People’s technological literacy has not scaled with the advancements in technology. With that in mind, it is up to industry leaders to acknowledge this and implement a strategy to bridge the gap rather than crutching on technological advancements which leaves people further behind. By not prioritizing the human factor, industry leaders perpetuate the risks to their organizations.
THE CURRENT SITUATION
Technology is indeed advancing as there is the promises of quantum computing on the horizon and AI that can pass a licensing test (Brueck, 2023). However, with these advancements there now exists a technological knowledge gap in the within the general population. Those that are chefs, lawmakers, or even bankers cannot be expected to have a full time job in addition to the full time commitment that is required of cyber security (Klimburg-Witjes & Wentland, 2021). As Chief Information Security Officer, I am charged with bridging the gap to improve the security posture of the organization I am charged with protecting. The primary options available are improved technology and improved personnel training.
THE OPTIONS
Having a department that is well versed in their area of expertise as well as latest and greatest in technology and the controls/mechanisms associated with it no doubt improves the posture of the organization. Creating a “Fort Knox” is the goal of many organizations. However, this coveted level of security is significantly impaired when humans are introduced. Social engineering is one of is not the most used tactic to gain unauthorized access to networks/systems (Klimburg-Witjes & Wentland, 2021). Therefore, training and education should the priority focus when determining the allocation of funds. It is worth mentioning that while technology appears to be unimportant, it is very much the boon and bane of any organization but as CISO, I believe the greatest return on investment is in training and education.
THE IMPLEMTATION
First and foremost, the network administrators will need to review and adjust the accounts on the system/network and the permissions/accesses the accounts have. No one in accounting should have access to research and development. Proper account management is important to ensure the spread of an attack is stifled. Simultaneously, I would implement a passphrase and multi factor authentication. In order to keep it simple, I would use a token generator either on their phone or a FOB that is assigned to them.
Next is when the training comes in as more often than not, your entry level workers are ill-equipped to survive in the technological environment that is prevalent in our society. There will be a balance between tests and knowledge as to not bore the learner as well as keeping duration of the training short enough to be enjoyable but long enough to be impactful.
Finally, I would incorporate tests against the organization to probe their resilience. Phishing and social engineering scams as well as penetration testing to find the weaknesses and shore them up. By providing an opportunity for the users to apply their newfound knowledge, we validate their time spent learning these new skills.
CONCLUSION
In conclusion, humans have a gap between the tech knowledge and the tech used. By reducing the reliance of technology to protect the organization and instead focus on the people that use said tech, we can improve the overall posture to a greater extent vice crutching on tech in the hopes that till will protect the organization.
REFERENCES:
Brueck, H. (2023). The newest version of CHATGPT passed the US medical licensing exam with flying colors – and diagnosed a 1 in 100,000 condition in seconds. Insider. https://www.insider.com/chatgpt-passes-medical-exam-diagnoses-rare-condition-2023-4
Klimburg-Witjes, N., & Wentland, A. (2021). Hacking Humans? Social Engineering and the Construction of the “Deficient User” in Cybersecurity Discourses. Science, Technology, & Human Values, 46(6), 1316–1339. https://doi-org.proxy.lib.odu.edu/10.1177/0162243921992844