Editing Computer security (section)

===User security training===
The end-user is widely recognized as the weakest link in the security chain<ref>{{cite web |date=22 January 2014 |title=Studies prove once again that users are the weakest link in the security chain |url=https://www.csoonline.com/article/2137210/security-awareness/studies-prove-once-again-that-users-are-the-weakest-link-in-the-security-chain.html |access-date=8 October 2018 |website=CSO Online}}</ref> and it is estimated that more than 90% of security incidents and breaches involve some kind of human error.<ref>{{cite web |date=2 September 2014 |title=The Role of Human Error in Successful Security Attacks |url=https://securityintelligence.com/the-role-of-human-error-in-successful-security-attacks/ |access-date=8 October 2018 |website=IBM Security Intelligence}}</ref><ref>{{cite web |date=15 April 2015 |title=90% of security incidents trace back to PEBKAC and ID10T errors |url=https://www.computerworld.com/article/2910316/90-of-security-incidents-trace-back-to-pebkac-and-id10t-errors.html |access-date=8 October 2018 |website=Computerworld}}</ref> Among the most commonly recorded forms of errors and misjudgment are poor password management, sending emails containing sensitive data and attachments to the wrong recipient, the inability to recognize misleading URLs and to identify fake websites and dangerous email attachments.  A common mistake that users make is saving their user id/password in their browsers to make it easier to log in to banking sites.  This is a gift to attackers who have obtained access to a machine by some means.  The risk may be mitigated by the use of two-factor authentication.<ref>{{cite web |date=7 October 2018 |title=Protect your online banking with 2FA |url=https://www.nzba.org.nz/2018/10/08/protect-your-online-banking-with-2fa/ |access-date=7 September 2019 |website=NZ Bankers Association}}</ref>

As the human component of cyber risk is particularly relevant in determining the global cyber risk<ref>{{cite web |year=2014 |title=IBM Security Services 2014 Cyber Security Intelligence Index |url=https://pcsite.co.uk/computer-security/IBM_Security_Services_2014_Cyber_Security_Intelligence_Index.pdf |access-date=9 October 2020 |website=PcSite}}</ref> an organization is facing, security awareness training, at all levels, not only provides formal compliance with regulatory and industry mandates but is considered essential<ref>{{cite news |last1=Caldwell |first1=Tracey |date=12 February 2013 |title=Risky business: why security awareness is crucial for employees |newspaper=The Guardian |url=https://www.theguardian.com/media-network/media-network-blog/2013/feb/12/business-cyber-security-risks-employees |access-date=8 October 2018}}</ref> in reducing cyber risk and protecting individuals and companies from the great majority of cyber threats.

The focus on the end-user represents a profound cultural change for many security practitioners, who have traditionally approached cybersecurity exclusively from a technical perspective, and moves along the lines suggested by major security centers<ref>{{cite web |title=Developing a Security Culture |url=https://www.cpni.gov.uk/developing-security-culture |archive-url=https://web.archive.org/web/20181009013120/https://www.cpni.gov.uk/developing-security-culture |archive-date=9 October 2018 |access-date=8 October 2018 |website=CPNI – Centre for the Protection of National Infrastructure}}</ref> to develop a culture of cyber awareness within the organization, recognizing that a security-aware user provides an important line of defense against cyber attacks.