Page 26: of Maritime Reporter Magazine (February 2025)

DIGITALIZATION loading a malware-infected attachment to failing to use a noise-level are things that can contribute to a more mistake- strong password or even a minor unintentional change to an prone environment.

essential con? guration ? le of a system - which is part of the Culture also plays an important role in environmental con- reason why it can be so dif? cult to address. siderations. Having a culture where security is always pushed

With more advanced and complex work environments be- to the background will lead to errors becoming more frequent. ing created across industry, there is an increasing number of Implementing a second line of veri? cation, such as peer re- tools and services being utilized with each requiring unique views or automated checks, can help catch potential human usernames and passwords. This all adds up and when not pro- errors and reinforce a culture of security vigilance.

vided with alternatives or secure solutions, employees can start taking shortcuts to make life easier for themselves. Ex- Awareness amples of these mistakes/missteps include posting credentials Human error can result from employees simply not knowing in visible places, not changing default passwords, and using a what the right course of action is. Users unaware of risk associ- single account for multiple operators. ated with phishing methods and similar information-extraction

Types of human error can include: tricks, are more likely to fall for such attempts, and those ig- norant of public Wi-Fi dangers may have their credentials eas-

Skill-based errors ily stolen. A lack of knowledge is almost never the fault of the

Skill-based human error consists of small mistakes that oc- person - but should be addressed by the organization in order cur when performing familiar tasks and activities. In these sce- to ensure their employees have the knowledge and skills they narios, the person knows what the correct course of action is, require to keep themselves and the business safe and secure.

however, fails to do so due to a temporary lapse, mistake or neg- For any company, taking the smallest of steps to reduce hu- ligence. These might happen because the employee is tired, not man error can create huge gains in security. Mitigation of this paying attention, forgets or is distracted. Examples of this type risk comes from two perspectives: of error include typing errors, miscon? guration settings, forget- ting to log out, and accidental deletion of important ? les/data. 1. Mitigating Humar Error:

Implement robust security protocols and procedures to min-

Decision-based errors imize the likelihood of human-induced security breaches.

Decision-based errors are when a person makes a faulty decision. This can include the person not having the nec- 2. Enhancing Cybersecurity Awareness: essary level of knowledge, not having enough information Investing in comprehensive employee training programs to about the speci? c process, or not realising that they are de- foster a strong security culture and reduce the risk of social ciding through their inaction. Examples of these types of er- engineering attacks.

rors include ignoring security alerts, weak password choices, The more knowledge and insight employees (working on- bypassing security protocols to expedite a task, inadequate shore and offshore) have, the less likely mistakes are to occur, risk assessments: deciding not to implement additional se- even when opportunities arise. curity measures due to underestimating the potential risk or Companies need to see human risk from a different mindset. impact of a threat. While untrained system users may be the weakest link, e.g. the security of port operations, the right tools and training encour-

Reducing Human Error with Training ages employees to be the ? rst line of defence against attacks or

There are a variety of factors that play into human er- breaches, safeguarding the business and your reputation.

ror, but most of them can be categorized into: opportunity, environment, and awareness. Employee-focused cyberse- Secure in the Knowledge of a Safe Supply Chain curity awareness training can improve business security by All have a part to play across the supply chain. By assessing teaching people how to add more secure actions into their and identifying critical assets with the support of a third-party regular routines. independent provider like ABS, companies can begin to build the operational and technical infrastructure required to help mit-

Opportunity igate cybersecurity risks.

Human error can only occur where there is opportunity for Training is critical. Upskilling teams responsible for meet- it to do so. The more opportunities there are for something to ing tomorrow’s industry rules and cybersecurity compliance go wrong, the higher the chance that a mistake will be made. requirements – and how companies operate alongside the reg- ulatory process – will need signi? cant training across the mar-

Environment itime supply chain. Then there’s the vendor relationship. This

The physical environment of a workplace can contribute to is an essential part of cybersecurity preparation by enabling the number of errors that occur. As an example, privacy and the asset owner to better manage expectations with vendors 26 Maritime Reporter & Engineering News • February 2025

MR #2 (18-33).indd 26 1/28/2025 9:51:23 AM