Uncategorized

To Train Or Not To Train

Posted by drhod002 on


Dominique Rhodes
Department of Cybersecurity, Old Dominion University
CYSE 200T: Cybersecurity-Technol-Society
Harry R. Cooper
02/27/2022


Jeff Capone said that “security problems typically start with people”, and I couldn’t agree with him
more (Capone, 2018). I just must add that security problems also “typically” are deterred by or
ended with people as well. I don’t think that critical thinking and problem solving should be fully
automated because machines can malfunction just as quickly as a human can. I feel if you make
training a key piece of your security framework, it will pay off just as well as any high-priced
gadgets or programs. To me, people are a company’s greatest asset. Therefore, with a limited
budget, I would have to treat employees as assets. Training is an investment.
If I am going to trade technology for training, I need to focus on effective training methods. I’m
sure most companies require training on basic security measures such as phishing, piggy
backing, and things of that nature, but most of the time it’s probably a one-time online course that
after completion you show your certificates and you’re good to go. To me, that will lead to
complacency. How about we establish random live training after those courses. For example,
phishing is still the number one cyber threat with 91% of cyberattacks starting with a phishing
email (Zurier, 2016). I would have to do random fabricated phishing attempts routinely to ensure
that the training of the courses are effective. And if someone is hit by the training attack, then
there should be consequences which will lead to deterrence of future mishaps. This effect would
be like a kid touching a hot stove. Psychological events like these should produce some
technological benefits.
In the end, let’s compare cybersecurity and cyberthreats to sex. The only true way to prevent
STDs and unplanned parenthood is through abstinence. You could have the strongest condom or
the most advanced birth control, but there would still be risks. Therefore, if you are going to
engage in sex, you need sex ed. The same goes for cybersecurity. No matter what technology
you have, your first line of defense will always be the training and education of your personnel.
So of course we are going to have the necessary technology to combat the war on cybersecurity,
but to balance it all we have to put the people on the front line.


References
Capone, J. (2018). The impact of human behavior on cybersecurity, 1–3.
Zurier, S. (2016, December 13). 91% of cyberattacks start with a phishing email. Dark Reading.
Retrieved February 27, 2022, from
https://www.darkreading.com/endpoint/91–of-cyberattacks-start-with-a-phishing-email/d/d-id/1327
704

Leave a Reply

Your email address will not be published. Required fields are marked *