The loss of a CD by HM Revenue & Customs in November 2007 containing personal and financial details of over 7 million families claiming child benefit was swiftly followed by assurances that such a mistake would never happen again.
Earlier this week, an agency of the Department for Health(1) admitted that over 4,000 NHS smartcards, giving potential computer access to patient records, had been lost or stolen - and nearly a third of these in the last year alone.
But no matter what steps an organisation takes, they will always run the risk of being compromised by human psychology and the way we perceive risk on a day-to-day basis, says Professor Gerard Hodgkinson, Director of the Centre for Organisational Strategy, Learning and Change (COSLAC).
“Our research shows that organisations will never be able to remove all latent risks in the protection and security of data held on IT systems, because our brains are wired to work on automatic pilot in everyday life,” he says.
“People tend to conceptualise the world around them in a simplified way. If we considered and analysed the risks involved in every permutation of every situation, we’d never get anything done! If I make a cup of tea, I don’t stop to weigh up the probability of spilling boiling water on myself or choking on the drink.”
Survey participants, all of whom regularly used IT systems in the course of their work, were asked to list examples of possible data security risks, either imagined or from their own personal experiences. A further group were asked to comment on the probability, underlying causes and likely consequences and impacts of the most commonly described scenarios.
Despite the survey data being collected over a period of two years, many of the risk examples envisaged by the study participants ironically matched – with surprising accuracy - some of the recent security lapses relating to information technology.
Says co-author Dr Robert Coles, “The results showed that when asked to focus on potential problems, employees seemingly exhibit a highly sophisticated perception and categorisation of risk, and insight as to the consequences of risky scenarios. However, this perception isn’t always translated into practice and elementary errors are still happening - and will continue to happen.”
The authors say that the results are useful for highlighting blind spots in what workers perceive as risk and probability, which will enable organisations to improve their induction and training processes.
The research also highlights the need to pay closer attention to the design of information security processes themselves. “Perhaps organisations should consider involving the potential users when developing crucial business processes,” says Dr Coles. “A well designed system should not allow these mistakes to be made. We need more triggers and mechanisms in the workplace that make us stop and think before we act.”
Prof Hodgkinson’s research, published in the February issue of the international journal Risk Analysis, is the first time that risk perception has been specifically analysed in terms of workplace information security.
The research was funded through Prof Hodgkinson’s tenure as a Senior Fellow of the ESRC/EPSRC Advanced Institute of Management programme (AIM).
Jo Kelly | alfa
Powerful IT security for the car of the future – research alliance develops new approaches
25.05.2018 | Universität Ulm
Supercomputing the emergence of material behavior
18.05.2018 | University of Texas at Austin, Texas Advanced Computing Center
The more electronics steer, accelerate and brake cars, the more important it is to protect them against cyber-attacks. That is why 15 partners from industry and academia will work together over the next three years on new approaches to IT security in self-driving cars. The joint project goes by the name Security For Connected, Autonomous Cars (SecForCARs) and has funding of €7.2 million from the German Federal Ministry of Education and Research. Infineon is leading the project.
Vehicles already offer diverse communication interfaces and more and more automated functions, such as distance and lane-keeping assist systems. At the same...
A research team led by physicists at the Technical University of Munich (TUM) has developed molecular nanoswitches that can be toggled between two structurally different states using an applied voltage. They can serve as the basis for a pioneering class of devices that could replace silicon-based components with organic molecules.
The development of new electronic technologies drives the incessant reduction of functional component sizes. In the context of an international collaborative...
At the LASYS 2018, from June 5th to 7th, the Laser Zentrum Hannover e.V. (LZH) will be showcasing processes for the laser material processing of tomorrow in hall 4 at stand 4E75. With blown bomb shells the LZH will present first results of a research project on civil security.
At this year's LASYS, the LZH will exhibit light-based processes such as cutting, welding, ablation and structuring as well as additive manufacturing for...
There are videos on the internet that can make one marvel at technology. For example, a smartphone is casually bent around the arm or a thin-film display is rolled in all directions and with almost every diameter. From the user's point of view, this looks fantastic. From a professional point of view, however, the question arises: Is that already possible?
At Display Week 2018, scientists from the Fraunhofer Institute for Applied Polymer Research IAP will be demonstrating today’s technological possibilities and...
So-called quantum many-body scars allow quantum systems to stay out of equilibrium much longer, explaining experiment | Study published in Nature Physics
Recently, researchers from Harvard and MIT succeeded in trapping a record 53 atoms and individually controlling their quantum state, realizing what is called a...
25.05.2018 | Event News
02.05.2018 | Event News
13.04.2018 | Event News
25.05.2018 | Event News
25.05.2018 | Machine Engineering
25.05.2018 | Life Sciences