Simple human errors often cause cyber security breaches
A company leaking private data of millions of customers, or becoming a victim of cyber-attacks costing hundreds of thousands to millions of Euros has become an almost daily occurrence, in what seems to be highly sophisticated attacks. “When investigating these attacks more closely however, they are actually often not sophisticated, and neither are the vulnerabilities that lead to them,” says Tobias Fiebig, assistant professor at TPM and leading researcher.
The research shines a new light at the human mistakes that occur during the operation of large information systems, such as public online services or business-to-business applications. It shows how a multitude of factors facilitate the occurrence of simple human errors that can have dramatic security impact, and which are commonly present in companies across industries and of all sizes. The researchers also discover that these simple mistakes are a lot more prevalent than we like to believe.
In order to address the occurrence of these mistakes, the research team identified several techniques that companies can employ to tilt the scales in their favor, to not fall victim to cyber-attacks because of security misconfigurations that could have been prevented. The most crucial techniques that they identified are a truly blameless postmortem culture, implementing a four-eye principle, and establishing clear responsibility structures.
Find out more about how these techniques can help protect your company via the pre-print of the research paper: "Investigating System Operators’ Perspective on Security Misconfigurations." The final version of the paper will be available in October when it is presented at the ACM Conference on Computer and Communications Security (CCS), the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM).