One of the greatest challenges in security is dealing with the human factor, as the inventiveness of individuals often results in the acting in unexpected ways, and potentially exposing them and their employers to unnecessary risk, according to Security. While it’s not possible to eliminate all risks from these unpredicted actions, it is possible to take advantage of the way people think to reduce these threats.
Whether through working to remove unnecessary complexity from processes, or training people to expect slight inefficiencies as a necessary cost of security, systems can be redesigned to help promote compliance. Similarly, efforts can be made to limit access only to services or servers which are required for job duties, reducing the likelihood that someone within the company could accidentally or deliberately expose critical services or data. Regular reviews can also be held to discuss unexpected actions by individuals, to help identify root causes, or changing circumstances.
Just as importantly, work with people to develop both thorough education and testing processes – the more aware employees are of the risks, and the more regularly they’re tested for their understanding, the less likely they are to make the sort of mistake that will cause the cybersecurity team headaches.
Source:
https://www.securitymagazine.com/articles/96009-the-human-factor-in-cybersecurity
