The Human Factor in Cybersecurity

Posted by deldr005 on

Balancing Cybersecurity Training and Enabling Technologies on a Shoestring Budget
As CISO, I must make important decisions regarding the rightful application of a very
limited cybersecurity budget. With cyber threats evolving every moment, employee training
becomes an important battlefield against human errors. This calls for some weighing of resources
between user training and technical defenses. Although technology forms the backbone for the
defense of organizational infrastructure, people are the first line of defense. Thus, I will prioritize
spending in a way that checks both human and technical aspects of cybersecurity.
Prioritization of User Training and Awareness
Roughly 60% of the budget would then be invested in user training and awareness
programs. The reason for this is that a large number of cyber incidents tend to be caused by the
actions and movements of users, such as falling prey to phishing emails, opting for weak
passwords, or mismanaging sensitive data. Continuous and interactive training, such as phishing
simulations, video-based modules, and awareness campaigns, can arm employees against
ever-increasing vigilance and security consciousness. In such cases, a well-trained workforce is
not relegated to the likelihood of successful attacks only; they form a culture of cybersecurity
awareness that pays dividends over time. Research has shown that human error frequently causes
security threats and that targeted training may be the most effective way to minimize this risk
(Amoresano, 2021).
Investing in Cybersecurity Technologies
Approximately 30% of the budget would be used for key cybersecurity instruments and
technology: a collection of next-generation firewalls, endpoint detection and response (EDR)
solutions, multi-factor authentication (MFA), email filtering, and patch management tools. While
training stops many of the threats, these technologies provide vital protection-mechanisms to
automatically detect threats, monitor system vulnerabilities, and stop attacks going through the
human defense. The selection of the right tools can provide strong protection at a reasonable
cost.
Incidence Response and Risk Assessment
The last 10% of its budget would concern incident response planning and risk
assessment. This covers activities like tabletop simulations, protocols for response, and the
hallmark of regular security audit. These activities build up the preparedness of the organization
toward effective response in the event of security being breached while at the same time pointing
out the holes in training and technology. These get-ahead assessments ensure resources are being
used intentionally while keeping agility against the newest threats.
Conclusion: Building the Cybersecurity for Resilience
All in all, cybersecurity is no longer a technological problem; it has become a problem
for humankind. Hence, staying the course with a balanced investment strategy skewing a little
toward training guarantees that employees become co-security guardians of the organization. As
highlighted by NIST (2003), even a slight investment of resources in security education and
training may significantly enhance an organization’s security system. The investment in
important security technologies, meanwhile, ensures automation and threat-detection
capabilities. Even on a limited budget, it is possible to achieve all this if planned and well
accounted for.


References
Amoresano, K. (2021). Addressing human error through effective cyber policy design. University
at Albany, SUNY. Retrieved from https://scholarsarchive.library.albany.edu
National Institute of Standards and Technology. (2003). Building an Information Technology
Security Awareness and Training Program (NIST SP 800-50). Retrieved from
https://nvlpubs.nist.gov

Leave a Reply

Your email address will not be published. Required fields are marked *