employee engagement in the cybersecurity program.

Melissa is a seasoned strategist with deep expertise in integrating risk management and security operations solutions into successful digital transformation initiatives. Follow her on LinkedIn.  

Want to Learn More? Talk to an Expert
Contact Us

Reduce the [Human] Error

Human error is the main cause of 95% of cybersecurity breaches. Our global security, risk, and resilience practice strategist, Melissa Cohoe, shares three practical recommendations to prevent human error in your business.

Knowledge Wrap Video

The event provided a vibrant platform for reconnecting with peers, delving into AI transformation, and driving innovation with purpose. Read on to discover how NewRocket made its mark at Knowledge 2024.

What We Learned

From recent insights gathered, we learned that ServiceNow customers are increasingly receptive to adopting AI solutions and ServiceNow has the tools to embrace that head on. However, there's a gap in AI use-cases for more mature users, highlighting the need for a creative approach to accommodate their business needs.

In navigating AI adoption, organizations are challenged to find the delicate balance between embracing innovation and avoiding dependency on emerging technologies. Advisory consulting and trusted guidance beyond initial queries spark interest, particularly around AI's impact on operations. Read our AI blog series to learn more about our approach.

Excitement around GenAI is apparent, with most users eager to explore its potential benefits and invest in quick wins. Notably, advanced use cases like process mining are gaining traction. Key solution themes include interest in native mobile applications, Employee Center migration, and the urgent need for enhanced data capabilities.

Recognitions and Awards

ServiceNow Americas Employee Workflow Partner of the Year

The ServiceNow Americas Employee Workflow Partner of the Year award celebrates Partners' exceptional efforts in enhancing employee experiences through innovative collaborations and technology solutions. Learn More.

UK Public Sector Partner of the Year Award

The ServiceNow UK Public Sector Partner of the Year underscores  Partners' dedication to driving digital transformation and delivering exceptional outcomes for public sector organizations in the UK.

ServiceNow.org Partnership for Good Grant

The ServiceNow.org Partnership for Good Grant highlights Partners' commitment to leveraging technology for social impact and driving positive change in communities around the world. Learn More.

Top 10 Finalist for ServiceNow Best Employee Portal of the Year

ServiceNow's Best Employee Portal of the Year award recognizing Partners' dedication to creating innovative solutions that empower employees and enhance workplace experiences. Learn More.

NewRocket Booth

At ServiceNow's Knowledge 24 event, we connected with 350+ attendees at our booth, showcasing how NewRocket supports organizations on their ServiceNow journey. AI emerged as a key topic, reflecting the growing interest in its potential across businesses. Our strategic advisory approach, FlightPath, aligns technology with business objectives, drawing on our expertise in customer, employee, technology, and security transformation. Plus, we captivated attendees by transforming them into astronauts using AI. See the photo booth results here!

Workshops and Speaking Sessions

Beyond Personas: Developing Holistic Frameworks to Personalize User Solutions

Industry innovation: Consilio’s Transformation Journey on ServiceNow

Dive Into Prototyping to Accelerate Validation With Design Libraries

Make Better Business Decisions by Integrating Risk and Compliance

Participating in ServiceNow's Knowledge sessions and workshops this year was truly enriching. Interacting with customers and partners provided invaluable insights into the future state of ServiceNow and allowed us to have in-depth discussions on how we can collectively offer better experiences across various facets of the platform. From exploring advanced AI integrations to optimizing workflow processes, the conversations were not only enlightening but also inspiring, fueling our commitment to innovation and excellence in the ServiceNow ecosystem. We can't wait to see you next year!

NewRocket Party

Our poolside event at the Capri restaurant in Las Vegas provided a refreshing break from the conference hustle, allowing us to unwind and connect with friends, colleagues, partners, and customers in the cool open air. As the night progressed, we loved creating unforgettable memories and strengthening our bonds within the ServiceNow community.