Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingGovernment: Federal, State and Local

Human error and insider threats: Resilience in IT

By Alan Cunningham
Vector graphic man sitting at computer
December 3, 2021

Ted G. Lewis, a professor at the Naval Postgraduate School, states in his book Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation, “trusted computing depends on human processes as much, if not more, than on technology.” This is a statement that many cybersecurity leaders could get behind.

Obviously, a technology is only as secure as are the people that work in it. In many ways, a cybersecurity failure can be likened to a counterintelligence (CI) failure in that both deal with sensitive material either from a technical or human intelligence discipline, yet are based upon human failings rather than an unsecured firewall or an unlocked fence. However, technical infrastructures are integral to the effective and proper functioning of a nation-state, specifically the United States. IT assets are responsible for how nations communicate; deal in stocks and the financial market; and operate governments. Because of cyberspace’s importance in public and private life, it is imperative that it be protected against threats.

In an abstract written by Carl Colwill, he describes how information technology systems are well-defended from most outside hacks and traditional technological threats, but emphasizes how insider threats from employees are a very real threat for which most companies are unprepared. Interestingly, this assessment was also written in 2009, before the increased usage of social media by both government and the public en masse. This abstract, though dated, recognizes the problems posed by humans in the IT field.

More recently, others have acknowledged this and described how the IT field is a human process problem. According to Vircom, a Canadian tech company, “Human error is the leading cause of data and security breaches, responsible for 52% of such incidents. It was a person, lured by spear phishing, who opened the gates to the Democratic National Committee attack last year, as well as major hacks against Snapchat and the health care industry — to name a few examples of that human factor,” with Vircom’s Technical Support Director commenting, “The weakest chain in cyber security is the human being. It’s the lowest hanging fruit. Most of the attacks we see in the field right now are targeting uninformed people.”

Other examples of this human factor in the IT field comes in the form of the Equifax data breach, in which, “the company’s failure to perform the simple fix of patching the vulnerability,” resulted in 150 million having their data compromised or with the 2017 WannaCry ransomware attacks where, after the program was stolen from U.S. government servers and Microsoft issued a patch protecting against the malware, many simply did not install the new patch which resulted in massive corporate and companywide infections.

As one can see, human fallibility poses some significant problems to the IT space. As to how to solve this, I would argue that the best practice is take a national security approach in the vein of a CI structure. The entire point of counterintelligence is to prevent adversaries from gaining the upper hand by identifying, deceiving, exploiting, disrupting and protecting important information sectors, physical locations and documents that would threaten the security of the United States.

Taking a counterintelligence approach, which requires supervisors and all personnel to be on guard, having a stringent background vetting process with an emphasis on details, knowing the threats that are out in the world (both in a technological and non-tech sense), listening to both history and important analyses, and training people correctly are some of the techniques that many academics, experts, and other CI specialists would recommend could be utilized in the IT space and have extreme benefits in protecting sensitive information.

In terms of resilience, there are a number of ways to make the information technology sector resilient against various forms of attack.

First, education should be made the primary factor in promoting resilience in the IT sector. Many IT professionals either have work experience or military service, as opposed to undergraduate education in computer science or information technology. Because of this, while many are fluent in the technical constructs of IT and computation, a decent amount are not as fluent in the dangers that face cyberspace from foreign actors or the larger geopolitical problems that involve cyberspace.

Furthermore, like with most jobs, professionals can become complacent in the standard day-to-day operations and become lax in their duties. This lack of awareness can result in systems becoming compromised and penetrated by enemy actors, resulting in sensitive data being corrupted; items being stolen or deleted; and huge national security risks. It is apparent with the 2016 U.S. Presidential Election that relaxed security measures and general lethargy were the keys allowing Russia into the DNC’s servers. It could easily be argued that, on a company and corporate level, there should be steps taken to ensure that all members of the IT department are aware and fluent of larger geopolitical threats that are relevant to the field of cyberspace.

As well, joining forces with the federal government to have special agents and counterintelligence professionals brief the members of IT departments of large internet companies on current threats and potential risks the company faces on their servers and platforms would significantly help in promoting a joint private-public task force to combat disinformation and cyberattacks, while also allowing IT professionals to become more fluent in new and emerging threats that face the tech industry and the U.S. as a whole. This type of organization would be of great benefit in an anti-disinformation campaign (akin to what was seen with the Active Measures Working Group during the 1980s).

KEYWORDS: Counterintelligence cyber attack cyber security education geopolitical hacking news human error insider threats

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Alan Cunningham is a graduate student at Norwich University and aims to join the United States Navy upon the completion of his graduate degree. He desires to attain a PhD in History from the University of Birmingham and a JD from Syracuse University. He has been published in Small Wars Journal, the Jurist, and is awaiting official publication from the U.S. Army War College's War Room.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • web-g52f703615_1920.png

    Global navigation in cyberspace: GPS and threats to national defense

    See More
  • Energy sector security

    An Industry in need: The demand for increased security measures and regulation of the energy sector

    See More
  • Water treatment facility security risks

    The threat landscape for the water industry

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • s in europe.jpg

    Surveillance in Europe

  • CASP.jpg.jpg

    CASP+ CompTIA Advanced Security Practitioner Certification All-In-One Exam Guide...

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!