Skip to content
English
digital signature

Jul 26, 2024

Why Are Humans Vulnerable to Cybercrime?

Data breaches are often associated with technology. On the other hand, technology users are humans. This raises the question, who is at fault, technology or humans?

Real-life examples of personal data misuse in Indonesia highlight the importance of education about information confidentiality. Many personal data violations have occurred recently. For example, a shopkeeper in PGC stole job applicants' data and used it for illegal online loans worth IDR 11 billion (CNN Indonesia). Moreover, job applicants' personal data is often used by irresponsible individuals to apply for online loans (Tempo). 

Upon observation, data breaches are often linked to technology. Many argue that digitizing data and documents makes privacy vulnerable to being spread on the internet. On the other hand, technology users are humans. So, the question arises, with cybercrime, who is responsible, technology or humans?

This article highlights our biggest question: When technology is created to facilitate humans, in this case, data security, why do humans become vulnerable to cybercrime?

Why Are Humans the Most Vulnerable Point in Cybersecurity?

Research shows that humans often become the most vulnerable point in the cybersecurity chain. According to a study by ISACA, 88% of data breach incidents are caused by human error, such as clicking on phishing emails or using weak passwords.

Kevin Mitnick, a prominent cybersecurity expert, also asserts that humans, not technology, are often the weakest link in the security chain, especially through social engineering attacks that exploit human psychological weaknesses.

These psychological weaknesses are then exploited by cybercriminals to commit fraud. Generally, fraud is an act of deception carried out with the aim of obtaining personal gain or harming others. Fraudsters will do anything to steal others' rights without being noticed, in various forms and sectors, including finance, insurance, and trade.

Complexity of Human Behavior

Humans often become the weak point due to their complex and unpredictable nature. Unlike technology and processes that can be programmed and regulated, humans make decisions based on personal judgment, which can sometimes be irrational and full of errors. According to Iowa Fraud Fighters, human vulnerability to fraud can be explained by several psychological factors:

  1. Cognitive Biases

    • Trust Bias: People tend to trust others, especially if they appear trustworthy or authoritative. For example, a phishing email that appears to be from a trusted bank asking users to update their login information. Since the email looks official, many people will trust it without further checking.
    • Confirmation Bias: Individuals often seek information that confirms their prejudices and ignore contradictory information. For example, individuals believe they should have won a prize draw, so they will trust messages that state this, without verifying it.

  2. Social Influence

    • Social Proof: The behavior of others greatly influences individuals. Phishers often create fake testimonials claiming that many people have successfully received big prizes if they click a certain link. Seeing these fake testimonials, individuals tend to follow suit.
    • Authority Compliance: Scammers often impersonate authority figures to exploit someone's tendency to obey authority figures. For example, scammers impersonate police officers.

  3. Emotional Manipulation

    • Scammers create a sense of urgency or fear to cloud judgment. For example, phishing emails often warn of dire consequences if action is not taken immediately.

  4. Decision-Making Under Pressure

    • Stress can lead people to overlook risks, resulting in poor decision-making. For example, emails or text messages demanding immediate action, like paying a fake bill or updating account information, can cause people to make hasty decisions without verifying the information's authenticity.

  5. Lack of Knowledge

    • Many internet users are unaware of the latest fraud techniques or cyber threats such as ransomware, social engineering, phishing, or deepfake. This lack of knowledge makes them vulnerable.

How Psychological Factors Become Vulnerabilities for Cybercrime

  • Phishing: Many people fall for convincing phishing emails or messages. Phishing exploits trust and carelessness to obtain sensitive information such as passwords and personal data.
  • Weak Passwords: Confirmation bias and lack of knowledge lead individuals to use easily guessed or repeated passwords for multiple accounts, increasing the risk of security breaches.
  • Email Misdelivery: Lack of attention can cause errors in sending emails to the wrong recipient, which can be fatal if the email contains sensitive or confidential information.
  • Shadow IT: Using software or applications without IT department approval can create gaps for data breaches because these applications may not have adequate security standards.
  • Public Wi-Fi Connections: Using unsecured public Wi-Fi networks can make it easy for cybercriminals to access personal or company data through man-in-the-middle (MitM) attacks.

User Education on Information Confidentiality

As in the case of personal data misuse for online loans, users must be taught never to share personal information or access codes with others. Comprehensive and consistent education is crucial to prevent misuse and ensure the security of digital transactions. Here are some tips you should understand:

  • Maintain Information Confidentiality: Never share personal information such as PINs, passwords, or OTPs with others. According to a report from Verizon, 81% of hacking-related breaches occur due to stolen or weak passwords.
  • Verify Identity: Always verify the identity of the party requesting personal data. Cybercriminals often use social engineering tactics to pretend to be trusted parties.
  • Use Trusted Platforms: Always use reputable platforms. According to research from Google, users who use two-factor authentication (2FA) have a 50% lower risk of being hacked.
  • Stay Updated: Keep up with the latest developments in digital security and technology. Cybersecurity certifications and training, such as those offered by SANS Institute and (ISC)², can help enhance cybersecurity knowledge.

It requires a lot of participation to continue developing technology in line with user education. That is the task of stakeholders, including business players, so that customers are not harmed in the future.

By educating the public and users about digital security, we can ensure that this technology is used safely and effectively, and avoid misuse that can be detrimental. Technology has great potential to facilitate and speed up various business and administrative processes, and with proper education, we can maximize its benefits.

Interested using VIDA? Contact us! 
VIDA

VIDA - Verified Identity for All. VIDA provides a trusted digital identity platform.

Latest Articles

Why Is Digital Identity Important for Financial Inclusion?
keamanan digital

Why Is Digital Identity Important for Financial Inclusion?

Digital identity is crucial for providing financial access to the public. What does digital identity look like, and how can we avoid identi...

October 10, 2024

How Fraud Detection Can Combat AI-Generated Fraud
digital security

How Fraud Detection Can Combat AI-Generated Fraud

Detecting and protecting personal identity from AI-based fraud attacks not only ensures that transactions are carried out by the legitimate...

September 29, 2024

Dear Business, Don’t Accept Stolen Identities
digital security

Dear Business, Don’t Accept Stolen Identities

The issue of personal data breaches has resurfaced in Indonesia. However, this data can be prevented from being misused. This is where the ...

September 20, 2024