Dealing with the weakest link in your cyber security - your users

Published on: 19 Oct 2021

Cyber security professionals are in higher demand than ever, and those with the right skills and experiences to build robust systems, manage networks and monitor environments for attacks have great options to advance their careers.

But security is about more than putting in place technical solutions. If you really want to keep your firm safe from cyber crime, you also need to think about another factor - your users.

According to Verizon's 2021 Data Breach Investigations Report, 85 per cent of incidents in the last 12 months involved a human element. This can be immensely frustrating for those in cyber security jobs, as it can often be the case that all their hard work is undone by one careless employee. So what can you do to defend against this?

The challenges caused by users

Even before Covid changed the way many of us work, human error was a leading cause of data breaches and other cyber security incidents. Now, with more of us working remotely, it's easier than ever for criminals to take advantage of careless users, or for errors to be made by employees working without direct supervision.

One of the biggest issues remains mistakes when working with IT systems, and this can lead to big problems. Just recently, for example, video streaming service Twitch suffered a breach that saw 100GB of user data posted online, including sensitive financial information. The cause of this was traced back to a human error made during a configuration change that left key data exposed.

However, it's not just errors by IT staff with direct access to sensitive systems you need to worry about. Some of the biggest problems can be caused when hackers deliberately target non-technical users via methods such as phishing to trick them into handing over data like login details. All it can take is one person to respond to a fake email and your business could have handed over the keys to all its data assets. 

Verizon's report noted more than a third of incidents (36 per cent) involve phishing, and these can be especially difficult for cyber security professionals to counter as a lot of the responsibility for protecting the firm lies on individual users.

The skills you need to mitigate user risks

The skills that professionals such as information security officers need to guard against human errors fall into two categories. First, there's understanding the technical solutions that can be put in place to mitigate your risks. These include automation tools and monitoring systems, for example, which can remove many of the manual processes that may lead to errors or look for any configuration mistakes.

Security engineers and architects who can build systems with strong access controls and safeguards to protect against issues such as malicious insiders are also hugely valuable to firms.

However, you'll also need 'softer' skills to address other user issues. For example, while a strong antimalware system can filter out some phishing emails, they will never be 100 per cent effective. Therefore, a strong understanding of human behavior is vital. 

Knowing how people think helps you develop messaging and training programmes you can use to better educate them on what to look out for, while good communications skills encourage information sharing and overall learning to help spot threats and reduce your overall risk. 

These may not be the most obvious skills for cyber security pros, but without them, you'll struggle to get the human factor under control.

Looking for a new challenge? Upload your CV and browse our range of cyber security jobs today.