Human error: still the biggest problem in IT

A third of IT professionals say user error is the biggest cause of tech trouble in the workplace, proving that people, not tech, remain the weakest link in IT. 

 

The only thing more damaging, it seems, is when employees fail to notify tech support when there’s a problem. According to one in five frontline tech support staff, sweeping things under the carpet simply makes a bad situation worse. 

 

Either way, human error remains the main source of IT headaches for businesses.

 

In one sense, I’m not surprised by the findings of this recent survey.  For me, it simply underlines what everyone in IT already knows: that no matter how advanced systems become, people still make mistakes. And the potential for mistakes is only going to increase as systems become more complex. 

 

 

Complexity is making things harder

After all, today’s IT environments span cloud, hybrid, and on-premise – running scores of applications and integrations – and each with its own quirks and vulnerabilities. 

 

That’s why automation and AI are such effective tools. By taking over repetitive tasks, monitoring user activity, and even suggesting fixes before an issue escalates, automation and AI can do much of the heavy lifting for under-pressure IT teams. 

 

It might mean, for example, devising security protocols that enable systems to automatically identify suspicious user patterns that might otherwise go undetected by a human  IT Professional. Similarly, automating access rights management can help reinforce a zero-trust approach to security while ensuring that the right people have access to the right data.

 

And it’s not just in cyber-security where automation is proving its worth. The same principles are transforming how IT teams manage day-to-day service operations.

 

 

Automation adds a new layer of protection

According to the latest SolarWinds State of ITSM Report, organisations that introduced AI and automation into their service management processes managed to cut average incident resolution times by almost 18%, saving nearly five hours per ticket. For the top adopters, those time savings were more than 50%.

 

This stat is a powerful reminder that automation doesn’t just make IT faster. It also makes it more robust. But AI and automation are only one side of the coin. If we’re really to address the “people problem”, then we need to address it head-on.  

 

That doesn’t mean blaming employees for cyber-security slips. Instead, it’s about helping them become the first line of defence. And that means designing awareness and training programmes that work with human behaviour, not against it.

 

 

Making people part of the solution

For me, that process starts with openness and transparency. Most employees have no idea what goes on behind the scenes to keep an organisation safe. Showing them, through live dashboards, short demos, or simulated attacks, makes the threat real and relatable in a way that an awareness poster on a canteen wall never can.

 

Once people understand the risks, they need the tools and confidence to act. A simple “Report” button, for example, makes it easy to flag suspicious emails or activity. This would also help to address the issue of people not reporting problems. People are less likely to hide issues when the process of reporting them is simpler.

 

But it’s also true that when people feel trusted, they’re far more likely to report incidents early. And that’s where real resilience begins.

 

Awareness needs to be permanently in people’s thoughts. It can’t be something that’s “done” once a year during Cyber Security Awareness Month and then forgotten. Instead, it should be part of a rolling programme of events and initiatives.

 

Things like short TikTok-style videos, peer-to-peer sessions, or departmental “security champions” who help make cyber-hygiene part of everyday culture can all be used to ensure that the message stays uppermost in people’s minds. 

 

 

Embedding IT awareness in everyone

It is also important that any training is both realistic and specific. For instance, finance teams should have their training tailored to spot fraudulent invoices, while HR should learn to focus on data handling and how best to spot rogue CVs. 

 

However, if you truly want to take it to the next level, business leaders should be encouraged to participate in what are termed “security breach simulations” to experience firsthand what it’s like to be involved in a live incident. When done well, these so-called “simulations” can feel very real indeed. 

 

Ultimately, the goal is to make cyber-security as automatic as locking your front door or buckling your seatbelt when you hop in a car. When employees adopt this mindset, they shift from being a potential liability to an integral part of the cyber-defence solution.  

 

---

  

Sascha Giese is a Tech Evangelist at SolarWinds 

 

Main image courtesy of iStockPhoto.com and bymuratdeniz