The importance of robust cybersecurity measures cannot be overstated. Cyberthreats pose risks to individual privacy, financial stability and national security.
Innovations, such as artificial intelligence (AI) and machine learning, have revolutionised the way we respond to cyberthreats through sophisticated anomaly and malware detection, as well as threat-hunting.
Advanced encryption techniques and multi-factor authentication have also strengthened the security of data transmission and access control.
These tools have made defence against cyberthreats more efficient than ever before.
Despite all this, attacks are growing.
The human element continues to be the weakest link.
No matter how sophisticated technological defences are, they can be undermined by human
error and unpredictable behaviour.
We are susceptible to social engineering tactics, such as phishing attacks, which exploit psychological manipulation to deceive individuals into divulging confidential information or performing actions that compromise security.
A report by IBM highlights that phishing remains strong, emphasising the critical role that individuals play in security.
Human error refers to unintentional actions or omissions by employees and users that result in, facilitate or permit a security breach to occur.
This encompasses a wide range of user behaviours, from downloading malware-infected files to using weak passwords, which makes it challenging to address.
The increasing complexity of work environments, with a growing number of tools and services used, leads employees to take shortcuts by relying on multiple usernames, passwords and other credentials.
Furthermore, the threat of cybercriminals employing social engineering tactics complicates the situation, as employees can inadvertently provide sensitive information or credentials to malicious actors without the
need for sophisticated cyberattacks.
Verizon's 2018 cybersecurity breach report identified misdelivery as a top-five contributing factor to security incidents.
Email users frequently relying on automated assistance like address auto-complete, inadvertently sharing sensitive data with unintended recipients, is a risk that companies must address.
The National Centre for Cyber Security's 2019 report said its findings indicate that "123456" continues to be one of the most used passwords globally, and 45 per cent of individuals reuse the same password on other online services.
The root cause of much human error in cybersecurity is the lack of user awareness and knowledge.
Uninformed employees are vulnerable to phishing scams and public network breaches that expose their credentials.
This deficiency in cybersecurity know-how is not the users' fault, but rather the responsibility of the organisation to address by ensuring its end-users possess the knowledge and capabilities to
protect themselves and the business.
Some strategies to mitigate human error include training to keep employees updated on threats and implementation of phishing simulations to test and improve employee vigilance.
It is also noteworthy that company culture plays a role in cultivating security awareness, and encouraging a security-first culture where employees feel responsible for their role in protecting organisational assets can lead to progress.
IBM noted that cybersecurity training and simulations were effective in reducing phishing attacks.
It emphasises that people can learn through experience, and activities based on simulated attacks and interactive training can improve employee response to real threats.
Although technology can assist in cybersecurity defence, irrational and unpredictable human behaviour necessitates a focus on boosting human awareness and vigilance.
Education and training, coupled with experiential activities like phishing simulations and interactive workshops, can bolster cybersecurity efforts.
The writer is assistant professor, School of Mathematical & Computer Sciences, Heriot-Watt University Malaysia