THE HUMAN FACTOR
The human factor is often something that’s talked about with a negative tone. Why is it like this? Should we turn it into something positive instead? In IT security, the human factor is unfortunately about something negative. It is about the fact that we humans are often not sufficiently educated in the world of information technology. It’s about that we all too often are able to click on links or websites without thinking. Or is it about credulity? Is it perhaps that the world of information technology is still so new that we do not know how to behave or how to handle things?
The human factor in IT security accounts for 95%  of all cyber attacks that occur. In this situation it’s a negative factor. This means that 95% of all cyber attacks occur due to a person receiving an email with an infected link that is then clicked on, malware downloads, bad passwords, and so on, which then leads to data being lost or encrypted and that you are blackmailed into a large sum of money to gain access to your data. In many of these cases, the awareness of how to behave in the digital world is too low. The training required to learn to see signs of being exposed to a phishing email, or to be able to create unique and secure passwords is often neglected and time is not spent on eduatiom, even if the time needs to be spent there. Because the information technology world is so new, and is positive in many ways, there are many negative factors that we need to take into account, and learn how to deal with these factors.
We can have contact with friends on the other side of the world. We can share photos on Instagram, Facebook and on all possible media. We share files, information and a lot of other data that in many cases we don’t want anyone else to have access to. As the world becomes more and more digital, our data also becomes more and more accessible. In many cases, we do not even think about when we share information with others, it may not just be shared between you.
The human factor in IT security accounts for 95% of all cyber attacks that occur. This shows that the time that needs to be spent on education in IT security is not actually spent. Imagine if we could turn it around to the fact that the human factor only accounts for 5% (preferably 0%) of cyber attacks. Or better yet, turn the negative term into something positive. That the human factor is strong and 95% of all cyber attacks do not occur due to the human factor.