Introduction 

Threat actors are always working full time to try to break into secure systems. Whether it’s taking advantage of weak security practices, holes within the system or human error, organizations must ensure that they find a good balance to prevent major losses. This balance is difficult to achieve as technology grows with each day. Determining which area in cybersecurity to focus on is crucial to an organization’s data and budget.  

Cybersecurity Technology vs Human Error 

It’s not news that cyber-attacks are becoming more frequent regardless of new safeguards organizations are attempting to implement. A Stanford study showed that 88% of cyber-attacks on businesses were a result of human error (1). Organizations turn to multifactor authorizations, challenging passwords and regular cyber awareness training as a form of defense against human error. While setting aside money for training is a good use of budgetary funds, it cannot be the primary form of cyber protection. Threat actors are working nonstop finding new ways to trick users in order to gain access to sensitive information. The focus should be to ensure that proper firewalls, detection systems, permissions/accesses and authorizations are in place to counteract the damage an employee is capable of, even if it is an accident. If the employee has access to sensitive information but only from an authorized device, implement a form Mobile Device Management, MDM, in order to properly secure the information at all times. Cyber security does not have to be robust, depending on the organization, simple practices such as encryption, access control, back up/ recovery plans, and network security can dramatically enhance cyber defenses. Another important aspect of cyber security that an organization should focus on is risk management. Consistently monitoring, analyzing, and auditing the system for threats and building cyber practices using the risk management framework allows organizations to check for weaknesses routinely.  

Conclusion 

Organizations should focus their funds on additional cyber technology as their main form of protection. Human error cannot be predicted, however with the right cyber security practices and technologies, the risk of data loss is lessened.  This allows consistency throughout the organizations and makes it easier for them to notice if or when an incident occurs.  

References: 

1. Sjouwerman, S. (2024, May 9). Stanford Research: 88% of data breaches are caused by human error. KnowBe4 Security Awareness Training Blog. https://blog.knowbe4.com/88-percent-of-data-breaches-are-caused-by-human-error  

2. Rodrigues, J. (2024, April 2). Top 5 methods of protecting data. TitanFile. https://www.titanfile.com/blog/5-methods-of-protecting-data/#:~:text=Network%20Security,-Network%20security%20refers&text=This%20can%20include%20using%20firewalls,information%20transmitted%20over%20the%20network.  

3. Computer Security Division, I. T. L. (2016, November 30). About the RMF – NIST risk management framework: CSRC. CSRC. https://csrc.nist.gov/projects/risk-management/about-rmf