Humans are largely the problem in cyber security failures

October 31, 2014 by Robyn Mills

When people think about cyber and information security they often think about anti-virus software and firewalls; however, according to an information security expert from the University of Adelaide, organisations would become a lot more secure if employers invested in more security-related training for staff.

Dr Malcolm Pattison says until recently, research into (electronic and physical data security) focused on computers, , and policies, and while these are important, the human aspect was largely overlooked.

"While high-quality hardware and software plays a critical role in the security of an organisation, there is now a growing body of research that suggests the behaviours of computer users can be one of the biggest threats to an organisation's information security," says Dr Pattinson, a research fellow in the University of Adelaide's Business School.

"For example, the best password processed by the most sophisticated software, using the latest in computer facilities becomes useless when the password is written on a sticky note and stuck on a monitor for easy access.

"Humans are a major problem. What we think, what we know, what we do, how we do it and why we do it are perhaps the key to attaining and maintaining an acceptable level of information and cyber security in an organisation," he says.

Dr Pattinson says don't just happen at computers - staff also need to be conscious of storage and disposal of physical documents.

"Information security usually refers to digital data security; however, it also refers to physical data security," Dr Pattinson says.

"Many organisations provide secure bins for confidential documents to be shredded but it's still up to individuals to dispose of material correctly."

Dr Pattinson says the good news is that staff training can be a lot more affordable than purchasing the latest hardware and software, and there are a few key behavioural changes that would make an organisation considerably more secure.

"Training could be facilitated in a cost-effective manner," he says. "Better knowledge about the policies and procedures surrounding information security will positively influence people's attitudes and in turn, improve their behaviour.

"Small changes like locking a computer when someone leaves their desk; not using public wifi on work computers and mobile devices; keeping passwords secret; correctly disposing of documents; and reporting any unidentifiable visitors can lead to a safer workplace," he says.

Dr Pattinson is a member of the Human Aspects of Cyber Security research group, which is a collaboration between the University of Adelaide's Business School and the Defence, Science & Technology Organisation (DSTO).

Explore further: How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone

Related Stories

Samsung phones cleared for US government use

October 21, 2014

Samsung Electronics Co. said Tuesday some of its Galaxy mobile devices were approved by the National Security Agency for use with classified U.S. government networks and data, a boost to the company's efforts to expand in ...

Georgia Tech releases 2015 Emerging Cyber Threats Report

October 29, 2014

In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspace ...

Simple passwords key to celebrity iCloud hacking

September 3, 2014

Cyber-security expert Gerome Billois explains how a "targeted attack" on some iCloud accounts—the Apple online service that stores all types of content—led to the release of nude celebrity photos.

Recommended for you

Making it easier to collaborate on code

October 26, 2016

Git is an open-source system with a polarizing reputation among programmers. It's a powerful tool to help developers track changes to code, but many view it as prohibitively difficult to use.

Dutch unveil giant vacuum to clean outside air

October 25, 2016

Dutch inventors Tuesday unveiled what they called the world's first giant outside air vacuum cleaner—a large purifying system intended to filter out toxic tiny particles from the atmosphere surrounding the machine.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.