"Is Your Cybersecurity Strategy Falling Victim to These 6 Common Pitfalls?"
Research conducted by the National Institute of Standards and Technology (NIST) reveals misconceptions that can impact security professionals as well as offers potential solutions. A recent report by NIST computer scientist Julie Haney highlights a pervasive problem in computer security, which is that many security professionals harbor misconceptions about non-technical users of Information Technology (IT) that can increase the risk of cybersecurity breaches. These problems include inefficient communication with such users and insufficient incorporation of user feedback regarding the usability of security systems. According to Haney, cybersecurity specialists are knowledgeable, devoted people who offer a major service in cyber threat defense. However, while having the best of intentions, their community's reliance on technology to solve security problems may prevent them from appropriately considering the human factor, which plays a significant part in achieving effective, usable security. The human element encompasses the individual and social factors influencing security adoption, including perceptions of security tools. A security tool or strategy may be effective in theory, but the risk level can rise if users perceive it as an obstacle and attempt to evade it. Eighty-two percent of breaches in 2021 involved human error, and 53 percent of US government cyber incidents in 2020 resulted from employees violating acceptable usage policies or falling victim to email attacks. Haney's new paper, "Users Are Not Stupid: Six Cyber Security Pitfalls Overturned," aims to help the security and user communities work together in reducing cyber threats. This article continues to discuss the six pitfalls that threaten security professionals, along with potential solutions.
NIST reports "Is Your Cybersecurity Strategy Falling Victim to These 6 Common Pitfalls?"