The Human Factor in Cybersecurity

Posted by jslat004 on

The human contribution to Cybersecurity

The human contribution has a significant impact on cybersecurity, both positively and negatively. On the positive side, properly trained and educated employees can be a valuable asset in defending against cyber-attacks. For example, employees who 

are aware of the latest phishing and social engineering tactics can be more vigilant in identifying and avoiding suspicious emails and phone calls that may contain malware or lead to a breach. “Cyber threats range over sources and types. For example, spear-phishing emails typically target specific individuals or users, while malware is typically directed against websites or processes (e.g., Stuxnet). There is a varying range of malicious actors who work along a continuum of personal and ideological goals and intents, from individual actors, to hacktivists and on through to nation-state actors (Marble, J. L., Lawless, W. F., Mittu, R., Coyne, J., Abramson, M., & Sibley, C. (2015)”.

On the negative side, human error is often the cause of security breaches. Employees may inadvertently download malware or fall prey to phishing scams, which can compromise the security of an organization’s systems, data, and sensitive information. Additionally, employees may not follow security protocols, such as using strong passwords or updating software regularly, which can leave vulnerabilities that can be exploited by cybercriminals.

Therefore, it is crucial for organizations to invest in cybersecurity awareness training for their employees and establish strong security policies and protocols that are regularly reviewed and updated. By doing so, organizations can help mitigate the risks associated with human error and ensure that their employees are equipped with the knowledge and tools needed to protect against cyber threats.

Social media has been easy access for any possible cyber attacks. “Social media is exploited by malicious actors who use it as a conduit to identify vulnerabilities and targets. Information gleaned from social media can be used to tailor spear-phishing and other exploits (Marble, J. L., Lawless, W. F., Mittu, R., Coyne, J., Abramson, M., & Sibley, C. (2015)”.

Steps I would take if I was the Chief Information Security Officer (CISO)

As a Chief Information Security Officer (CISO) with a limited budget, balancing the trade-off between training and additional cybersecurity can be even more challenging. However, there are several steps that you can take to achieve a balance:

1. Prioritize your efforts: Conduct a risk assessment to identify the most important risks that your organization faces. Focus on addressing the highest priority risks first, and allocate your limited budget accordingly.

2. Leverage free resources: There are many free resources available online that can help you improve your organization’s cybersecurity posture. For example, the National Institute of Standards and Technology (NIST) provides free cybersecurity guidelines and best practices that can be implemented with little or no cost.

3. Invest in cost-effective solutions: Look for cost-effective cybersecurity solutions that can provide a high level of protection without breaking the bank. For example, endpoint security solutions can be relatively inexpensive and can provide a significant layer of protection against malware and other cyber threats.

4. Use open-source technologies: Consider using open-source technologies for your cybersecurity needs. Open-source technologies can be cost-effective and can provide the same level of protection as proprietary solutions.

5. Develop a culture of cybersecurity awareness: One of the most effective ways to improve your organization’s cybersecurity posture is to develop a culture of cybersecurity awareness. This can be achieved through regular training sessions and awareness campaigns that educate employees about the importance of cybersecurity and how they can help protect the organization.

Conclusion

By taking a prioritized, cost-effective approach that leverages free resources, invests in cost-effective solutions, uses open-source technologies, and develops a culture of cybersecurity awareness, you can achieve a balance that effectively mitigates risks while staying within your limited budget. Having a limited budget makes the job a little difficult, but it’s definitely possible to be successful still. Focus on obtaining the most needed resources or necessary steps to get the job done.

References 

Marble, J. L., Lawless, W. F., Mittu, R., Coyne, J., Abramson, M., & Sibley, C. (2015). The human factor in cybersecurity: Robust & intelligent defense. Cyber Warfare: Building the Scientific Foundation, 173-206.
Chicago
Karanja, E. (2017). The role of the chief information security officer in the management of IT security. Information & Computer Security, 25(3), 300-329.
Chicago

Leave a Reply

Your email address will not be published. Required fields are marked *