This article explains the importance of cybersecurity training and upgrading cybersecurity technology. An explanation of how cybersecurity training and upgrading cybersecurity technology should be balanced in an information security budget is also provided.

Importance of Cybersecurity Training

Ensuring that employees receive up-to-date cybersecurity training is one of the most important things a company can do to increase its security posture. Humans are often regarded as the weakest link of any cybersecurity framework, and according to a survey conducted by Mimecast, 83% of the company’s surveyed had accidental data leaks caused by employee error, even though 97% provide cybersecurity training to employees (Canham, 2022). This demonstrates the importance of not only training employees on best practices to avoid falling victim to cybersecurity attacks, but also ensuring employees receive up-to-date and frequent training refreshers. In addition, employers should utilize cybersecurity training drills like fake phishing emails, to identify and address any weak spots in employee training.

Importance of Upgrading Cybersecurity Technology

As the technical landscape continues to grow, it is crucial that cybersecurity technology grows along with it, lest companies fall victim to increasingly sophisticated cyberattacks. Government consumer privacy regulations also continue to expand, with over 5 billion people projected to be covered by regulations by 2026, requiring companies to stay up to date on data privacy laws. (van Rijmenam, 2022). More information is also available to cyber criminals than ever before due to the growing presence of social media. Artificial intelligence and machine learning are making cyberattacks more sophisticated, but they also provide improved cybersecurity technology to defend against attacks. All of this demonstrates the ever-changing technical landscape, as well as the importance of ensuring a company’s cybersecurity technology grows with it.

Balancing Training & New Technology

While both cybersecurity training and adopting new cybersecurity technologies are important to keep companies safe from cyberattacks, budgetary constraints force Chief Information Security Officers (CISOs) to prioritize their funds in a way that best protects their organization. To determine how funds should be allocated, a comprehensive risk management assessment and penetration test should be conducted to identify any weak spots in the company’s existing cybersecurity infrastructure, both on the human and technical fronts. Using the results of these assessments, the CISO should allocate funding in a way that best enhances the cybersecurity infrastructure. For example, if the company already has an effective intrusion detection and prevention system and strong firewalls but many employees fall for a phishing email, the company should dedicate more resources towards training than adding new technology.

Conclusion

In conclusion, up-to-date cybersecurity training is important due to the large number of cyberattacks that have a human component. Updated cybersecurity technology is also important as it ensures the company is keeping up with the ever-changing technical landscape. To determine which aspect of cybersecurity, training or updated technology, is most important to direct funding towards, the CISO should conduct tests to identify existing weak spots in the cybersecurity architecture and allocate funds accordingly.

References

Canham, M. (2022, April 29). The Good, the Bad, and the Ugly of Security Awareness. Mimecast. https://www.mimecast.com/blog/the-good-the-bad-and-the-ugly-of-security-awareness/

van Rijmenam, M. (2022, August 24). How Cybersecurity is Changing Technology Today. The Digital Speaker. https://www.thedigitalspeaker.com/cybersecurity-changing-technology/