WRITE UP: The Human Factors in Cybersecurity

During this week’s reading, you’ve been exposed to different points of view regarding human contribution to cyber threats.  Now, put on your Chief Information Security Officer hat.  Realizing that you have a limited budget (the amount is unimportant), how would you balance the tradeoff of training and additional cybersecurity technology?  That is, how would you allocate your limited funds?  Explain your reasoning.

Putting on my Chief Information Security Officer (CISO) hat, I will balance these limited funds between cybersecurity awareness training and cybersecurity technology in a strategic approach. This approach will prioritize the organization’s most critical risks and ensuring long term effectiveness. 

The strategy would consist of 50% training because in my opinion human error in cybersecurity is what leads to the most data breaches and vulnerabilities. Employees are to be trained to recognize phishing attempts, practice secure habits, and understand how their role can help to mitigate cybersecurity risks. This training will consist of daily awareness campaigns and awareness training every quarter or month. Specific high-risk roles will have targeted workshop trainings, so IT administrators, finance and personnel handling sensitive data. Acting out social engineering scenarios like phishing exercises like if it were real can help employees get a better understanding of the risks as well. A company that is equipped with this information is less likely to fall victim to a cyber-attack. 

The other 50% would be in technology which will address human vulnerabilities. There are technologies put in place to detect, prevent, and respond to evolving cyber threats. some of these include Endpoint Detection and Response (EDR) tools that monitor and protect devices. Mulit-factor authentication to strengten access controls, firewall and intrusion prevention systems (IPS) to safeguard the network perimeter and cloud security solutions all help as a safety net. Some AI driven tools can also improve efficiency and reduce the need and reliance of manual intervention. 

It might seem like a simple 50/50 split but both sides include a lot in them and are very crucial for minimizing errors and supporting effective incident responses. I tried to make it as balanced as possible to make sure both humans and systems connect to keep the organization safe from cyber threats.