BBG Tech: Addressing the Human Element in Cybersecurity

By
BBG Tech
January 23, 2025

By: Aiden Satterfield

As I read the Verizon 2024 Data Breach Investigations Report for class, I thought it offered a reminder that while technology evolves, human error remains one of the most critical vulnerabilities in cybersecurity. This realization highlights an important, often overlooked truth that successful cyber defense strategies must address both technical and human factors. Relying solely on sophisticated tools like Security Information and Event Management (SIEM) systems or advanced software is not enough if human error is the primary breach vector.

When people think of cybersecurity, they often imagine hackers breaking into systems through technical exploits or doing other sophisticated attacks like denial-of-service where an attacker floods a network or server with excessive traffic, eventually causing it to become unavailable or significantly slow down. While these methods are very real, their success is often rooted in a much simpler weakness: human error.

The human factor in cybersecurity is frequently underestimated, yet it plays a pivotal role in many breaches. An attacker may use highly advanced tools but with a single lapse in judgment such as clicking a phishing link, reusing weak passwords, neglecting proper procedures, or not recognizing a man-in-the-middle attack, which is when the attacker intercepts communication between you and a trusted website, making you believe you are logging into the legitimate site. In reality, the attacker is stealing your credentials or sensitive information. All these human errors can lead to significant security breaches.

The conversation about cybersecurity shouldn’t revolve solely around technological tools like SIEM software or antivirus programs, but it must also address the persistent vulnerability posed by human oversight.

In the landscape of cyber threats, the notion of “human error” encompasses a range of actions, from falling for phishing scams to failing to update software patches or using weak passwords. According to Verizon’s report, human error accounted for 74% of breaches.

This challenge becomes more significant as businesses and individuals become increasingly dependent on technology. However, the solution lies not solely in investing in cutting-edge software but in implementing strategies that focus on reducing human vulnerabilities.

The Anatomy of Human Error in Cybersecurity

The errors contributing to cybersecurity breaches are as varied as the humans making them. Some of the most common types of mistakes include:

  • Phishing Attacks: Employees clicking on malicious links or downloading attachments from fraudulent emails.
  • Weak Passwords: A significant percentage of users still rely on simple or reused passwords that are easy to guess or crack.
  • Neglected Software Updates: Failure to install updates or patches leaves systems exposed to known vulnerabilities.
  • Improper Data Handling: Sharing sensitive data over unencrypted networks or failing to follow company policies on secure data sharing.

These actions often stem from a lack of awareness, poor training, or overconfidence in an organization’s technological safeguards.

The cybersecurity industry places significant emphasis on innovative tools to detect, prevent, and mitigate threats. SIEM platforms, artificial intelligence (AI) monitoring, and intrusion detection and prevention systems are undoubtedly valuable components of a robust security posture. However, these technologies alone cannot mitigate risks arising from human error. Investing millions in top-tier technology is useless if an employee accidentally grants an attacker access to critical systems.

To illustrate, many successful breaches exploit the principle of social engineering rather than technical weaknesses. Social engineering attacks manipulate human psychology to bypass even the best technical defenses. It’s a trick that attackers play on their victims. A common example is a convincing phishing email prompting employees to “verify their login details,” enabling attackers to gain access to secure systems.

Strengthening the Human Firewall

Organizations must adopt a comprehensive cybersecurity strategy addressing the human element to reduce human error. This approach Includes:

  • Cybersecurity Training and Awareness: Regular training sessions should educate employees on recognizing phishing attempts, using secure passwords, and following safe data practices. Role-playing exercises can simulate real-world scenarios and enhance readiness.
  • Promoting a Culture of Security: Cybersecurity should be a shared responsibility within organizations. Encouraging employees to report suspicious activities without fear of judgment fosters vigilance.
  • Simplified Security Processes: Overly complex security policies can lead to employee frustration and shortcuts. Striking a balance between robust security and usability encourages compliance.
  • Periodic Assessments: Conducting regular phishing simulations and security audits can identify areas where employees need improvement, providing targeted training opportunities. Checking for what vulnerabilities are on the network.
  • Adopting Zero Trust Principles: A Zero Trust architecture is almost what it sounds like. Essentially the organization assumes no user, internal or external, can be fully trusted. Multifactor authentication (MFA) is an example of this. 

Real-World Consequences of Neglected Human Factors

Recent incidents highlight the importance of addressing the human element. In a widely publicized breach, a major healthcare provider fell victim to ransomware after an employee clicked on a malicious link. Despite robust firewalls and intrusion detection systems, attackers gained access to sensitive medical records, costing millions in recovery efforts and reputational damage.

Closer to home, small businesses in West Virginia also grapple with the fallout of human error. Limited resources and expertise amplify the risks associated with errors like inadequate training and password reuse. Local governments, such as the City of Beckley, and small hospitals have experienced ransomware attacks tied directly to employee mistakes. These examples show that no business or individual is exempt from the consequences of oversight. Check out my article about the cybersecurity struggles in West Virginia from last year. 

Technology and Humans Can and Need To Be Partners in Security

While human error cannot be fully eliminated that’s an impossible ask. But, ultimately this is the most controllable thing in cybersecurity. Organizations can minimize its impact by integrating people-focused solutions into their cybersecurity frameworks. A truly effective defense combines the strengths of advanced technologies and well-trained, security-conscious employees. Technology acts as a force multiplier, enhancing human capabilities rather than replacing them.

As cyber threats grow more sophisticated, cybersecurity’s human element is both its greatest weakness and most promising area of improvement. Recognizing this need and acting accordingly can significantly bolster defense against the ever-evolving threat landscape, protecting both businesses and individuals in an increasingly digital world.

Aiden Satterfield is a cybersecurity graduate and athlete from Walsh University, and a native West Virginian.
For more information or to engage with BBG Tech contact: info@blackbygod.org. Let’s continue to inspire, inform, and foster an environment where diversity and innovation thrive in the tech industry.

If you appreciate BBG's work, please support us with a contribution of whatever you can afford.

Support our stories

Author
Aiden Satterfield

Aiden Satterfield is a master’s student at New York University, where he studies Cybersecurity. A 7th-generation native of West Virginia, Aiden serves as co-editor and columnist for BBG Tech, where he explores the intersections of technology, innovation, and equity.

Read more of his work on Black By God, and support his vision to inspire diversity and innovation in West Virginia’s growing tech industry.

For more information or to connect, email aiden@blackbygod.org.

Related Articles
The Reality of Zero Trust Security: Why “Trust No One” Is Harder Than You Think
By
BBG Tech
December 2, 2025
Citizen groups challenge secrecy and pollution concerns in Tucker County data center air permit decision
By
BBG Tech
November 26, 2025
Your Light Bill Is About to Rise to Fund AI!
By
BBG Tech
November 4, 2025

Keep local news alive in West Virginia.

Close the CTA