The Human Factor In Cybersecurity

Posted by acast045 on

By Angelica Grace Castro

The Human Factor

Humans can contribute to cyber threats in various ways including human error, insider threats, white-collar crimes and cybercrimes. Many organizations and companies have a limited budget to allocate for their cybersecurity measures. As a result, a Chief Information Security Officer will have to decide and balance their spending on training and additional cybersecurity technology. If I were a CISO I would allocate twenty percent to maintenance of existing equipment, forty percent to training and the remaining forty percent towards additional cyber technology.

Training

Employee training is an important part of cybersecurity measures and must always have funds allocated for it. Potentially exposing the company to cyber threats due to human error is an unnecessary risk to take. Consistent, constant and quality training would minimize human error as well as ensure employees are ready in the case of an attack. The higher the amount of funds allocated for training would more than likely result to a higher quality of training. Additionally, training should be frequent and interactive to improve the employees’ understanding. For example, training should not just be going through presentation slides instead live exercises should be incorporated so that employees can gain experience and become better prepared should that situation arise. Frequent training and live exercises require funds in order to be able to happen.

Cyber Technology

Training and cyber technology are both of equal importance. There is a continuously rapid development in cyber technology and along with it is new and emerging cyber threats. According to Brian Payne’s “White-Collar Cybercrime: White-Collar Crime, Cybercrime, or Both?”, due to the routine use of computers in the workplace there are new opportunities for that technology to be used for white-collar crimes. This indicates the potential for insider threats which cannot be eliminated through training. Thus, companies should invest in cyber technology to defend against these types of threats. Additionally, due to the development of cyber threats if an organization or company falls behind in regards to cyber technology, even consistent, constant, and quality training will not be enough to defend against cyber threats.

Maintenance

While employee training and cyber technology are important cybersecurity measures, we must not forget to maintain the currently used system. Training employees becomes useless if the system itself does not work. Funds must be allocated to mitigate and prevent machine errors, faulty equipment, hardware degradation and potential loss of availability to equipment due to poor facilities. Maintenance is not limited to just the cyber devices. It would be undesirable to put the company at risk for things that are preventable such as a broken outlet or a water pipe that has burst. Not only does equipment failures prevent employees from doing their work but it also contributes to low morale and the disgruntlement of the workers. A disgruntled worker could become an insider threat.

Conclusion

Due to the human factor in cybersecurity which contributes to cyber threats, every organization should allocate their funds wisely. As a Chief Information Security Officer, it is essential to not only place importance to training and cyber technology but to maintenance as well. Employee training, cyber technology and maintenance go hand-in-hand to prevent and mitigate threats. Not allocating funds for one would result in the other two being useless.

References

Payne B. (2018). White-Collar Cybercrime: White-Collar Crime, Cybercrime, or Both?. Criminal Justice, Law & Society, 19(3), 16-32.

Collins J., Sainato V., Khey D. (2011). Organizational Data Breaches 2005-2010: Applying SCP to The Healthcare and Education Sectors. International Journal of Cyber Criminology, 5(1), 794-810.

Leave a Reply

Your email address will not be published. Required fields are marked *