The Human Factor in Cybersecurity
Derek Beckham
February 27, 2022

It is common knowledge that humans are considered the weakest link in an organization’s cybersecurity chain. Human contribution via social engineering is one of the main cyber threats that organizations face. Even if the employee’s intention is honest or harmless, they can still be manipulated into disclosing sensitive information to a malicious actor. That is why proper security training is one of the best investments an organization can make. The right training combined with well maintained systems can be enough to fend off the most basic threats.

Balancing training and additional technology with cost is a common problem faced by IT departments in every industry. Security is costly and employee training, system maintenance and upgrading to new technologies must be taken into consideration. In order to get the most out of an organization’s cyber-threat mitigation strategy, I would recommend continuous mandatory security training for all employees to keep them up to date on legacy and emerging threats.

I believe that employee training is the single most important aspect of a good security response. It does not always have to be expensive top of the line training either. While companies like SANS can charge thousands of dollars per session, per employee, there are many other cost-effective training platforms available. I have had success with training programs like Advisera and Udemy that offer enterprise-wide solutions for an affordable price. Udemy even has CompTIA Security+ training paths that I believe should be mandatory on-boarding for any employee dealing with sensitive information. I do not believe they should be forced to sit for the exam, but just being exposed to the knowledge of common threats would drastically help the organization’s security posture. Advisera offers short, targeting training modules that only take a couple of minutes. I do not believe there is such a thing as over-training when it comes to cybersecurity awareness.

Bibliography
1. 2, November, et al. “Security Theatrics or Strategy? Optimizing Security Budget Efficiency and Effectiveness.” Infosec Resources, 24 Mar. 2021, https://resources.infosecinstitute.com/topic/security-theatrics-or-strategy-optimizing-security-budget-efficiency-and-effectiveness/.

2. “FAQs Archive.” Support Center, https://advisera.com/support/knowledgebase/.

3. How Are Udemy Courses Priced? Student FAQ . https://support.udemy.com/hc/en-us/articles/229606248-How-are-Udemy-Courses-Priced-Student-FAQ.

4. Tuorinsky, Edward. “The Human Factor in Cybersecurity.” Security Magazine RSS, Security Magazine, 2 Sept. 2021, https://www.securitymagazine.com/articles/96009-the-human-factor-in-cybersecurity.