Towards Enhanced Comprehension of Human Errors in Cybersecurity Attacks

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 778)


With the introduction of “Internet of things” devices are becoming smarter than ever, and the number of devices that are being connected to the internet is constantly increasing. These smart devices record the smallest changes in the surrounding environment, thereby providing massive quantities of data at the disposal of stakeholders for their perusal. Taking a cybersecurity perspective of these technological advances, the number of target points that can compromise organization data increases with higher connectivity and the probability of prospective security breaches in the system also increases. Also, advances in technology don’t always bring about the corresponding security advances that are needed to protect the modern systems. Organizations which are moving to the path of becoming more connected have to impart equal focus on increasing the reliance of their cybersecurity systems. The majority of security breaches are the result of human errors. For organizations to improve their cybersecurity and provide better training to their employees against cyber threats, they must research on understanding human errors, types of human errors, what makes them the main reason for the breaches and also ways to decrease their quantity. This paper provides a detailed research on the same and aims to help organizations better train their employees and establish better systems for fighting against cybersecurity attacks.


Cyber threats Cybersecurity Human errors Training Security breach Risks Policies 


  1. 1.
    Mittu, R., Lawless, W.F.: Human factors in cybersecurity and the role for AI. In: 2015 AAAI Spring Symposium Series (2015)Google Scholar
  2. 2.
    Ahmed, M., et al.: Human errors in information security. Int. J. 1(3) (2012)Google Scholar
  3. 3.
    IBM. IBM X-Force 2012 Trend and Risk Report. Tech. IBM, 22 April 2016.
  4. 4.
    Schultz, E.: The human factor in security. Comput. Secur. 24(6), 425–426 (2005)CrossRefGoogle Scholar
  5. 5.
    Kraemer, S., Carayon, P.: A human factors vulnerability evaluation method for computer and information security. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 47, no. 12. SAGE Publications (2003)CrossRefGoogle Scholar
  6. 6.
    Liginlal, D., Sim, I., Khansa, L.: How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management. Comput. Secur. 28(3), 215–228 (2009)CrossRefGoogle Scholar
  7. 7.
    Lewis, J.: Cyber terror: missing in action. Knowl. Technol. Policy 16(2), 34–41 (2003)CrossRefGoogle Scholar
  8. 8.
    Parsons, K., et al.: Human factors and information security: individual, culture and security environment (2010)Google Scholar
  9. 9.
    Anderson, R., Moore, T.: Information security: where computer science, economics and psychology meet. Philos. Trans. R. Soc. London A Math. Phys. Eng. Sci. 367(1898), 2717–2727 (2009)CrossRefGoogle Scholar
  10. 10.
    Greitzer, F.L., et al.: Analysis of unintentional insider threats deriving from social engineering exploits. In: 2014 IEEE Security and Privacy Workshops (SPW). IEEE (2014)Google Scholar
  11. 11.
    Carstens, D.S., et al.: Evaluation of the human impact of password authentication practices on information security. Inf. Sci. Int. J. Emerg. Transdisc. 7, 67–85 (2004)Google Scholar
  12. 12.
    Colwill, C.: Human factors in information security: the insider threat–who can you trust these days? Inf. Secur. Tech. Rep. 14(4), 186–196 (2009)CrossRefGoogle Scholar
  13. 13.
    Kraemer, S., Carayon, P., Clem, J.: Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput. Secur. 28(7), 509–520 (2009)CrossRefGoogle Scholar
  14. 14.
    Bowen, B.M., Devarajan, R., Stolfo, S.: Measuring the human factor of cyber security. In: 2011 IEEE International Conference on Technologies for Homeland Security (HST). IEEE (2011)Google Scholar
  15. 15.
    Stanton, J.M., et al.: Analysis of end user security behaviors. Comput. Secur. 24(2), 124–133 (2005)CrossRefGoogle Scholar
  16. 16.
    Rupere, T., Mary, M., Zanamwe, N.: Towards minimizing human factors in end-user information security. Int. J. Comput. Sci. Netw. Secur. 12(12), 159–167 (2012)Google Scholar
  17. 17.
    Adams, A., Sasse, M.A., Lunt, P.: Making passwords secure and usable. In: People and Computers XII, pp. 1–19. Springer, London (1997)Google Scholar
  18. 18.
    FEMA. Cyber Security Guidance. The Federal Emergency Management Agency, 22 April 2016Google Scholar
  19. 19.
    Wilson, M., Hash, J.: Building an Information Technology Security Awareness and Training Program, p. 50. NIST Special Publication 800 (2003)Google Scholar
  20. 20.
    Wilson, M., et al.: Information technology security training requirements: a role-and performance-based model. No. NIST-SP-800-16. National Institute of Standards and Technology Gaithersburg MD Computer Security Division (1998)Google Scholar
  21. 21.
    Kraemer, S., Carayon, P.: Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists. Appl. Ergon. 38(2), 143–154 (2007)CrossRefGoogle Scholar
  22. 22.
    Sharot, T.: Transcript of “The Optimism Bias” Tali Sharot: The Optimism Bias. TED, May 2012, 26 April 2016Google Scholar
  23. 23.
    Lancope: Cyber security incident response: are we as prepared as we think? Inf. Secur. 2013, 73–74 (2014)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Florida Institute of Technology150 West University BlvdMelbourneUSA

Personalised recommendations