It’s no secret that human error accounts for a disproportionate number of data breaches. Last year, it accounted for 74%; this year, the Verizon 2024 Data Breach Investigations Report noted that it rose to 76% per the same criteria. States the report, “The percentage of breaches caused by Error actions is rising…as opposed to external actors who are exploiting weak credentials through credential stuffing or brute force attacks.”
And yet, catching people in the act of making a mistake is an incredibly difficult task. Almost insurmountable. So, how do you bring down errors? A better question might be: How do you prevent the consequences those errors cause, namely data breaches? That might be a more answerable inquiry.
Managed security solutions, with their human expertise and technology-driven components, mitigate the risk of error by effectively detecting and responding to threats that exploit human weakness. While they can’t stop mistakes from happening, they can prevent them from developing into costly breaches.
Criminals, Errors, and Breaches – Oh, My
Eliminating human error is a statistical impossibility, whether in cyberspace or anywhere else. While this fact stands, it is also inescapable that mistakes will be made when critical cybersecurity solutions are being deployed, software is being developed, patches are being applied, and security controls are being configured. It is equally expected that enterprising threat actors will search diligently until they find them, exploit them, and exfiltrate the data they were meant to protect. It’s the eternal security game of cat and mouse, and it goes ever on.
While past studies have put the rate of error-induced breaches as high as 95%, any percentage presents a risk, if only because we do not often know the mistakes we make and, therefore, aren’t looking for them. Examples of the types of human errors that lead to breaches include the following, as noted in the Verizon 2024 DBIR:
- Misconfiguration: Misconfiguration was the culprit in one out of ten instances of error this year. It has been on the decline for the past three years, but the Verizon report noted that drooping figures could be due to fewer researchers taking the time to find them and more threat actors exploiting them before they can, exfiltrating data and contributing to the Hacking numbers instead.
- Misdelivery: Sending something to the wrong person led to over 50% of all miscellaneous errors that resulted in breaches. This rise in misdelivery (something “any old End-user” can do, according to the report) corresponds with a severe drop in System administrator errors (down from 46% to 11%).
- End-Users: End-users are now responsible for a massive 87% of errors, as opposed to accounting for only 20% just last year. This dramatic spike means a lot more caution is demanded from our end, as well as the Verizon-recommended “universal error-catching controls across all industries.”
Additional errors included Classification errors, Publishing errors, and Gaffes (or verbal errors), each accounting for a similarly small percentage of the overall sum, followed by Disposal errors (or accidentally throwing valuable data away), which accounted for only 1% of errors overall.
Managed Security: Extending Anti-Error Control
“We have the tools; we have the talent!” cries Winston in the original Ghostbusters movie. Unfortunately, the same cannot be said of every organization. It’s not the errors that get us, per se. It’s the damage they cause that we are simply unable to prevent or contain. To control the fallout of inevitable human mistakes – in configuration, deployment, patching, or any myriads of security facets – those two things are required.
The Tools
Despite the prevalence of shelf-ware, or perhaps because of it, security teams do not fully utilize the technology at their disposal, and underutilized software sucks time and resources from affording potentially new and helpful solutions. Why is so much technology sitting on the shelf? A CSO study revealed that 50% of security leaders reported not using the full functionality of their security products, while 26% were under-resourced when it came to practitioners, support staff, and deployment. SaaS products, in particular, can be “heavily relied upon, frequently underused, and often wastefully expensive” and ironically create further blindness into the environment. Tools without talent are useless.
The Talent
However, not all companies have the luxury of a well-staffed SOC. The cyber talent crisis is still ongoing, and while that’s not new news, the World Economic Forum did report that the shortage could reach 85 million workers by 2030 – indicating that it is still a prescient problem for many organizations. Managed Security Providers (MSPs) provide outsourced talent and experienced security professionals that resource-strapped companies cannot afford or do not have access to. This both boosts the level of expertise the team can now access and gives them professionals who are already trained on the technology – creating huge cost savings and putting enterprise-level security within reach for organizations that otherwise would be exposed to any number of the miscellaneous errors that lead to 76% of the year’s breaches.
Preventing Data Breaches with Automation and Integration
The effective integration and utilization of security tools can enable organizations to drastically reduce the risk of errors in an enterprise and prevent the breaches that inevitably follow. Selecting from the pool of available tools from various providers requires organizations to consider the following three factors:
- Each tool’s approach to automating threat detection.
- How they integrate into the existing security ecosystem.
- How they integrate with each other.
To illustrate the above, let us consider two of the most common tools that provide detection and response: managed detection and response (MDR) and extended detection and response (XDR). The management of threat detection and response by security expertise provided by MDR services helps combat error, for example, but so does the integration and automation of security tools across any security layer provided by XDR. Therefore, it is important to consider each approach on its own and compare the two approaches.
Managed technology combines behavioral-based threat-hunting technology with the expertise of skilled practitioners who know how to use it. It can be highly effective in spotting low-and-slow attacks that worm their way in because of malicious links, exploited vulnerabilities, or stolen credentials and sit undetected on the network, exfiltrating data.
Utilizing managed options can help with other error-capitalizing exploits by giving SOCs round-the-clock backup with best-in-class technology (tools) and expertise (talent). Sometimes, all teams need is a little extra hand.
An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation, and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire, and many other sites.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.