Human Error in Cybersecurity

Shows a dolphin head, emerging from water, looking calm, and maybe smiling
Photo by Louan García on Unsplash
  • How did the fraudulent email even make it to the employee’s inbox? Where were the email security controls, and how effective were they?
  • What was the business process that assumed the employee needed email to do their job in the first place, or used email as a transport for documents and other attachments?
  • What was the organizational culture? Had it failed to invest in alternatives to email, or chosen to spend resources on things effective controls?
  • How good was that awareness training anyway?
  • How good was general onboarding processes, and education on how to use the technology?
  • How effective were the detection/monitoring controls?
  • Etc.
  • Etc.
  • Etc.
A white mountain goat, with short straight horns, standing on a hillside with taller mountains in the background
Photo by Ray Aucott on Unsplash

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Helen Patton

Helen Patton

Cyber Security, Technology Ethics, and Humanity. What else? I can be found at CISOHelen.com or on Twitter @CisoHelen