Human Error is Incredibly Difficult to Understand, Let Alone Predict

  • 04 March 2019

Email still remains the main communication channel for enterprises. Despite its incredible efficiencies and economies of scale, email as a communication tool is reliant on human interaction and judgement. This makes human error particularly prevalent on email.

One example of a mistake that can occur over email due to human error is an email being directed to the wrong person. A misdirected email might happen for any number of reasons, just a few of which include stress, alertness, being in a hurry or simply bad luck. For example, staff members at a major Australian bank mistakenly sent emails that contained data from over 10,000 customers to the wrong recipient due to an error that changed the email’s domain name.

Over the past few years the workforce has become more mobile, meaning that more data now exits organizations’ premises and networks. Many employees manage their inbox on the move, replying to an urgent email after work while commuting or messaging international clients in the early hours of the morning. While this flexibility is advantageous for employees and businesses, different diligence levels outside working hours and on mobile devices raise the chance of a misdirected email being sent.

Let’s take a small-scale example. Even for a small organization where each employee sends a moderate number of emails per day, Tessian data shows that the likelihood of a misdirected email leaving the organization in a given month is high. That risk increases dramatically with the size of an organization. No matter how many Secure Email Gateways and firewalls you employ, failing to address this risk could mean your organization’s data being compromised.

Mistakes due to human error are not limited only to outbound email. Over the past few years, inbound attacks such as spear phishing have become more frequent and more sophisticated. For example, someone may receive an email from an attacker impersonating a supplier requesting a transfer for an outstanding payment. The degree of urgency included in the email and the fact that the attacker utilizes a legitimate relationship makes the likelihood of the recipient falling for the attack more likely.

In order to stay vigilant in this changing environment, security officers and business leaders should focus on two simple questions:

1. What’s the most likely cause of data loss for our organization?
2. What’s the maximum damage that a human error could cause?

This awareness can help security leaders gain a better understanding of the risks they need to manage on an ongoing basis. Ultimately, this awareness could help mitigate the likelihood of data loss, and associated consequences like financial penalties or reputational damage.

Mistakes due to human error are inevitable, but the negative consequences are not.

Tessian’s machine-intelligent email filters use machine learning to understand relationships and behaviors on email, identifying in real time when people are about to make a mistake – whether it’s entering the wrong reply-to address or potentially falling for a spear phishing attack. Thoughtful, intelligent notifications located within the email client stop the threat before it can cause damage to your organization. Take action against misdirected emails and spear phishing today.