The end of 2020 was undoubtedly focused on the global COVID-19 pandemic, but another threat was highlighted in the year’s final weeks. The SolarWinds government cyber attack, where Russian hackers accessed at least 18,000 government and private networks through a sophisticated malware attack, stunned the country. However, not all cyber threats need to be so elaborate to wreak havoc. Especially today as we are managing life in a socially distanced world, cybersecurity exploiters prey on the human psyche to obtain sensitive information.
According to the GBG State of Digital Identity report, one in five people were affected by identity fraud or theft in 2020. Despite this alarming statistic, 84 percent of consumers are still willing to share personal information to save money or secure a deal with various retailers. The global pandemic only pushes this further. A U.K. Cyberchology: The Human Element of Cybersecurity report found a 63 percent increase in cybercrime since the March 2020 COVID-19 lockdowns were introduced.
“The vast majority of data breaches are from a criminal organization or bad actor that is leveraging your humanity—your goodwill, your fear, or your laziness—to prompt you to divulge sensitive information.”
—Michael Patton, IT leader and UW Cybersecurity instructor
Although this increase in cyber-related risks is discouraging, we have learned a lot from previous cyber attacks and identity fraud cases. Without question, human behavior is the main culprit behind IT security incidents. For example, this is seen in email phishing, which deceives and baits individuals to click on a malicious link or attachment, challenging our ability to tell the difference between a valid email and a potential threat. Additionally, 80 percent of companies consider other human factors—such as errors or leniency in login security—as the main cause of increased cybersecurity risk.
It is clear that cybersecurity cannot rely on technical solutions alone. Successful cybersecurity teams must also consider behavioral and psychological implications to mitigate risks.
The Human Role in Cybersecurity
Being human doesn’t need to be a cybersecurity blindspot. In most cases, hackers do not target systems, they target people. As a result, the best defense to such attacks is to make sure every single person—no matter their title or rank—in your organization is trained in spotting cybersecurity threats.
There is a hacker attempt every 39 seconds and cybercrime is predicted to cost $6 trillion globally in 2021—showing that this threat isn’t going away anytime soon. You are either prepared or you are compromised.
“Most data breaches have some element of human failure in them,” said Michael Patton, professional IT leader and instructor in the UW Cybersecurity and UW Applied Computing online degree programs, as well as a lecturer in the information systems department with the College of Business at UW-Oshkosh. “The vast majority of data breaches are from a criminal organization or bad actor that is leveraging your humanity—your goodwill, your fear, or your laziness—to prompt you to divulge sensitive information.”
Whether it is an email phishing attempt or coworkers who keep their passwords on a sticky note on their monitors, Michael advises that everyone within a workplace needs to be aware of their responsibility in keeping data safe.
Michael teaches the CYB 707: Cybersecurity Program Planning and Implementation course, where nearly every unit touches on the human role in cybersecurity.
“In the course, we talk about how from an evolutionary perspective, we as humans don’t quite understand cybersecurity risks very well,” Michael said. “Because of this, cybersecurity training is not something that you do at orientation and then you’re done. It has to be something that is constantly reinforced.”
Sharing internal cybersecurity lapses is one way to keep everyone in an organization plugged in to their humanness and to learn from mistakes. This helps colleagues become allies in a cybersecurity mission—creating a culture where everyone has an important role.
All in all, Michael concludes: “You need to approach cybersecurity with the mindset that people aren’t the problem, rather, people are the solution.”
Your Role in a Stronger Cybersecurity Future
Cybersecurity relies on people and technology. At the end of the day, we are all consumers. We want convenience, a good deal, and quick rewards. Finding the cybersecurity risks within those desires helps reduce weak points for organizations—and for the everyday person.
The 100% online UW Master of Science in Cybersecurity, specifically through its four tracks—digital forensics, cyber response, governance & leadership, and security architecture— equips graduates with the skills needed to identify, manage, and prepare for cybercrime from both a technical and behavioral angle. Learning from IT leaders like UW Cybersecurity instructors Michael Patton, Praneet Tiwari, and others, graduates of the program are ready to make meaningful impacts within their organizations.