Humans are largely the problem in cyber security failures

October 31, 2014 by Robyn Mills

When people think about cyber and information security they often think about anti-virus software and firewalls; however, according to an information security expert from the University of Adelaide, organisations would become a lot more secure if employers invested in more security-related training for staff.

Dr Malcolm Pattison says until recently, research into (electronic and physical data security) focused on computers, , and policies, and while these are important, the human aspect was largely overlooked.

"While high-quality hardware and software plays a critical role in the security of an organisation, there is now a growing body of research that suggests the behaviours of computer users can be one of the biggest threats to an organisation's information security," says Dr Pattinson, a research fellow in the University of Adelaide's Business School.

"For example, the best password processed by the most sophisticated software, using the latest in computer facilities becomes useless when the password is written on a sticky note and stuck on a monitor for easy access.

"Humans are a major problem. What we think, what we know, what we do, how we do it and why we do it are perhaps the key to attaining and maintaining an acceptable level of information and cyber security in an organisation," he says.

Dr Pattinson says don't just happen at computers - staff also need to be conscious of storage and disposal of physical documents.

"Information security usually refers to digital data security; however, it also refers to physical data security," Dr Pattinson says.

"Many organisations provide secure bins for confidential documents to be shredded but it's still up to individuals to dispose of material correctly."

Dr Pattinson says the good news is that staff training can be a lot more affordable than purchasing the latest hardware and software, and there are a few key behavioural changes that would make an organisation considerably more secure.

"Training could be facilitated in a cost-effective manner," he says. "Better knowledge about the policies and procedures surrounding information security will positively influence people's attitudes and in turn, improve their behaviour.

"Small changes like locking a computer when someone leaves their desk; not using public wifi on work computers and mobile devices; keeping passwords secret; correctly disposing of documents; and reporting any unidentifiable visitors can lead to a safer workplace," he says.

Dr Pattinson is a member of the Human Aspects of Cyber Security research group, which is a collaboration between the University of Adelaide's Business School and the Defence, Science & Technology Organisation (DSTO).

Explore further: Serious cyber-attack threat compounded by lack of individuals' online security

Related Stories

Simple passwords key to celebrity iCloud hacking

September 3, 2014

Cyber-security expert Gerome Billois explains how a "targeted attack" on some iCloud accounts—the Apple online service that stores all types of content—led to the release of nude celebrity photos.

Samsung phones cleared for US government use

October 21, 2014

Samsung Electronics Co. said Tuesday some of its Galaxy mobile devices were approved by the National Security Agency for use with classified U.S. government networks and data, a boost to the company's efforts to expand in ...

Georgia Tech releases 2015 Emerging Cyber Threats Report

October 29, 2014

In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspace ...

Recommended for you

Where can I buy a chair like that? This app will tell you

August 23, 2016

If you think you have a knack for interior design, or just want to spruce up your own home, new technology developed by Cornell researchers may help you choose furnishings the way professionals do. And professionals may find ...

Sponge creates steam using ambient sunlight

August 22, 2016

How do you boil water? Eschewing the traditional kettle and flame, MIT engineers have invented a bubble-wrapped, sponge-like device that soaks up natural sunlight and heats water to boiling temperatures, generating steam ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.