The human factor in cybersecurity

According to Verizon, the human factor is less about deliberate criminal actions of insiders and more about innocent mistakes made by employees who don’t abide by basic security standards or fall for email scams that lead to compromised links.

Some of the most common incidents that involve the human factor in cybersecurity include phishing, insufficient password management, poor network management, outdated software use, inadequate software maintenance, and an overall lack of security awareness and training when it comes to operational security measures.

The truth is that ignoring the potential for human error could be costly. In 2022, one cyberattack led to stolen customer data, which was held at ransom for $9.7 million. Before legal fees and customer compensation, this security breach cost the organization between $25 and $35 million. Incidents like this one are becoming increasingly common.

Cybercrimes can cost more than money, too. Data can be lost, and customer relationships, partner loyalty, and industry reputation can be damaged, leading to serious financial repercussions.

Thinking strategically about the potential for human error is critical, and doing so can improve an organization’s cyber resilience. Security leaders should advocate that organizations adopt and apply appropriate measures and take advantage of technologies to monitor and identify improper actions.

The concept of security awareness focuses on taking things more slowly, thinking holistically, and being acutely aware of work-related behavior and its potential impact on the organization.

Distractions are often a leading cause of cybersecurity breaches: The more tasks employees are juggling, the more likely they are to click on a compromised email, lose a laptop, or fall victim to a scammer. Security awareness can help reduce disorganization, strengthen best practices, and minimize risk.

Security measures must be considered across all business decisions, not just overt security matters.

Consider an executive who wants to communicate with the board of directors more easily. To address this business concern, the executive downloads a new app where quarterly reports can be uploaded – but this platform is not security approved.

The result? The organization’s quarterly reports now live in an unsecure, publicly accessible realm, which opens the door to risks and threats.

In this instance, the leader was thinking about the immediate business impact of more easily getting quarterly reports into the right hands. In future cases, taking a more security-aware and holistic approach can help safeguard sensitive company data.

1. Implement safeguards

Security leaders can take proactive measures to support their teams and foster a culture of security awareness.

• Contact the IT team to gather historical scenarios that can inform next steps
• Create and manage standard playbooks via the ServiceNow platform that become part of onboarding for all employees
• Apply verification controls and network monitoring with ServiceNow solutions to curb incident occurrence

2. Apply early detection measures

Getting ahead of security incidents helps mitigate risk – and potential damage to the organization. ServiceNow automated workflows and escalation can help organizations:

• Detect threats as soon as they happen to minimize fallout
• Train employees to identify and report suspicious activity
• Use data to determine areas of high vulnerability and apply risk prioritization

3. Strengthen incident response

The right protocols can help employees take action faster. ServiceNow security operations (SecOps) solutions can help security teams:

• Provide communication channels so team members can quickly report potential security incidents
• Establish and enact policies that outline post-threat security measures

4. Implement DevSecOps

Development security operations (DevSecOps) puts security at the center of application development and deployment.

• Encourage all employees to take ownership of security
• Codify and automate ServiceNow solutions for a more frictionless DevSecOps adoption

5. Streamline data to a single platform

Data transfers can increase the potential for error. Using a single access-controlled system like the ServiceNow platform can help support:

• Real-time data accuracy
• Confident reporting
• Regulatory compliance
• Simplified management
• Fewer human errors

6. Stay ahead of insider threats

Implementation specialists can help facilitate preemptive security measures on the ServiceNow platform. Functions include:

• Integrating with tools that track internal activity and offer incident response playbooks in case of a malicious actor
• Using frameworks that track various types of human threats and allocate resources accordingly

7. Prepare your team

Most employees don’t want to incite security risks. The reality is that humans make mistakes, including:

• Walking away from a desk without locking the computer
• Choosing a password that anyone could guess
• Losing a set of keys with a company key fob

The ServiceNow platform can help security leaders identify, document, and communicate a response plan. The best ways to deal with these issues when they occur include:

• Having a response plan in place
• Helping employees know how to act quickly
• Providing continual education for employees

To mitigate the risks of the human factor in cybersecurity, reaching out to a trusted adviser with experience handling security risk in the workplace is a smart decision.

Crowe can help your team get aligned with best practices and develop a customized plan. As a ServiceNow Elite Partner, we specialize in implementation support specific to security operations.

Our team is ready to help you get the most out of your ServiceNow investment so you can tackle cybersecurity with confidence.