ELI5: What are Human Factors?
People make mistakes — clicking bad links, choosing easy passwords, or trusting the wrong person. Human factors are all the ways that people, not computers, accidentally create weak spots in security.
Definition
Human factors are vulnerability categories rooted in human behavior, psychology, and decision-making rather than technical flaws. They represent the reality that people are often the weakest link in a security chain—susceptible to manipulation, error, and sometimes malicious intent. Addressing human factors requires security awareness training, clear policies, and technical controls that assume human fallibility.
Key Details
- Lack of training: Employees who don’t recognize phishing, social engineering, or security policy violations are easily exploited.
- Social engineering susceptibility: Human tendencies (authority, urgency, fear, helpfulness) are exploited by attackers.
- Insider threats: Malicious insiders with legitimate access, or unwitting insiders manipulated into harmful actions.
- Mitigation: Security awareness training, phishing simulations, clear security policies, technical controls (MFA, least privilege) that reduce reliance on human judgment.
- Security culture: Organizations with a strong security culture reduce human factor risk more effectively than training alone.
Connections
- Parent: vulnerability-types — the human vulnerability category
- See also: security-awareness-training