The Human Factor in Cybersecurity

Posted by aconr009 on

BLUF

As a Chief Information Security Officer, I would allocate as many funds as I could for
the basic training and use whatever I have left for the technology. Prioritizing importance on
training is very helpful in cases of attacks or other malicious events. Technology is also
important as a factor; however, you only need certain technologies to keep the business safe,
having the knowledge of how to use it is more important.

Tradeoff of Training

Training is a very valuable tool in dealing with any type of discipline especially with
Cybersecurity. In the Cybersecurity and Information Technology fields, the technologies and
methods change frequently making even the head of departments have to stay well informed. If I
was a Chief Information Security Officer, training my employees would be the first thing I
prioritize. According to Forbes.com, Cybersecurity awareness training is very important not just
for business use but also personal use as well as it can act as a sort of firewall. “Educate and train
employees and stakeholders on best practices to prevent or reduce breaches that target insiders,
such as phishing. Just over a third (34%) of cyberattacks involved internal actors in 2018.”
(Forbes 2019.) As explained here, educating employees on best practices could prevent or reduce inside breaches through phishing as just about a third is due to internal actors. With a limited
budget, it would be important to focus on training the employees that may not have much
information about cybersecurity or just general safety practices when on the internet. Having this
training can strengthen the human firewall which up to date is still one of the most vulnerable
parts of a business.

Additional technology

Additional technology can be very important in a business standpoint, especially ones in
need of cybersecurity. These technologies can include Artificial Intelligence and Machine
Learning, Anti-Malware, Firewalls, two factor authentication, and more. Investing in these
technologies can provide for a safer network and are usually needed with the number of viruses,
malware, and bad actors that are online trying to steal information or harm company assets.
“Every day the federal government fends off tens of thousands of cyberattacks from
adversaries…To fight back, government agencies use cybersecurity tools. As the hackers have
gotten more sophisticated so have the tools to stop them. Agencies need to protect data at every
stage of its life from the moment it is collected, to when it is transmitted, to where it is stored and
finally until it is deleted.” (Nitaac.gov 2020). These quotes from the article explain why it is very
important to have these tools in place, as if there was no protection than all our information that
is private or personal identifiable could be used in a malicious way. However, it fails to mention
just how important the human factor is in everything, even the slightest mess up by a high-
ranking employee can compromise the entire company.

Conclusion

If I was a Chief Information Security Officer, I would want to balance the amount of the
budget to train employees and executives of the company of basic cybersecurity practices as well
as get technology that can serve the companies purpose well enough. This would include a
firewall and two factor authentication at the very least. These are both very important to have in
a company setting, however I still believe that the human factor is the weakest link and should be
prioritized more. Knowledge in the field can keep the company from losing as many assets
compared to just spending on only technologies because even the strongest protection can be
broken by the inside.

Works Cited:
Forbes. “The Importance of Training: Cybersecurity Awareness As A Firewall.” Fortinet,
Forbes.com,
https://www.forbes.com/sites/insights-fortinet/2019/08/27/the-importance-of-training-
cybersecurity-awareness-as-a-firewall/?sh=60ba87258b4b
(Accessed November 2023)
Director’s Corner. “The Importance of Cyber Technologies in Government.” NITAAC,
nitaac.gov,
https://nitaac.nih.gov/resources/articles/importance-cyber-technologies-government
(Accessed November 2023)

Leave a Reply

Your email address will not be published. Required fields are marked *