In the context of cyber security, it is often said that people are the weakest link in any business-critical system. It is well documented that the human element will always be more vulnerable than the technological components of a business. But why is this?
After all, human beings have evolved to be pretty good at protecting themselves when they know there is a threat. They usually avoid the places in which they know there are dangers lurking. Moreover, if they must be in a dangerous place, they behave in a way that minimises risk and maximises protection.
Picture someone walking in an unfamiliar city centre at night. They need to go to a cashpoint to make a large cash withdrawal. There are two cash machines on the street. One is in an open space that is well lit, and the other is in a dark corner. The latter has a group of hooded youths hanging around it, smoking and spitting (as they do). Predictably, our protagonist would instinctively go to the ATM in the well-lit area to make the transaction. Whilst doing so, they would also make sure they shielded the wad of cash from view and act quickly.
They do this for three reasons. Firstly, they see and perceive the gang of youths as a potential threat. Secondly, they are alone, vulnerable, and know that they are soon going to have something that is valuable in their possession. Thirdly, they understand that the best way to minimise risk and avoid danger is to stay in the well-lit area, away from the gang, and to make the transaction quickly and carefully without drawing too much attention to themselves or the money. This, of course, all makes sense.
So, why is cybercrime continuing to grow through the targeting of people? When it comes to cyber security, people are vulnerable because they are not aware of the threats and threat actors. Furthermore, they are unable to predict exactly what criminals want or identify the places that conceal them. People often don’t understand the value of their information to criminals or how they can profit from it. Therefore, if the threat is invisible, and the assets not perceived to be valuable, a person’s instinct to protect themselves is not even triggered in the first place.
What Is The Answer?
We all walk around with devices that store more sensitive information about us than ever before, and yet we still don’t perceive it to be as valuable as it truly is. As a result, we don’t realise it is within the easy reach of criminals, nor do we do enough to shield it from their obscure intentions. We all need to treat our data in the same way we treat money.
The most effective way to slow down the continuous growth of cybercrime is to promote cyber awareness in the people it affects. Everyone!
Author: Matthew Protheroe-Hill on 6th March 2021