Human Error & Cyber Incidents

Human Error & Cyber Crime

Almost all cybercrime is preventable. When most people hear “cybercrime” they think of incredibly advanced hacks and unpreventable viruses taking over people's computers, however, this is not what most of cyber crime is. Cybercrime is most commonly phishing scams and identity theft. Nearly 90% of cyber crime is caused by human error. 

This number does not stand by itself; Studies from Stanford and Verizon agree that humans play a large role in cybercrime. And, IBM recorded 95% of cybercrime is due to human error. Cyber crime is undoubtedly being caused by humans and is frequently caused by employees clicking links, having weak passwords, and poor privacy settings. This industry is huge. Cybercrime caused 8.25 trillion dollars in damages to companies in 2023 alone and is  projected to do nothing but grow. This is a real problem and a really big one that's affecting companies everyday. 

Uber’s 2022 data breach highlights the massive role human error plays in cybercrime. This incident wasn't caused by sophisticated hacking; instead, a hacker simply tricked an Uber contractor into sharing login credentials through a phishing attack. Then the attacker had access to key internal systems and compromised the data of 57 million drivers and customers. According to Uber’s SEC disclosure, this breach was possible because of a breakdown of an error by an employee. The employee simply fell for a phishing email by entering credentials in an unknown link. You get emails like these all the time.  

Uber’s Chief Information Security Officer admitted in a follow-up interview that, although Uber has advanced cybersecurity protocols, the human factor remains an Achilles' heel. This instance serves as an excellent reminder that companies need to train their employees to be wary of these attacks. 

Adaptive Security can play a key role here. Adaptive uses AI to generate phishing attacks exactly like the ones cybercriminals send. However, there is no risk in falling for an Adaptive phishing attempt. Instead, Adaptive will teach you why you fell for the attempt and how to avoid it in the future – all in a matter of minutes. Then employees can go back to their work with a better understanding of how to avoid these phishing attempts.

It isn't just Uber that has fallen for these attacks. In 2020, Marriot suffered from a data breach that was very preventable. This data breach stemmed from two employees who had weak password habits. Due to employees not having multi factor authentication turned on or using a password manager, attackers were able to access the sensitive information of 5.2 million customers. 

If Marriott had properly trained their employees and had a system to hold them accountable for their companies security, this could have been avoided. Marriott executives admitted this breach cemented the need for better cybersecurity. This breach was a serious financial detriment to the company. This year, Marriott was found guilty for not using adequate security protections and must pay 52 million dollars to settle the lawsuit. Marriott has acknowledged their lack of security and has agreed to enhance their protection against cybercrime. 

Adaptive Security Awareness Training

 Human error will continue to remain a security threat for companies, but with the proper training companies can significantly mitigate these attacks. With proper training phishing attempts can be easily spotted and strong password practices ensure the security of your account. To learn more about how Adaptive can help prevent your company from suffering a massive data breach look at our website here.