Ian Hagmann

11/20/2022

Cybersecurity Spending

Allocating funds for cybersecurity is very important as no company has unlimited spending for it. Finding a good balance between training and technologies is a broad start to cybersecurity funding.

Importance of Cybersecurity Training

Humans are the weakest link in cybersecurity. We are the reason why phishing exists, why spam emails exist, and why computers get misconfigured. Keeping employees from disclosing their login information or company secrets is very important. There are things that cannot be filtered away by predetermined rules like phishing emails and phone calls from social engineers. Without any training most employees would fall for cybercriminals all the time.

Importance of Cybersecurity Technologies

Cybersecurity technologies are preventing anyone with a lick of hacker knowledge from getting into our systems. Firewalls are dropping malicious packets constantly. Antimalware programs are preventing damaging malware from running. SIEMs are collecting logs from a lot of computers and enabling us to examine them broadly. But humans are helping criminals get past these technologies by falling for phishing and social engineering. 

Conclusion

I would put maybe 65% of my funds into training employees, present and future, because they can allow criminals to get past whatever technologies I put in place. Of course that means that the other 35% goes to cybersecurity technologies. You still need to protect systems from hacking attempts and having paid firewalls and EDR usually means more robust and updated frequently. 

References

Tuorinsky, E. (2021, September 2). The human factor in cybersecurity. www.securitymagazine.com. https://www.securitymagazine.com/articles/96009-the-human-factor-in-cybersecurity