After reading two contrasting opinions, I have opened my perspective about investing more money in technology and training than I did previously. Reading Jeff Capone’s article opened my eyes to how technology is in the hands of humans and how the world is evolving. Being human It’s perfectly natural to seek the simplest and quickest method to complete a task by discovering new shortcuts. But unfortunately in the realm of cybersecurity, shortcuts are dangerous, especially when it comes to essential data, intellectual property, sensitive information, and reputation. We are all human and sometimes we make mistakes, but this article also highlights the fact that employees might sometimes purposely compromise an organization’s security. This article makes it seem that removing humans from the equation is the only way to fully safeguard, prevent, and enforce compliance.

On the other hand, according to the other article, we appear to rely heavily on humans in this cyber environment. Social engineering is an essential element for the majority of successful attacks, making the weak points of human psychology the primary weapon of cybercriminals; we need to understand human psychology in order to stop these attacks, which is why we can’t have technology do everything because it lacks that human-like factor. This article also brings up a good point that only three of the nine categories of the psycho-technological architecture of cybersecurity risks do not involve human psychology, while the remaining six either rely on human psychology to some degree or have human psychology as a vital component. Being human does not have to be a cybersecurity weakness or disadvantage.  Hackers, in most situations, do not target systems, but rather individuals. As a result, the best way to defend against such attacks is to ensure that everyone in your business is trained in detecting cybersecurity risks.

In conclusion, after hearing various perspectives on this subject, I believe that with a limited budget, I would balance this tradeoff by going in half and half. I believe that it is important to invest in more technology so that we can have everything secure and not have to guess what needs to be protected and what does not, but I also believe that we need training as well. As stated in the second article, cybersecurity is constantly evolving, so training should not be a one-time thing. This means we would need to invest in a type of training that could be constantly enforced since this field is always growing. Combining education and technology ensures that mistakes, even if they occur, do not ruin your company. Merging education with technology is critical in cybersecurity.

References

Capone, J. (2018, May 25). Capone – the impact of human behavior on security. Google

Docs. Retrieved from VASo-behDfY/edit?usp=sharing

Pogrebna, G. (2020, February 14). Cybersecurity as a behavioral science: Part 1.

CyberBitsEtc. Retrieved from