If I were to have a limited budget, I would mainly try to minimize the amount of personnel in charge and focus more on automation and better-quality security and policy training to balance the tradeoff of training and additional technology. Capone explains that humans are at the core of security breaches by stating that “it’s human nature to be efficient – find the easiest and fastest way to accomplish a task” (Capone 2018). Humans by nature make mistakes and do not always know what the best call to make it and that is why I would minimize the amount of personnel and invest more in technology and automation systems to help govern things. Humans make mistakes and miss things so having technology handle most of the security would help minimize missing things and help prevent attacks and leaks as well. I also agree with Capone that everything should be secured due to not knowing when that information may become sensitive information later. With a limited budget, I would keep the number of personnel low and be selective with who has what privileges. Only a selected few admins would be able to remove restrictions to lower the possibility of accidentally removing security on data and it being leaked or hacked. Pogrebna explains that understanding human behaviors is vital to cybersecurity because “social engineering is an important component for a majority of successful attacks” (Pogrebna 20) and that these attacks rely on the cooperation of the victims themselves. Since humans fall victims due to a lack of better knowledge of being tricked by their feelings, I would bring in quality training to the personnel in order to minimize the amount of incidents that we have. Minimizing the number of personnel, implementing technology, and providing quality training might not prevent all security leaks or attacks but addressing various aspects and trying to better train and improve them might help minimize them.
Resources
Capone, & Capone, J. (2018, May 25). The impact of human behavior on security. CSO Online. Retrieved February 27, 2022, from https://www.csoonline.com/article/3275930/the-impact-of-human-behavior-on-security.html
Pogrebna, G. (2020, February 14). Cybersecurity as a behavioral science: Part 1. CyberBitsEtc. Retrieved February 27, 2022, from https://www.cyberbitsetc.org/post/cybersecurity-as-a-behavioural-science-part-1