Balancing funds between training and cybersecurity technologies

Posted by bdoan002 on

To ascertain materiality in the event of a breach, CISOs must pay closer attention to risk
assessments because of stricter requirements, such as the Security Exchange Commission’s
2023 cybersecurity disclosure guidelines. To determine a clearer monetary value for risk and to
quantify the impact of a breach beyond the High, Medium, and Low categories that many
businesses utilize, CISOs must collaborate even more closely with business executives. CISOs
who have depended on in-depth technical expertise and lack financial acumen will be at a
disadvantage in these settings.

Factoring humans into cybersecurity


In cybersecurity, end users and staff continue to be a major weakness and the main targets of
malevolent threat actors’ attacks. Although it is crucial to recognize that people provide the
biggest threat to cybersecurity measures, many company executives must appropriately address
problems pertaining to human performance. The necessity for adequate training on the function
of human factors in cybersecurity is the reason behind the continuous worry about problems with
human performance (Yasar et al., 2023). Errors made possible by human interaction are largely
caused by a lack of security awareness combined with inexperience, carelessness, indifference,
malfeasance, and resistance. Because of the ever-changing nature of cybersecurity threats,
organizations must have countermeasures in place to prevent breaches, attacks, and incidents.
While ignoring human flaws and limits, most firms use technology to counteract cybersecurity
risks and attacks. Humans are an attack vector since most commercial entities must take into
consideration the human factor due to the growing technology hardening in cybersecurity (Yasar
et al., 2023).
An integral component of corporate security is security awareness. This includes educating staff
members about security guidelines and ensuring they stay updated on emerging dangers and
technologies. Users are less likely to engage in dangerous behavior when they are aware of the
hazards associated with their choices. For instance, phishing emails with harmful links are
regularly sent by attackers. Users may provide attackers with access to an organization’s network
if they click on these links or engage in other dangerous activities (Yasar et al., 2023). However,
users can prevent these attacks by receiving frequent training on common dangers and
upcoming threats. As human users are constantly being attacked through various social
engineering tactics, most funding should go towards human training and awareness as they’re
both needed to safeguard organizations from imminent cyber threats that exist.

Funding cybersecurity technology

To lessen vulnerabilities, technical controls make use of hardware, software, and firmware. A
technological control is installed and configured by an administrator, after which it automatically
offers protection. Thus, cybersecurity technology should aid professionals in safeguarding
organizational assets and systems from cyber threats. Networks are monitored by intrusion
detection systems (IDSs), which issue alerts when they notice questionable activity on a system
or network. Intrusion prevention systems (IPSs) respond to ongoing attacks and stop them before
they can affect networks and systems (Palo Alto Networks).
Additional software that is installed on a machine, like a workstation or server, is known as a host based intrusion detection system (HIDS). It keeps an eye on each host, examines important
operating system files, and can identify possible threats. Any IDS’s main objective is to keep an
eye on traffic and notify administrators of any questionable conduct. It is important to emphasize
that a HIDS can assist in identifying harmful software (malware) that conventional antivirus
software may overlook (Palo Alto Networks). As a result, in addition to standard antivirus
software, many businesses install HIDS on each workstation as an additional layer of security. A
workstation HIDS will keep an eye on network traffic coming to the workstation, much like the
HIDS on a server does. Nevertheless, a HIDS can also keep an eye on local resources like
operating system files, log files, and certain apps (Palo Alto Networks).

Conclusion


Since humans are dubbed the weakest link within cybersecurity, I would allocate most money to
training human users, as well as the employees. With regards to technology that aids
cybersecurity, it should aid human security professionals in defending against cyber threats.
Thus, cybersecurity technology will never replace human involvement until there is true artificial
intelligence. Humans must be understood for their strengths, as well as their limitations. To help
security professionals perform their jobs to their best abilities, technologies and training should
be invested in to allow users and professionals alike to better mitigate threats before they
materialize. Both security technologies and training, if utilize effectively, can reduce the chances
of security incidences and breaches.

References


Palo Alto Networks. (n.d.). Ips. vs. IDS vs. firewall: What are the differences?. Palo Alto
Networks. https://www.paloaltonetworks.com/cyberpedia/firewall-vs-ids-vs-ips
Yasar, K., & Pratt, M. K. (2023, October 12). What is Security Awareness Training?: Definition
from TechTarget. Search Security.
https://www.techtarget.com/searchsecurity/definition/security-awareness-training

Leave a Reply

Your email address will not be published. Required fields are marked *