The Human Factor in Cybersecurity

Posted by cpola006 on

In this paper I will talk about balancing the tradeoff of training and additional cybersecurity technology with a limited budget.

Introduction

With a limited budget, regardless of the amount, you have to balance it between the things you need to cover, in this case training and additional cybersecurity technology. You cannot focus one or the other too much because that will leave you vulnerable to all sorts of outsider threats, such as a ransomware attack on your system or am employee misguidedly (or even intentionally) bring an infected thumb drive to work with a virus that takes down your entire system.

Training or Cybersecurity?

So as stated above, you can’t focus on one or the other too much, they have to be balanced to a degree. Still, having said that, the majority of a limited budget should be directed towards systems that can keep cybercriminals out of your system in the first place. (Where to Focus Your Company’s limited cybersecurity budget 2023). Simple things like access control, multifactor authentication, and firewalls, are sometimes forgotten about and leave a company vulnerable. After handling the cybersecurity technology you should probably already have had, your other weak point would be your employees. A good CISO or cybersecurity team should train other employees on not falling for basic phishing attacks or reporting potentially disgruntled employees. Those in charge of hiring should be taught to vet potential hires to prevent a potential person attempting corporate espionage from joining a company.

Unfortunately Cyber threats change all the time and you have to always be prepared for whatever changes and new methods of attacking appear in the future, so you cannot just set the budget and call it a day. It had to be changed over time as different things happen. Say one day a cyberattack gets through via some flaw you hadn’t noticed in your system. Then it is time to expand the budget at the expense of training.  Then somewhere down the line some employee brings an infected thumb drive to work a month later and it simply bypasses all of your external protections since it is already in the system (Smith, 2022). Then you have to adjust you budget to fix that. Unfortunately, and despite what some will tell you, there is no “one size fits all solution” to a budget and cybersecurity and balancing

Conclusion

In conclusion, I talked about how to balance the tradeoff of training vs. additional cybersecurity with a limited budget.

References

  • Smith, E. (2022, December 12). Budget cuts: How cutting training may cost you more – global learning systems. Global Learning Systems – Cybersecurity Training Company. https://globallearningsystems.com/cybersecurity-training-budget-cuts/
  • Where to Focus Your Company’s limited cybersecurity budget. Harvard Business Review. (2023, May 23). https://hbr.org/2023/05/where-to-focus-your-companys-limited-cybersecurity-budget

Leave a Reply

Your email address will not be published. Required fields are marked *