ENISA: Human error is one of the major causes of security incidents
Human error means unintentional actions by users that cause, spread, or allow security issues to take place. Security incidents caused by human error have increased by 50% in the past year, according to a new report published by the European Union Agency for Cybersecurity (ENISA) entitled “Telecom Services Security incidents-2019”. The report shows that system failures caused 479 million user hours lost. In addition, the third-party failures- system failures, human errors, natural phenomena, and malicious actions have tripled compared to 2018. Incidents that originated in the third-party were estimated by 31%.
As part of the EU’s telecom regulatory framework, (Article 13a of the Framework directive (2009/140/EC) each year, European countries report significant security incidents to the National Regulatory Authority (NRA). A summary of these incidents will be sent to the European Union Agency for Cybersecurity (ENISA). The report refers to a number of 153 incidents that were submitted by 26 EU Member States. These security breaches resulted in 988 million user hours lost in 2019.
Human errors, hardware failures, power cuts, software updates, cable cut, heavy winds, and policy flaws are the reasons behind major security incidents. The incidents caused by human errors increased from 18% in 2018 to 26% in 2019. Fixed telephony and the internet are the most affected by human errors with 50% and 45% respectively. It has been reported that security incidents caused by human errors have been increasing since 2012.
Moreover, the report states that three high-capacity optical fibers were cut due to road modernization, which caused “mobile internet and telephony and also fixed internet and telephony outages at a national level for three hours. The deployment of the 5G network is expected to bring more security layers. A study by Ericsson revealed that the automation of things and the introduction of Artificial Intelligence would reduce cybersecurity issues.
On the other hand, an analysis of data from the UK Information Commissioner’s Office (ICO) carried out by CybSafe states that human error is the main cause of 90% of cybersecurity breaches. The analysis reported that 9 out of 10 of the 2376 cyber-breaches were caused by end-users, according to the Cybersecurity Intelligence website.
The European Electronic Communications Code (EECC) will come into effect across the EU Member States by the end of 2020. Article 40 of the EECC will give the security incidents reporting requirements a broader scope.