What is Human Contribution to Cybersecurity?

Human contribution within cybersecurity organizations performs the most important part when it comes to balancing a strong workforce. These factors can consist of adequate training, extensive knowledge, and formal policy procedure (What Is an Insider Threat). Humans are the backbone to ensuring that issues within these organizations do not occur, and are able to be fixed. Human contributions may also lead to the potential of cyber threats within these workforces. These cyber threats typically consist of insider employee flaws such as lack of skill, knowledge, and improper training. Training is imperative to keeping a cybersecurity organization efficient, along with physical technological factors as well such as focusing on IT systems and system infrastructures (ActiveTrak). These topics come with a financial cost, and it is important to consider which categories should be prioritized

Why Training is Important

When it comes to having a limited budget to disperse among a cybersecurity organization, I believe the category which should be financially prioritized is training. Training is beneficial to providing a greater return when invested in compared to physical technology. This is because the more educated humans are on cybersecurity policies and processes the more effective their contributions are in utilizing physical technology. If adequate training is not proficient, then these physical systems would not be able to perform properly, rendering the investment useless. The chance of an insider cyber threat increases due to the improper training of employees, supporting the need for specific policies and procedures for training to combat the potential for human error.

Effective Training Processes

When it comes to having efficient training processes, there is a need for strong cyber training methods. The potential for insider threats cannot be mitigated by technology alone, therefore there needs to be strong workplace procedures in place to prevent employees from unintentionally or intentionally causing harm to the system. These procedures are best implemented on an organizational level as opposed to the purchase of new technology. Training procedures are also cost neutral on a limited budget. These can be viewed as negligence, losing important data/information, losing physical data devices, and failure to adequately respond to potential risk assessments (Defining Insider Threats). Insider threats can also be considered accidental, such as falling for phishing scams, or failing to properly upkeep system maintenance (ActiveTrak). Having the power to enforce strong policies to prevent these instances from occurring is important. A few solutions that I believe would be beneficial include proper authorization roles introduced to data access, having strong passwords implemented and changed periodically, and shadowing employees to ensure that suspicious activity is at low (ActivTrak).

Conclusion; The Overview of Training and its impact

Prioritizing proper employee training within a limited budget is important because it decreases the chances of more costly issues happening in the long term. These factors of proper employee training create a domino effect that influences the efficient process of cybersecurity physical technology. When it comes to a limited budget, proper training procedures are not nearly as costly compared to additional technology, saving organizations from future instances of cyber threats due to poor human contributions financially and securely.

References

1. “Defining Insider Threats: CISA.” Cybersecurity and Infrastructure Security Agency
CISA,
https://www.cisa.gov/defining-insider-threats#:~:text=The%20Cybersecurity%20and%20I
nfrastructure%20Security,equipment%2C%20networks%2C%20or%20systems
2. ActivTrak. “7 Ways You Can Prevent Accidental Insider Threats.” ActivTrak, 11 Oct.
2021, https://www.activtrak.com/blog/7-ways-you-can-prevent-accidental-insider-threats/.
3. “What Is an Insider Threat? Definition & Examples: Proofpoint Us.” Proofpoint, 28 Mar.
2023,
https://www.proofpoint.com/us/threat-reference/insider-threat#:~:text=Insider%20threats
%20can%20be%20unintentional,corporate%20espionage%2C%20or%20data%20destr
uction.