Civile.it
Civile.it
...
As more everyday objects, such as cars and even refrigerators, connect to the internet, new opportunities for cyberattacks open up. So, keeping our technology safe and secure is more important than ever.
As a cybersecurity student and summer intern at NIST, I’m learning firsthand about the role people play in cybersecurity.
You may think that most cybersecurity incidents result from technological errors, but this is a common misconception. As I conducted preliminary research for my internship as part of the Summer Undergraduate Research Fellowship (SURF), I was surprised to learn that human error accounts for more than 80% of cyberattacks
.
Human error can take various forms. Employees can ignore password requirements or create weak passwords. In other cases, staff members may accidentally put a system at risk, such as by clicking a link in a phishing email.
These examples illustrate the need to consider human factors, specifically how people think and operate, in cybersecurity. Despite the significance of human factors, many organizations fail to address
these issues when designing cybersecurity guidelines and procedures. As a result, they may miss opportunities to identify and prevent breaches.
This summer, I am interning at NIST’s NICE Program, which promotes cybersecurity education, training and workforce development. I am conducting a case study on human factors in cybersecurity. This involves reviewing various research publications on these incidents and analyzing the human factors that may have caused them.
Many organizations fail to consider human factors — such as employees ignoring password requirements — when designing cybersecurity guidelines and procedures.
To further narrow down my research, I’m emphasizing supervisory errors and their possible role.
For example, I’ve researched the 2011 attack by the hacker group Anonymous on the technology security company HBGary
. Top executives’ poor password management was among the issues that contributed to the attack. Soon after, the company’s security firm, HBGary Federal, went out of business.
NIST offers the NICE Workforce Framework for Cybersecurity (NICE Framework), a nationally recognized resource that organizations use to educate and train their employees and to help prevent cyber incidents like the one that happened at HBGary. Within the framework, there’s a defined role for managers, called the Program Management Work Role. This work role and others offer guidance on how managers can strengthen cybersecurity in their organizations.
I hope my research can be incorporated into the guidance for this work role. This would allow organizations to better educate their supervisors
on how to reduce avoidable human errors and create a more robust cybersecurity workforce. ...
...
