The Human Element: Cybersecurity's Greatest Vulnerability and Strongest Asset
Aaron Perkins, M.S., CISSP
Futurist Bringing Human-Centric Strategies to Technology
Dear ONE Community,
In our journey to explore the intersection of technology and human connection, I want to address a critical aspect of cybersecurity that often is just accepted as a risk we can do nothing about: the human element. It’s no secret that our digital world is complex, and while we’ve known for years that our greatest vulnerability is ourselves – that same human element is also our most powerful asset.
The Human Factor: A Double-Edged Sword
The recently released 2024 Verizon Data Breach Investigation Report (DBIR) highlights a startling statistic: the human element was a component in 68% of breaches. This figure has remained relatively constant from the previous year, underscoring the persistent challenge we face in securing our digital environments.
But here's where it gets interesting:
“Errors have increased substantially this year.”?
The report shows that breaches involving errors have increased to 28%. This surge validates what many of us have suspected – human mistakes are far more prevalent than we often acknowledge or even consider.
“We can always count on people making mistakes.”
While 20% of users reported phishing in simulation engagements (a positive trend), the median time for users to fall for phishing emails is less than 60 seconds. This alarming statistic highlights the ongoing vulnerability of even well-intentioned individuals.
And this all begs the question, why? What is driving this increase in humans making mistakes? And more importantly, what can be done about it?
The Power of Human Connection in Reducing Cyber Risk
These statistics might seem discouraging at first glance, and let's be honest — they are rather discouraging. But I think this is a perfect opportunity to reframe the problem to view it as a powerful reminder of the importance of real, human connection in our digital age. Here's why:
Awareness Through Communication
By fostering open, honest communication within our organizations, we can create environments where errors are reported quickly and without fear, potentially mitigating their impact.
Collaborative Defense
Nine times out of ten, when you ask a military service member how they conjured up the bravery to fight their nation’s wars, you will often hear them say something similar to how I have responded to this same question over the years, “It’s not about bravery; it’s about the people to my left and right.”
Strong interpersonal relationships can lead to more effective teamwork in identifying and responding to threats. When people feel connected to their colleagues, they're more likely to share knowledge and support each other in their work, including maintaining the levels of security necessary to do their work most effectively.
Empathy-Driven Security
Understanding the human factors behind security breaches allows us to design more effective, user-friendly security measures. By putting ourselves in our users' shoes, we can create systems that work with human nature, not against it.
We often talk about mitigating cyber risk, but when it comes to humans — everyday people like you and me — I believe a more effective approach is one that activates the best parts of who we are and capitalizes on what we all need the most — authentic human connection.
A more effective approach is one that activates the best parts of who we are and capitalizes on what we all need the most — authentic human connection.
A Call to Action: Strengthening Our Human Firewall
As we move forward, I challenge each of you to consider how you can strengthen the human element in your cybersecurity efforts.
领英推荐
How Do You Strengthen the Human Element?
Invest in Relationships
The word “invest” was not chosen lightly here. Investing the one thing you can never get more of — time — in building genuine connections with your colleagues, team members, and partners is the single best investment you can make. These relationships are the very foundation of a strong security culture.
Foster Open Communication
Promote, encourage, and create an environment where people feel safe sharing with others what is really going on in their lives. Do we want them to report security issues? Of course. Do we want to be sure they do not have a fear of reprisal if they do report those issues? Absolutely.
What is far more important, however, is establishing an environment where people are free to be human. We are all flawed and broken in one way or another, and the more that you normalize the struggle of the human experience in the workplace, the more employees will feel heard, seen, and understood.
We are all flawed and broken in one way or another, and the more that you normalize the struggle of the human experience in the workplace, the more employees will feel heard, seen, and understood.
Know what happens when you build an environment where people feel seen and heard by each other? We feel a stronger sense of connection with those people to our left and right, and we will do whatever is necessary to make sure our broken, flawed, ragtag band of misfits can take on whatever challenge is thrown at us.
Emphasize Continuous Learning
This is something most of us are doing already, but to truly make it effective, it must be done in the right environment. By intentionally creating an environment where people feel seen and heard, ongoing education, security awareness training, and even phishing simulations have a far more significant impact in reducing cyber risk.
Lead with Empathy
Life is hard. Just when you think things are going well, something will come out of left field that you never anticipated and knock you off your game.
As leaders, it is our responsibility to model the behavior we want to see. Leading with empathy — putting ourselves in our co-workers’ shoes — is the single best way to do that.
As leaders, it is our responsibility to model the behavior we want to see.
And if we want our co-workers and employees to use the superpower of vulnerability we all possess , we must be willing to also be vulnerable to them.
Keep reading below... ??
Remember, in the world of cybersecurity, we're not just protecting data and systems – we're protecting people. By intentionally focusing on the human element and fostering strong connections, we can turn our greatest vulnerability into our most powerful asset.
I'd love to hear your thoughts on this. How have you seen human connections impact cybersecurity in your organization? What strategies have you found effective in building a strong "human firewall"?
Let's continue this important conversation and work together to create a more secure, connected digital world.
Best regards,
Aaron Perkins