The Human Factor: Cyber Security's Greatest Challenge

The Human Factor: Cyber Security's Greatest Challenge

George Platsis (22nd Century World, Toronto, Canada)
DOI: 10.4018/IJPADA.2018040103

Abstract

This article presents a cross spectrum of issues where the cyber domain is impacted by human decision making. Technical efforts and solutions are not enough. Therefore, until personal awareness of the cyber domain improves, we will be no closer to solving this great challenge of our time.
Article Preview

Introduction

The threat landscape of cyber space has changed considerably over the last 30 years. As a domain, access to it was once fairly limited, often accessible only to enterprise users, such as governments, educational institutions, and the largest corporations. But today, there are billions of users, small and large, some of which may not even realize how reliant they are on cyber space. Much the same way that many people were born into the age of electricity (and would have a difficult time imagining life without it), there is an entire generation of people that feel the same way about the Internet.

With the greater integration of technology that relies on the Internet to function into our daily lives, there will be even more access points into the cyber domain. Perhaps though, the most significant change has been our behavioral use of technology. For example, a cellular telephone, even up until the mid-2000s, was primarily used to make telephone calls, perhaps SMS text messages, and nothing else; today, a smartphone allows you to place calls, send multimedia messages, videoconference, search maps, conduct banking, monitor our health, and serve as mobile point of sale terminals, just to mention a few uses. Smartphones can even be used to hack networks.

Of course, there is a price for all these conveniences: our information. Whether it is personal or professional, our information is the newest form of currency. Yet, a paradox exists: trends show we would rather not give up our information to the Internet, but we still do so in growing fashion (Shinal, 2016). The clashes are prevalent. For example, people can claim to care about their privacy, but these same people, simultaneously, are active and prolific social media users. Corporations make efforts to employ cyber security best practices, but many do not collaborate with their supply chains or take an active interest in training all levels of their staff. And governments are in a constant struggle to balance civil rights with national security interests.

In the last 30 years, perhaps the most significant changes are in the areas of size, scale, scope, and complexity of the challenges. The challenges are only magnified when 99% of computers are considered to be vulnerable (Zaharia, 2016). In other words, for every convenience comes additional vulnerability. Simultaneously, attackers are getting better and faster, moving at a rate that is outpacing the defenders’ ability to protect the network and our information (Shephard, 2015).

Yet for all these challenges, the core issues are not all too different from those that professionals faced in the 1980s. To be more specific, from a historical perspective, cyber conflicts have only changed gradually, with many of the lessons of the past ignored (Healey, 2013). Perhaps this ignorance exists because we have failed to accept that most major international cyber incidents are an extension of pre-existing conflicts already in the physical domain (Gamero-Garrido, 2015).

But more importantly, the single greatest challenge in the cyber domain is also the area most often left unaddressed: the people. People do not have a uniform level of understanding of the cyber issues (Barloon, 2016), which, in turn, increases our vulnerabilities, despite our very best technical efforts. Therefore, as long as the issues related to our cyber awareness are left unaddressed – or more simply put: addressing “the people side” of the problem – we will continue to grapple with the same cyber domain challenges we are faced with today, where perhaps the only difference will be the magnitude of the problem.

This report presents a series of issues which impact a person’s awareness of the cyber domain. Some of the issues are at the macro level, such as the conflict between social systems, and others are at the micro level, such as the behavior of individual users. The purpose of presenting these wide-ranging issues is to demonstrate to the reader that behind every cyber challenge, there is a person; a person who makes a decision, a person who influences a system, and a person who often stands exposed and unaware.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 6: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 5: 4 Issues (2018): 3 Released, 1 Forthcoming
Volume 4: 4 Issues (2017)
Volume 3: 4 Issues (2016)
Volume 2: 4 Issues (2015)
Volume 1: 4 Issues (2014)
View Complete Journal Contents Listing