The Human Factor in Cybersecurity

Posted by jwalo001 on

Many companies and organizations have to assess how much behavior training and technology are needed to handle cyber threats. When faced with a limited budget, organizations need to balance the two aspects to get the most out of them. How would organizations go about this process? Is one aspect more important than the other?
If I was faced with this situation, I would allocate most funds to behavior training rather than technology. In the Cyberbitetc article, it is explained that most cyber threats involve social engineering. “Note that of the 9 areas of the psycho-technological matrix of cybersecurity threats, only 3 do not involve human psychology while 6 either may to some extent rely on human psychology or have human psychology as a key factor” (Pogrebna, 2020). All cyber threats start and end with people. It takes a person to initiate a cyber-attack and it takes a person to respond to it. For example, a virus is purely digital but requires a user to open an email attachment, click a link, or go to a website for the virus to function (Pogrebna, 2020). In addition, 91% of cyberattacks start with a phishing email according to a study by PhishMe (WriterDecember 13 & 2016, 2016). When viewing cyber security as behavioral science, it becomes clear that most cyber vulnerabilities are caused by people and cybercriminals take advantage of that. That’s why I believe the psychological aspect of cybersecurity is more important than the technological.
With all that said, it’s important to not underestimate what technology can do when it comes to security and accessibility. Depending on the amount of data needed to be protected, organizations can’t rely on manual methods to keep data safe. “A technology solution would automatically log all the data for reporting and auditing purposes, and also enables security orchestration tools to take immediate action based on any risks uncovered in the logs”(Capone, 2018). While behavioral science is the more important process when assessing cyber threats, an automated technological solution should be applied in the appropriate situation.

References

Pogrebna, G. (2020, February 14). Cybersecurity as a Behavioural Science: Part 1. CyberBitsEtc. https://www.cyberbitsetc.org/post/cybersecurity-as-a-behavioural-science-part-1

WriterDecember 13, S. Z., & 2016. (2016, December 13). 91% Of Cyberattacks Start With A Phishing Email. Dark Reading. https://www.darkreading.com/endpoint/91-of-cyberattacks-start-with-a-phishing-email

Capone, J. (2018, May 25). The impact of human behavior on security. CSO Online. https://www.csoonline.com/article/3275930/the-impact-of-human-behavior-on-security.html


Leave a Reply

Your email address will not be published. Required fields are marked *