The impact humans have on cybersecurity is something I never put much thought towards. I always thought that if technology was having an issue then it was the technology acting up, but the article “Why Is Cybersecurity About Human Behavior?” and “The Impact of Human Behavior on Cybersecurity” gave me two different perspectives that changed my way of thinking. The author of “Why is Cybersecurity About Human Behavior” talks about how human psychology can play a role in certain cyber-attacks. They say, “social engineering is an important component for a majority of successful attacks making the weak spots of human psychology to be the major weapon of cybercriminals” meaning cybercriminals utilize human’s ways of thinking against them in some form of manipulation to carry out an attack (“Why Is…”, 2020, pg.5). The article then explains what the Psycho-Technological Matrix of Cybersecurity Threats is and how cybercriminals use it to execute certain attacks (“Why Is…”, 2020, pg.3). The Matrix divides threats up by their use of technology whether the attack is physical or digital and by the use of human psychology whether it’s independent completely or essential to the success of the attack (“Why Is…”, 2020, pg.3). For example, wiretapping someone requires no use of human psychology and can be done without the use of technology on one side of the scale (“Why Is…”, 2020, pg.4). On another side of the scale, the creation of a virus needs technology and requires human psychology because a person would have to be attracted to an email and then open it for the virus to actually spread (“Why Is…”, 2020, pg.4). After reading this article I understood how important human behavior is on cybersecurity in a psychological way. I learned how cybercriminals can use people’s own perceptions against them to successfully execute an attack.

The next article “The Impact of Human Behavior on Cybersecurity” gives a completely different perspective than the first article. The author, Jeff Capone, talks about how humans themselves are a threat to the cybersecurity world. He says, “I’ve learned that security problems typically start with people and having them responsible for implementing it is usually a bad idea” and then elaborates more into the article with reasons why humans shouldn’t be in charge of cybersecurity (Capone, 2018, pg.1). Capone explains his first reason being “the world is too dangerous” meaning we live in a “Zero trust world” people are so sneaky and cannot be trusted by one another to do anything let alone protect important data (Capone, 2018, pg.1). The second reason is “manual methods can’t keep up” meaning that people aren’t reliable enough for protecting sensitive data. So much data is created that it would be nearly impossible to keep up with what needs protecting using manual methods making the job harder than it needs to be (Capone, 2018, pg.2). The third reason is “too much sharing is hard to manage” meaning there is no way for companies to know what their employees are doing with data. Capone says, “once information leaves the protection of a secured file it is no longer protected” whether an employee makes a copy for a PowerPoint or simply talks about their workday with a friend the information is hard to keep track of (pg.2). The last reason is “some data breaches are intentional” and this plays back to the first reason that humans cannot be trusted with sensitive information because they could use it for their own purposes and go against the company (Capone, 2018, pg.3). Whether an employee accidentally tells a friend what is going on in the workplace, hacks into the company to sell information to another company, or makes copies of data for a work project these are all forms of a breach that can happen and destroy the company. After reading this article, I learned that humans are a threat to cybersecurity whether it’s purposely or unintentionally. Capone makes it clear that he believes it’s better for computers or technology to handle security issues because technology is less likely to make human errors without the actions of a human.

If I were running a company and had to make budget decisions about employee training and the use of technology for security purposes I would balance the budget to favor the use of technology more. I too believe that technology would be a more reliable source of security for data because I wouldn’t have to worry about an employee intentionally destroying my company from within. People are human and make mistakes sometimes, which is normal, but it makes people seem untrustworthy for handling sensitive things. I would still train employees for my company because people also do good work because they mix emotions with their logic and computers can’t do that. I will also need employees for backups if the technology decides to shut down, so people could step in to continue the job and fix the technological issues. As a “work smarter not harder” mindset would go, using technology more would be good because the computer systems would do all the heavy lifting, and employees would be the backup method that can correct the systems and keep the mistakes to a minimum. This keeps all the worries of trusting employees at a small amount but also enough that they are still useful in my company.