Abstract
With the introduction of “Internet of things” devices are becoming smarter than ever, and the number of devices that are being connected to the internet is constantly increasing. These smart devices record the smallest changes in the surrounding environment, thereby providing massive quantities of data at the disposal of stakeholders for their perusal. Taking a cybersecurity perspective of these technological advances, the number of target points that can compromise organization data increases with higher connectivity and the probability of prospective security breaches in the system also increases. Also, advances in technology don’t always bring about the corresponding security advances that are needed to protect the modern systems. Organizations which are moving to the path of becoming more connected have to impart equal focus on increasing the reliance of their cybersecurity systems. The majority of security breaches are the result of human errors. For organizations to improve their cybersecurity and provide better training to their employees against cyber threats, they must research on understanding human errors, types of human errors, what makes them the main reason for the breaches and also ways to decrease their quantity. This paper provides a detailed research on the same and aims to help organizations better train their employees and establish better systems for fighting against cybersecurity attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mittu, R., Lawless, W.F.: Human factors in cybersecurity and the role for AI. In: 2015 AAAI Spring Symposium Series (2015)
Ahmed, M., et al.: Human errors in information security. Int. J. 1(3) (2012)
IBM. IBM X-Force 2012 Trend and Risk Report. Tech. IBM, 22 April 2016. https://www.ibm.com/ibm/files/I218646H25649F77/Risk_Report.pdf
Schultz, E.: The human factor in security. Comput. Secur. 24(6), 425–426 (2005)
Kraemer, S., Carayon, P.: A human factors vulnerability evaluation method for computer and information security. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 47, no. 12. SAGE Publications (2003)
Liginlal, D., Sim, I., Khansa, L.: How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management. Comput. Secur. 28(3), 215–228 (2009)
Lewis, J.: Cyber terror: missing in action. Knowl. Technol. Policy 16(2), 34–41 (2003)
Parsons, K., et al.: Human factors and information security: individual, culture and security environment (2010)
Anderson, R., Moore, T.: Information security: where computer science, economics and psychology meet. Philos. Trans. R. Soc. London A Math. Phys. Eng. Sci. 367(1898), 2717–2727 (2009)
Greitzer, F.L., et al.: Analysis of unintentional insider threats deriving from social engineering exploits. In: 2014 IEEE Security and Privacy Workshops (SPW). IEEE (2014)
Carstens, D.S., et al.: Evaluation of the human impact of password authentication practices on information security. Inf. Sci. Int. J. Emerg. Transdisc. 7, 67–85 (2004)
Colwill, C.: Human factors in information security: the insider threat–who can you trust these days? Inf. Secur. Tech. Rep. 14(4), 186–196 (2009)
Kraemer, S., Carayon, P., Clem, J.: Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput. Secur. 28(7), 509–520 (2009)
Bowen, B.M., Devarajan, R., Stolfo, S.: Measuring the human factor of cyber security. In: 2011 IEEE International Conference on Technologies for Homeland Security (HST). IEEE (2011)
Stanton, J.M., et al.: Analysis of end user security behaviors. Comput. Secur. 24(2), 124–133 (2005)
Rupere, T., Mary, M., Zanamwe, N.: Towards minimizing human factors in end-user information security. Int. J. Comput. Sci. Netw. Secur. 12(12), 159–167 (2012)
Adams, A., Sasse, M.A., Lunt, P.: Making passwords secure and usable. In: People and Computers XII, pp. 1–19. Springer, London (1997)
FEMA. Cyber Security Guidance. The Federal Emergency Management Agency, 22 April 2016
Wilson, M., Hash, J.: Building an Information Technology Security Awareness and Training Program, p. 50. NIST Special Publication 800 (2003)
Wilson, M., et al.: Information technology security training requirements: a role-and performance-based model. No. NIST-SP-800-16. National Institute of Standards and Technology Gaithersburg MD Computer Security Division (1998)
Kraemer, S., Carayon, P.: Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists. Appl. Ergon. 38(2), 143–154 (2007)
Sharot, T.: Transcript of “The Optimism Bias” Tali Sharot: The Optimism Bias. TED, May 2012, 26 April 2016
Lancope: Cyber security incident response: are we as prepared as we think? Inf. Secur. 2013, 73–74 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Algarni, M., Almesalm, S., Syed, M. (2019). Towards Enhanced Comprehension of Human Errors in Cybersecurity Attacks. In: Boring, R. (eds) Advances in Human Error, Reliability, Resilience, and Performance. AHFE 2018. Advances in Intelligent Systems and Computing, vol 778. Springer, Cham. https://doi.org/10.1007/978-3-319-94391-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-94391-6_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94390-9
Online ISBN: 978-3-319-94391-6
eBook Packages: EngineeringEngineering (R0)