‌A Summer of Studying Cybersecurity — and Human Error’s Role in Attacks

As extra on a regular basis objects, akin to vehicles and even fridges, hook up with the web, new alternatives for cyberattacks open up. So, retaining our expertise secure and safe is extra vital than ever. 

As a cybersecurity scholar and summer time intern at NIST, I’m studying firsthand in regards to the position folks play in cybersecurity. 

It’s possible you’ll assume that the majority cybersecurity incidents outcome from technological errors, however this can be a frequent false impression. As I performed preliminary analysis for my internship as a part of the Summer Undergraduate Research Fellowship (SURF), I used to be shocked to study that human error accounts for greater than 80% of cyberattacks. 

Human error can take numerous varieties. Workers can ignore password necessities or create weak passwords. In different instances, workers members might by chance put a system in danger, akin to by clicking a hyperlink in a phishing email. 

These examples illustrate the necessity to think about human elements, particularly how folks assume and function, in cybersecurity. Regardless of the importance of human elements, many organizations fail to address these points when designing cybersecurity pointers and procedures. Because of this, they could miss alternatives to determine and stop breaches. 

This summer time, I’m interning at NIST’s NICE Program, which promotes cybersecurity training, coaching and workforce improvement. I’m conducting a case examine on human elements in cybersecurity. This entails reviewing numerous analysis publications on these incidents and analyzing the human elements that will have induced them. 

To additional slender down my analysis, I’m emphasizing supervisory errors and their attainable position. 

For instance, I’ve researched the 2011 assault by the hacker group Nameless on the expertise safety firm HBGary. Prime executives’ poor password administration was among the many points that contributed to the assault. Quickly after, the corporate’s safety agency, HBGary Federal, went out of enterprise. 

NIST provides the NICE Workforce Framework for Cybersecurity (NICE Framework), a nationally acknowledged useful resource that organizations use to coach and prepare their workers and to assist stop cyber incidents just like the one which occurred at HBGary. Throughout the framework, there’s an outlined position for managers, referred to as the Program Administration Work Function. This work position and others provide steering on how managers can strengthen cybersecurity of their organizations. 

I hope my analysis will be included into the steering for this work position. This is able to permit organizations to raised educate their supervisors on how you can cut back avoidable human errors and create a extra strong cybersecurity workforce. 

Experiencing NIST as an Intern

As I write this a little bit over midway by means of my internship, I can say it has been immensely enriching. 

I’m lucky to work underneath an awesome mentor and a supportive workforce full of vibrant minds. I’ve gained invaluable skilled expertise and analysis expertise that I’ll make sure you use as I proceed my training. 

Probably the most memorable experiences was attending NICE Director Rodney Petersen’s testimony earlier than the Home Homeland Safety Committee. It was a really attention-grabbing glimpse into the interior workings of our authorities departments. 

Moreover, residing alone has allowed me to additional develop vital life expertise, akin to budgeting and time administration. 

Pursuing a Profession in Tech 

Having grown up within the 2000s and 2010s, I used to be surrounded by expertise from a younger age. I imagine this was the catalyst for my rising curiosity within the area. 

I knew early on that I wished to check a technology-related area in faculty and doubtlessly pursue it as a profession. This led me to pursue a pc science diploma at Hampton College, a traditionally Black college in Virginia. 

Nonetheless, after realizing that I didn’t benefit from the math side, I switched to cybersecurity. This opened my eyes to a brand new facet of expertise that I hadn’t checked out intimately earlier than. 

After ending my undergraduate training, I plan to pursue a grasp’s or regulation diploma. After that, I’m retaining my profession choices open, however I do know that I wish to work within the expertise sector. 

The SURF program has given me invaluable expertise working a federal job. I hope to intern at Google, Microsoft or one other tech firm sooner or later to discover work within the non-public sector. In an ideal world, I’d like to work within the online game business, whether or not or not it’s in cybersecurity or a unique position. 

Recommendation for Future SURF College students

My finest recommendation for future interns is to maintain an open thoughts. Don’t be afraid to discover a wide range of subjects and alter course if wanted. The trail of analysis isn’t a straight line. 

Don’t really feel like it’s good to know a ton about your matter to begin both. The purpose of analysis is to study and discover. 

You gained’t all the time get the outcomes you count on — or the outcomes you need — however you’ll all the time come out of it studying one thing new.