On January 13^th, the state of Hawaii went into a state of panic when they received an emergency text message telling them that a ballistic missile was incoming. It took 38 minutes before a follow-up message was sent telling people that the message was in error.  The governor of Hawaii later held a conference explaining that the message was sent in error. The exact cause cited was “human error.” This is not even the first time something like this happened. Human errors will continue to haunt our defensive strategies.

In today’s world where every communication is done over the Internet. “Going viral” is the norm for any emergency message. Society no longer needs to wait for people to make landline calls, read the newspaper, or watch television. These messages are available instantly on smartphones and mobile devices.

Human error is one of the biggest threats in cyber security.

In the last few years, insider threats are a major contributing factor towards large data breaches. Some of these threats are malicious while others are from sheer negligence. These threats are the most dangerous, because it happens from a trusted source. Because they are from a trusted source, these attacks also go unnoticed for months until millions of dollars in damages have already affected the business.

A recent report showed that 74% of organizations feel that they are vulnerable to insider threats. This is from several factors mainly due to the amount of privileges and permissions offered to the employee. It’s especially common in small businesses that implicitly trust employees with access to all documentation and segments across the network. Permissions must be on a “need to know” basis. The concept of least privilege. But, small business managers often give their employees unfettered access to the network. It’s also usually because small businesses require employees to perform several different tasks for their job description, which is usually more defined in a larger enterprise.

A few factors contribute to the ongoing issue of insider threats.

With unfettered access, employees can also hide their tracks easier. They know who would be looking for suspicious behavior, who would be watching for unusual changes to permissions or documentation, and how to hide any copies of data. This can add to the increased duration of data leaks, which sometimes happens for years after the initial breach.

Negligent actions can be more detrimental than malicious intent.

The recent ransomware attacks rely on human errors allowing the malware to initially install on a user’s computer.  After it’s installed on the user’s computer, the malware is then able to spread across the network using an exploit in the SMB protocol. Entire organizations went offline. In the year 2017, at least three major ransomware attacks crippled infrastructure and organizations in Poland, Ukraine, the UK, and the US. It showed that even the best outside protection cannot defend against one negligent action from an insider threat.

We mentioned that many insiders cover their tracks. One factor that allows these malicious attacks to happen is that employees are able to use another employee’s credentials to access the network. Many employees share credentials for convenience, but this can be a major issue when a good employee turns bad. They use other credentials to hide their own tracks. They can also use an open desktop when the employee walks away. This type of attack is even more difficult to detect. To defend against this type of attack, you can use GateKeeper to automatically lock a desktop when the user walks away. It virtually eliminates the possibility of an open desktop being the vector for this type of attack. Humans will inevitably cause errors in the cyber security defense plan.