Human Error - A Critical Contributing Factor to the Rise in Data Breaches: A Case Study of Higher Education

With increasing technical safeguards to protect information systems, Human error continues to be a critical factor contributing to the rise in information systems attacks and data breaches. Inadequate or unenforceable Cybersecurity policies or training can open doors for adversaries to circumvent technical safeguards and paint a picture of a growing cybersecurity problem. The problem investigated in this work assesses if organizations adequately invest in resources to provide industry-aligned cybersecurity education, training, and awareness that can minimize human error leading to cyber-attacks. This work aims to investigate breaches attributed to human errors and compare cybersecurity policies, education, training, and awareness programs in three different schools in New York State. The work focused on user awareness and vulnerable behaviours, effective training for users, and investigating start-of-the-art approaches to gauge or evaluate the organization’s cybersecurity stance when compared to industry frameworks like the NIST framework. A Triangulation research approach including quantitative, qualitative, and descriptive methods are adopted for this work. Instruments for data collection include a survey, literature review, qualitative analysis to identify research gaps, and assessments of the questionnaires. This work demonstrates that formulated enforced cybersecurity policies coupled with targeted security education, training, and awareness are instrumental to decreasing user errors, thereby reducing the probability of a cyber-attack.