Studies have shown that anywhere from 80% to 95% of cybersecurity breaches result from human error. But what constitutes “human error”? We would be remised to state that human error is really the consequence of bad cyber hygiene when looking at the top five common elements driving this statistic. They include, in no particular order:
1. Poor password management
2. Misconfigured devices
3. Lack of security awareness and training
4. Outdated and unauthorized use of software
5. Absence of strict access control capabilities
This behavior is analogous to the death statistics of heart disease and the fact that simply eating right and working out drastically changes these figures.
Human error includes human behavior, and if the thought of dying from heart disease doesn’t scare one into changing their behavior, then it’s ridiculous to think that cybersecurity challenges will be any different. This mindset leaves organizations to concede on some cyber threat fronts while implementing compensating controls on others to alleviate this challenge.
Cyber hygiene requires getting back to basics and being diligent about the implementation and continuous management of controls that directly align and mitigate the risk of human error. Most would consider these controls boring and tedious, but they are the foundation of a secure and resilient infrastructure. These basic or foundation controls are highlighted in numerous IT compliance mandates and best practice frameworks. Unknown to most is that integrity management functionality makes up, on average, 30% of all compliance and best practice framework controls.
