To Err is Human: Human Factors in Cybersecurity


December 17, 2017

Dr. Scott White

Dr. Scott J. White, GW cybersecurity professor, speaks about Human Factors and Cybersecurity. (Loudoun County Public Library)

Dr. Scott White is willing to lecture almost anywhere. While he usually teaches in a classroom, he agreed to share his insights on “Human Factors and Cybersecurity” as part of a new series of fun, thought-provoking discussions held in casual settings. Sponsored by Loudoun County Public Library, the event encouraged patrons to meet and talk about science at the Ashburn Old Ox Brewery, a local watering hole, as the first event in a new series they are hosting.

White, a clinical criminologist and former intelligence officer with the Canadian Security Intelligence Service, is currently the director of the Cybersecurity Undergraduate Completion Program at CPS.

White’s expertise gives him a unique perspective on cybersecurity and the increasing vulnerability to attacks we face as our lives have gone increasingly digital. He discussed the human factors in cybersecurity and how that relates to cybersecurity protection.
“People are both the best resource and the weakest link in cyber-resilience. Statistics have demonstrated that insider threats are the most common entry point for cyber criminals (up to 60%),” said White.

Cyber professionals face the challenge of identifying “insider threats” from the people operating the equipment and/or managing the data. These threats can be equally damaging as outside threats.

He said that human error is also a major factor, either because of weakness in technology approaches or, more likely, a lack of awareness on the part of users. Organizations can help protect themselves against “insider threats” through digital literacy training, cyber awareness training and technical solutions. Steps should be taken to create a “human firewall” that transcends typical human behavior and the need to click on that curious link that has enabled ransomware to become a rapidly emerging problem.

The audience of more than 60 was very engaged and asked questions about how to best defend their companies. They also wanted to know what kind of employee vetting can be done to identify risks.

Remember, knowledge is power. The door that’s not locked leaves you open to vulnerabilities. Protect yourself by being alert to different types of cyber threats, including insider threats.

Audience at Old Ox Brewery during Dr. White’s talk. (Loudoun County Public Library)
Audience at Old Ox Brewery during Dr. White’s talk. (Loudoun County Public Library)