Mr. Ali Beshara, the General Manager of NGN, a leading Bahraini IT Systems Integrations and Managed Cyber Security Company, emphasized the significance of factoring in human error when devising cybersecurity strategies for institutions. This is crucial as human error frequently serves as the root cause of the most detrimental cyber incidents within organizations.
Mr. Beshara highlighted that human error represents the primary vulnerability underlying cybersecurity threats, often stemming from a lack of awareness regarding various fraudulent tactics employed by cyber criminals, difficulties in identifying potential risks, or factors linked to an employee’s assigned tasks.
This was stated during his participation in Zain talks, cybersecurity panel discussion on “The Human factor: Insider Threats and Social Engineering”. The event featured several experts and academics specializing in cybersecurity and information security.
“Most cyber criminals possess technical proficiency, act swiftly, and meticulously plan information attacks and social engineering techniques. They exploit human errors deliberately over time, aiming to compromise victims and gain access to information servers.”
According to Mr. Ali Beshara.
“Human error constitutes the primary non-technological obstacle to cybersecurity, and it’s crucial to address this challenge. Mitigating its risks requires employees’ adherence to clear security policies, and companies should provide training and awareness programs to enhance security capabilities and minimize the impact of human error.”
Mr. Beshara emphasized that human error manifests in diverse forms within cybersecurity, encompassing actions like unauthorized information disclosure, responding to suspicious emails, employing weak passwords, and overlooking essential security measures such as data encryption and timely patching. He underscored the pivotal role of information management risk managers and senior information security officers within organizations. These professionals must factor in human tendencies such as susceptibility, complacency, and fatigue when crafting and implementing policies and procedures. This nuanced understanding is critical to effectively mitigate related risks and curtail their propagation in the field of cybersecurity.
Mr. Beshara highlighted the evolving landscape of cyber-attacks, which have now become “semi-routine.” This evolution underscores the urgent need for companies to bolster their investments in cybersecurity, safeguarding both their proprietary data and the sensitive information of their customers. He emphasized that the layers of defense in cybersecurity should not be underrated or treated as separate from other commercial risks. Strengthening cybersecurity must begin at the highest levels of an organization, with senior management and executive leadership taking the lead. It involves allocating financial resources and acquiring specialized human expertise to ensure a robust and proactive cybersecurity posture.
