THE HUMAN FACTOR IN CORPORATE DATABASE SECURITY: A SOCIO-BEHAVIORAL RISK ANALYSIS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2026.32.1102

Keywords:

insider, motivation, vulnerabilities, phishing, human error

Abstract

The article highlights the socio-behavioral nature of risks in corporate database security, where the human factor is a determining contributor to incidents. It is shown that behavioral errors, knowledge gaps, stress and demotivation generate vulnerabilities that circumvent formal policies and technical controls. The roles of the employee as operator and decision-maker are outlined. Misconfigured access rights, negligent execution of procedures, delays in anomaly detection and errors in interpreting monitoring signals lead to data leaks and integrity violations. The impact of cognitive and information overload, heterogeneous competencies and low trust in digital solutions is examined, as factors that shift risk from a purely technical to a behavioral dimension. Scenarios of human participation as either victim or offender are identified, namely social engineering, malicious insiders and workaround practices. Case studies (Capital One, Uber and SingHealth) demonstrate how configuration errors, excessive privileges, shared accounts, the absence of MFA and non-compliance with procedures escalate local deviations into large-scale compromises. Technical manifestations of unintentional actions in databases are described: incorrect ACLs, erroneous access rules, incomplete parameter validation and undetected SQL injection. It is shown that, for insider threats, effective measures include personalized warnings and behavioral analytics with risk indices integrated with DLP policies and access restrictions. A countermeasure framework is considered: the principle of least privilege and defence-in-depth (including Zero Trust), continuous IAM/API monitoring, regular search for misconfigurations, segmentation and privileged account control, as well as targeted training with incident simulations and feedback. It is concluded that the resilience of data storage systems is determined not only by technologies, but also by the controllability of personnel behavior.

Downloads

Download data is not yet available.

References

Maslova, Yu. Yu., & Kushnir, I. M. (2020). Information security and the human factor. Modern Information Security, 4. https://doi.org/10.31673/2409-7292.2020.044145

Dovhan, O., Lytvynova, L., & Dorohykh, S. (2023). Cybersecurity in the information society: Information and analytical digest (Issue 9). Kyiv: State Research Institute of Informatics and Law of the National Academy of Legal Sciences of Ukraine; Vernadsky National Library of Ukraine. https://ippi.org.ua/sites/default/files/2023-9.pdf

Shevchenko, S., Zhdanova, Yu., Skladannyi, P., & Boiko, S. (2022). Insiders and insider information: Essence, threats, activities, and legal responsibility. Cybersecurity: Education, Science, Technique, 3(15), 175–185. https://doi.org/10.28925/2663-4023.2022.15.175185

Yakymenko, Yu. M., Rabchun, D. I., & Zaporozhchenko, M. M. (2021). The role of social engineering in data leakage issues and organizational aspects of protecting corporate environments from phishing attacks via email. Cybersecurity: Education, Science, Technique, 1(13), 6–15. https://csecurity.kubg.edu.ua/index.php/journal/article/view/278

Zhmurko, O. (2024). Social engineering as a cybersecurity threat: Prevention and protection methods. Security Pedagogy, 9(1), 37–42. https://doi.org/10.31649/2524-1079-2024-9-1-037-042

Dzhalladova, I. A.-k., & Kaminskyi, O. Ye. (2025). Socio-psychological resilience of cybersecurity systems. Modern Information Technologies in the Sphere of Security and Defense, 53(2), 43–50. https://doi.org/10.33099/2311-7249/2025-53-2-43-50

Oniushchenko, S. V., & Hlushko, A. D. (2022). Analytical dimension of cybersecurity in Ukraine under increasing challenges and threats. Economy and Region, 1(84), 13–20. https://doi.org/10.26906/EiR.2022.1(84).2540

Kras, A. (2025). Human factor and security management. In Audit of information security: Methodology and practical cases. In Problems of Computer Science, Software Modeling, and Security of Digital Systems (pp. 123–125). https://apcssm.vnu.edu.ua/index.php/conf/article/view/237

Kashkanova, A. A. (2025). Socio-technical approach as a way to improve the security environment in urban transport systems. Bulletin of Vinnytsia Polytechnic Institute, 4, 170–178. https://doi.org/10.31649/1997-9266-2025-181-4-170-178

Ali, R. F., Dominic, P. D. D., Ali, S. E. A., Rehman, M., & Sohail, A. (2021). Information security behavior and information security policy compliance: A systematic literature review for identifying the transformation process from non-compliance to compliance. Applied Sciences, 11(8), 3383. https://doi.org/10.3390/app11083383

Ruohonen, J., & Saddiqa, M. (2025). What do we know about the psychology of insider threats? In Digital Forensics and Cyber Crime (ICDF2C 2024) (pp. 186–211). https://doi.org/10.1007/978-3-031-89363-6_11

Mitchell, B. S., Mancoridis, S., & Kashyap, J. (2024). On the automatic identification of misconfiguration errors in cloud-native systems. In Proceedings of the 2024 7th Artificial Intelligence and Cloud Computing Conference (AICCC 2024) (pp. 539–548). https://doi.org/10.1145/3719384.3719463

Khan, S., Kabanov, I., Hua, Y., & Madnick, S. (2022). A systematic analysis of the Capital One data breach: Critical lessons learned. ACM Transactions on Privacy and Security, 26(1), 1–29. https://doi.org/10.1145/3546068

Moh, P., Yang, A., Malkin, N., & Mazurek, M. L. (2024). Understanding how people share passwords. In Proceedings of the Twentieth Symposium on Usable Privacy and Security (SOUPS 2024) (pp. 219–237). https://www.usenix.org/conference/soups2024/presentation/moh

Sharma, U., & Kalekar, S. M. (2024). Dissecting the Uber security breach: Root cause analysis and mitigation strategies. International Journal of Computer Engineering and Technology, 15(4), 715–720. https://doi.org/10.5281/zenodo.13368425

Njenga, K., Nyamandi, N. F., & Segooa, M. A. (2024). A model on workarounds and information security integrity. South African Journal of Information Management, 26(1), 1–10. https://doi.org/10.4102/sajim.v26i1.1853

Ee, S. K. K. (2022). Prevention is no cure: A case study of the 2018 SingHealth breach. Digital Asia Hub. https://www.kas.de/documents/288143/14393910/4.1+Prevention+is+No+Cure.pdf

Jiang, J. X., Culbertson, N., & Bai, G. (2022). Effectiveness of email warning on reducing hospital employees’ unauthorized access to protected health information: A nonrandomized controlled trial. JAMA Network Open, 5(4), e227247. https://doi.org/10.1001/jamanetworkopen.2022.7247

Netskope. (2023). Netskope advanced UEBA case studies. https://www.netskope.com/wp-content/uploads/2023/05/advanced-ueba-case-studies.pdf

Downloads


Abstract views: 4

Published

2026-03-26

How to Cite

Rybalchenko, O. (2026). THE HUMAN FACTOR IN CORPORATE DATABASE SECURITY: A SOCIO-BEHAVIORAL RISK ANALYSIS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 4(32), 747–756. https://doi.org/10.28925/2663-4023.2026.32.1102

Issue

Vol. 4 No. 32 (2026): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2026 Олексій Рибальченко

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.