Reports often cite the human element—like falling for phishing or making mistakes—as the primary cause of breaches, leading to labels like “weakest link” or “unintentional insider threat.” However, this framing ignores context, system design, and complexity.

The author illustrates this with the difficulty of detecting malicious URLs, especially when homoglyphs (characters that look alike) are used—something even vigilant users may miss. Blaming users in such cases disregards the limitations of human perception and decision-making.

Instead of focusing blame on individuals, the author advocates for better technical solutions and system design. For example, the drop in macro-based attacks after Microsoft disabled macros by default wasn’t due to user awareness but a technical change.

To improve incident response and prevention, the cybersecurity field needs new, nuanced models that reflect human behavior, variability, and context. Learning from safety science and embracing human-centered approaches—like those promoted by the FIRST SIG and NIST—can lead to more effective cybersecurity strategies.

‍

Source: https://www.first.org/blog/20250418-Human-Error