By: Shelby Welty
June 10, 2021
Who is Human Error: The story behind a security awareness training celebrity
By: Shelby Welty
June 10, 2021
Self-described C-Level cybersecurity celebrity and comedian Drew Freed, joined Digital Media Producer, Thomas Horlacher, on the Cybrary Podcast to discuss Drew’s role as Human Error in the security awareness training by Mimecast. This unique character that has a proclivity for giving out passive security advice in the workplace went viral within the cybersecurity community in recent years. Follow the origins of Human Error from Drew’s perspective and see how these videos have changed the future of cybersecurity, opening people’s eyes to the essential nature of security awareness training programs.
Human Error Origins
The origin of the Human Error videos began in a bar in New York City. Drew, who was very active at the Upright Citizens Brigade theater and bartending there at the time, was approached by the producer for Mimecast’s training videos. The producer was looking to cast the role that would be “the embodiment of all humans in the workplace” and Drew had the perfect image for the role. After one audition, Drew was cast as Human Error and the rest is history.
The first day on the set ended up being very low budget. BYOP (Bring Your Own Pajamas) was the motto that day with many of the lines being improvised. Over time, the production value increased, but the trademark PJs still remained. Once the videos were mainstream, Drew took Human Error on the road to cybersecurity conferences such as BlackHat 2019, getting recognized in Australia, and being turned into a cartoon character with his own bobblehead doll. From here, the sky is the limit for Drew and Human Error.
Human Error Hijinks
If you’re not yet familiar with the Human Error character, it’s best to describe him as something like Jiminy Cricket for cybersecurity awareness. Just like Jiminy, Human Error points out what not to do in common security situations. In the case of Drew’s character, common sense is definitely the most effective teaching tool to drive cybersecurity awareness.
While filming these epic episodes, Drew recounted the many crazy hijinks behind the scenes that led to some pretty impressive footage. Human Error drank sour milk, rollerbladed in the park and even got tackled by NFL linebacker Kyle Van Noy as well as Melbourne Rugby players. Although neither tackle left him injured, Drew admitted that the rugby players hit hard enough to give his back a good chiropractic adjustment.
What Keeps Human Error Up At Night?
Looking past the comedy within Human Error, one must understand that what you’re witnessing in the videos are very real scenarios that play out daily in the workforce. Drew explains that what keeps Human Error going is the fear-based society that we live in today. The more people that are living in fear that the boogeyman is out to get them, the more likely that Human Error will continue its current trajectory.
One of the reasons Human Error is so powerful is that it encompasses every action that makes us susceptible to attacks or weaknesses. It shows why constant vigilance with cybersecurity isn’t overkill; it’s essential. Making lax judgement calls on password or email security can decrease the effectiveness of the cybersecurity efforts being deployed across your enterprise.
Importance of Security Awareness Training Programs
Even with a robust email security perimeter in place, attackers can try to bypass it and operate inside your network. When you analyze the anatomy of most successful cyberattacks, nearly all of them have one thing in common. Some user, somewhere, did something that could have been avoided.
Human error contributes to almost 95% of security breaches. Most security approaches still fail at making a desired impact. If your employees aren’t ready for a cyberattack, the unfortunate truth is that your organization isn’t either. An engaging security awareness training program will help turn your employees into your first line of defense.
Security awareness training is critical because cyber threats abound in our always-connected work environments. What’s more, threats are continually changing. The common thread for some of the most significant threats today is people; your employees. Hackers know people can provide soft attack surfaces to make their exploits successful.
The point of security awareness training is to equip employees with the knowledge they need to combat these threats. Employees cannot be expected to know what threats exist or what to do about them on their own. They need to be taught what their employers consider risky or acceptable, what clues to look for that indicate threats, and how to respond when they see them – without Human Error clouding their judgement.