A study on cyber security threats associated with human errors in organisations : exploring effective ways to mitigate such threats

Abstract

In today's digital world, cyber security has taken on a prominent role in safeguarding individuals and organisations against cyber threats, cyber attacks, and cyber crimes. Successful attacks that breach organisational cyber defences are on the rise, and the consequences of such breaches are causing organisations financial losses, legal and data protection violations, and reputational damage. When analysing the sources of these successful attacks, it is evident that a significant percentage of breaches originate from human error. This dissertation analyses human error in a general context and delves deeper into the specific errors in cyber security and their causes leading to cyber attacks. Theoretical models of human error, such as the Swiss Cheese Model and the Skill-Rule-Knowledge framework, were examined. These models demonstrate how flaws in an organisations defences can increase the risk of cyber attacks and how shortcuts in human cognition can lead to decision-making mistakes. The dissertation addresses two research questions: the first aims to identify typical human errors in real-life government institutions, and the second seeks to determine the best strategies to reduce the risk of attacks, as well as to detect, respond to, and recover from them. Using three sources of secondary data as evidence, the study identified a set of human errors related to cyber security and explored mitigation measures through the application of a cyber security framework. As part of the study, an extensive mapping exercise was conducted between the identified human errors and the recommendations offered by the selected cyber security framework. The findings demonstrate that organisations can systematically mitigate cyber security threats by adopting these blueprints, guidelines, and recommendations.