Final answer:
The primary reason for errors in IT security is human error, as cognitive overload can increase the likelihood of mistakes. This was evident in the banking institution study conducted by Bruno & Abrahão (2012) and highlighted by the Target data breach incident.
Step-by-step explanation:
The main reason people make mistakes in IT security is due to human error. This encompasses a range of issues, such as lack of training, distractions, and cognitive overload, which can lead to erroneous decisions. For example, studies in human factors psychology have shown that as operators are required to make more decisions, thus increasing their cognitive effort, the rate of false positives in security breach identification increases.
Human error is often the weakest link in IT security, rather than software defects or malicious intent alone. Studying the impact of cognitive load on decision-making accuracy is vital, as the case of the Target data breach demonstrates. Security personnel might receive alerts about breaches but due to human error, they may misinterpret these signals, leading to severe consequences.
Overall, errors in IT security can stem from various sources, but it's the interaction of the human component with the system that often leads to vulnerability. It's also important to recognize that while system vulnerabilities or malicious intent may contribute to security issues, the incorrect handling of such situations by individuals often exacerbates the problem.