top of page
Search

Human Error: How Can a Small Mistake Lead to Big Consequences?

  • maria390873
  • 3 days ago
  • 3 min read

In the wake of the recent cyberattacks on UK companies, it has become increasingly apparent that even the smallest error can have catastrophic consequences. Large companies have extremely sophisticated cybersecurity measures in place; however, these attacks have shown that even this can be breached by social engineering through phishing emails or calls. Such attacks can very quickly turn some of the most trusted companies in the country into case studies in how human error can be the weakest link in your cybersecurity measures.





At the South East Cyber Resilience Centre, we’ve seen time and time again that the vast majority of cyber incidents are not the product of sophisticated hacking tools, they begin with simple mistakes made by employees who have not undergone sufficient cybersecurity Staff Awareness Training.


The Background

Several retailers fell victim to a cyberattack over the past two weeks. Although the cause of the cyber attack has not been confirmed, it is a wake-up call to businesses to focus on cybersecurity. Given that 90% of cyber attacks start via a phishing email or phone call the most effective way to start your journey is to ensure that your staff are trained to identify such scams.


National Cyber Security Centre CEO Dr Richard Horne said:

“The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public.

“The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.

“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”

Staff training provides a great return on investment for companies. As we have seen the effect of cyberattacks can be staggering, losses of your network and processes, significant financial losses and a hit to the credibility of your brand. Research from cyber insurance providers suggest that 50% of SME’s close 6 months after a cyberattack.


The Solution

The recent cyberattacks on major retailers should encourage organisations in all industries, large and small, to consider their own cybersecurity measures. Human error is consistently one of the top causes of cyberattack and its something that businesses can, and must, proactively address. Here’s how:

· Regular Staff Training: Staff Awareness Training is critical to all employees as it provides them with the necessary knowledge and confidence to identify and report a potential cyberattack before it happens. Our Staff Awareness Training sessions cover essential topics such as safe password practices, secure data handling, phishing

detection, and more.


  • Enable 2-step verification (2SV): Reduce the risk of your company’s credentials being compromised by requiring multiple forms of verification.

  • Limit Access Controls: Restrict access to your systems based on roles and responsibilities. Not everyone needs to have access to everything!

  • Incident Response Planning: Have a clear, thoroughly tested plan for how your organisation would respond to a cyberattack.


Our Role at the SECRC

At the South East Cyber Resilience Centre, it’s our job to support businesses across the region in becoming more cyber aware through our expert guidance and affordable services, tailored to your industry. We work with of businesses of all sizes including micro businesses, SMEs, and charities to help strengthen their defences and identify where they’re most vulnerable.


We are currently holding two government-funded Staff Awareness Training sessions, normally priced at £396 per session. However, we are giving our members the chance to access critical staff training at no cost to their business. The next sessions will take place on the 13th and 15th May and sign ups close 3 days before the sessions take place. Secure your team’s place by clicking this link.


If you’re unsure about your organisation’s cybersecurity, you can check it here and join us at the SECRC for free and access guaranteed future support and guidance.

 
 
 

Comentários

NPCC
TVP Logo
Hampshire Police Logo
SEROCU logo
Surrey Police Logo
Sussex Police Logo
Cyber Essentials Logo
Cyber Essentials Plus Logo

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of the South East Cyber Resilience Centre is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect the most recent legislation, practice, or application to your circumstances. The South East Cyber Resilience Centre provides funded services and Cyber Essential Partners if you need specific support. For specific questions please contact us at enquiries@secrc.police.uk.  The South East Cyber Resilience Centre does not accept any responsibility for any loss that may arise from reliance on information or materials published on this website.  It is not responsible for the content of external internet sites that link to this site or which are linked from it.

© 2022 - 2025 The South East Cyber Resilience Centre

Registered in England & Wales, No. 13263448 

TM

  • Facebook for South East Cyber Resilience Centre
  • LinkedIn for South East Cyber Resilience Centre
  • X for the South East Cyber Resilience Centre
  • Youtube for South East Cyber Resilience Centre
  • Instagram for South East Cyber Resilience Centre
  • RSS feed for South East Cyber Resilience Centre
  • Threads
bottom of page