Human error is endemic to data breaches. Process automation can minimize the risk.
By Gregory Hoffer, CEO, Coviant Software
Human error is the most common cause of a data breach, and it’s not even close. A 2020 study by Stanford University found that an astounding 88% of data breaches involved human error. Whether as a root cause or as a critical component in a chain of events, somewhere along the line a human being took an action or made a decision that put data at risk. Maybe it was sending private information to the wrong recipient; Someone uploaded unencrypted data onto a site that was publicly accessible, or perhaps an unencrypted laptop was left behind in a taxi or airport terminal.
Human errors leading to a data breach may start out with the best of intentions but unfold through unlikely circumstances. In 2006 a laptop computer was stolen during a break-in at the home of a Department of Veterans Affairs employee. The employee had taken the laptop home with the intention of working on their own time, but that device contained a large database filled with the unencrypted personally identifiable information (PII) of 26.5 million US veterans. What the burglar likely thought was a little more than an item that could be sold on the street for a few hundred dollars resulted in a data breach with mitigation cost estimates as high as as 500 million.
Simple Mistakes Can Undo Security
Combating human frailty and our proclivity toward making mistakes is a difficult task for CISOs charged with protecting their organizations’ systems and data. Collectively they have invested more than $ 162 billion dollars — projected to reach nearly $ 350 billion within five years — in cybersecurity tools, and still the most secure networks are routinely breached because of simple mistakes. Someone fell for a phishing scheme, misconfigured cloud services, failed to change a default password, or transferred sensitive data in the clear.
That is why more organizations are turning to cybersecurity strategies that recognize the importance of balancing security systems with secure systems; and that includes technologies built with security-enhancing process automation.
Less Drudgery, More Reliability
Automation takes repetitive drudgery out of the human equation, minimizing the risk that someone will make a costly mistake. Even the most reliable and conscientious employee can have a bad day. Maybe they are under the weather, lost sleep due to a sick child, or are quietly dealing with a troubling personal situation. They want to do the right thing, but a confluence of circumstances causes them to forget a step in the process, or they fail to notice a typo. This happens all too often in the common task of file transfers. And maybe nine times out of ten the mistake is caught or has no meaningful impact. But the tenth time, if a batch of files containing financial PII or protected health information (PHI) is compromised it could mean your organization runs afoul of regulations like GDPR or HIPAA.
Automations baked into products used for tasks like managed file transfer provide assurance that addressees are accurate, that encryption is applied before a transfer is executed — or when incoming files are received. These are simple steps that, when attended to faithfully, keep data secure. And if something goes wrong elsewhere, documentation automation can provide required proof of compliance when auditors check-in.
Fewer Bad Days Through Automation
Process automation doesn’t have bad days. They don’t get fatigued. They don’t call in sick or leave your company unannounced, requiring that you start the process all over and train someone new. Process automation is not a security tool, but they do complement your investments in security and it can play a vital role in keeping data safe.
According to the 2021 Cost of a Data Breach report conducted by the respected Ponemon Institute, the average data breach will cost a company $ 4.24 million dollars. For a small or medium-sized business, that could be a crippling financial blow. Rather than trying to do it yourself, products that include security-enhancing automation can save a lot of time and trouble.
About the Author
Gregory Hoffer is CEO of Coviant Software, maker of the secure, managed file transfer platform Diplomat MFT. Greg’s career spans two decades of successful organizational leadership and award-winning product development. He was instrumental in establishing ground-breaking technology partnerships that helped accomplish Federal Information Processing Standards (FIPS), the DMZ Gateway, OpenPGP, and other essential features for protecting large files and data in transit.
FAIR USE NOTICE: Under the “fair use” act, another author may make limited use of the original author’s work without asking permission. Pursuant to 17 US Code § 107, certain uses of copyrighted material “for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.” As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner’s exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.