Ackounting for Human Errer
Building skyscrapers. Composing symphonies. Walking on the moon. Humans prove all the time that we’re capable of truly incredible accomplishments.
But the same humans who can design buildings and puzzle out harmonies are also highly prone to error. Boredom, stress, distraction, and even hunger can all lead otherwise accomplished, skilled people to miss important things and make mistakes.
This goes double for data security, where complex systems and lengthy procedures lend themselves to more mistakes than we might like to admit.
Let’s explore how human error constitutes a surprisingly large percentage of data compromises. We’ll also dive into how anticipating mistakes — rather than insisting they won’t happen — can help your organization better prepare for the inevitable.
People aren’t robots — so why are we designing data security as if they are?
By and large, our security systems are designed to face threats from external sources. But that’s not always where the greatest danger lies.
According to Verizon’s 2021 Data Breach Investigations Report, “The human element continues to drive breaches.” Indeed, 82% of breaches that the report surveyed in 2021 involved human error, from phishing and credential misuse to simple mistakes.
When it comes to cloud security, the numbers aren’t much better. According to 2021 figures, 65% of cloud network security breaches occur as a result of user errors. And a Sophos survey found that 45% of ransomware incidents in 2020 could be attributed to successful phishing attacks where users made the mistake of downloading malicious email attachments or clicking suspicious links.
Nor is this a new situation. A 2015 study by CompTIA revealed that, although companies believed malware and malicious hacking were the top data security concerns, their own employees’ actions were the largest cause of security breaches even then. According to the study, human error accounted for 52% of the root causes of security breaches taken from a survey of over 700 businesses.
It’s pretty clear, then, that humans are not immune to making critical mistakes in the workplace. So why are we still designing security systems that rely on a complete absence of error?
Changing our mindset around mistakes
In part, experts say, it’s because our calculus around making mistakes is off in the first place. From the Dunning-Kruger effect, in which people with limited knowledge or competence overestimate their own abilities, to the planning fallacy, we often assume we won’t make errors when we will.
Even though research shows we’re likely to make mistakes in both overly simple and overly complex systems, we tend to be very bad at anticipating those mistakes. Or, as a presentation on human error in a major American healthcare system notes, “People cannot easily avoid those actions that they did not intend to perform in the first place.”
So, what can be done?
First, as the academic paper “Design Rules Based on Analyses of Human Error” suggests, mistakes can be designed for in computer systems. “People will make errors even in the best designed systems, even with the best of training and motivations,” the article states. When we can anticipate that users will make errors and build failsafes into our plans, it’s less likely that one of those errors will cause the entire system to grind to a halt.
To that end, it’s important to understand how distractions, stress, boredom, and other elements of human psychology contribute to mistakes. If a boring task can be automated, or if a stressful routine can be rethought, the chances for error will diminish.
“Understanding how stress impacts behavior is critical to improving cybersecurity," said Stanford professor Jeff Hancock in Tessian’s “The Psychology of Human Error” report, a broad 2020 survey of employees on stress and workplace disruptions. “[During the pandemic], people have had to deal with incredibly stressful situations and a lot of change. And when people are stressed, they tend to make mistakes.”
Lastly, it’s good to remember that there’s even a value in making mistakes. Stanley M. Gully, an associate professor at Rutgers University, has found that encouraging people to make mistakes in training sometimes worked better than teaching them to avoid them. “In most personal and business contexts, if you avoid the error, you avoid the learning process,” he explained.
We’ve got your back
Misconfigured storage bucket? Cloud provider outage? Mylar balloon hit a powerline? Whether your issue is coming from just down the hall or halfway across the world, our Microshard™ technology can help minimize the fallout of human error and maintain your business continuity.
Our three-step microsharding process desensitizes sensitive data for the cloud, rendering it unintelligible and of no value to unauthorized users. Microsharded data will remain confidential and protected — even if mistakes are made, buckets are misconfigured, or storage locations are exposed.
With its self-healing data, microsharding provides strong data resilience. It not only mitigates against the impact of human error; it also neutralizes the effects of cloud ransomware and helps maintain data integrity and availability.