The Human Factor In Cybersecurity

Posted by jhill079 on

Preface

Because of the limited budget that I have, for training I would like to use a 50% percent approach, cybersecurity would have to be 35%, and any research of new technologies would make up the rest of the budget. This allocation into three of these major fields will be beneficial in prioritizing training and tech investment.

The Reason for Training
The error of human beings accounts for any or all cybersecurity breaches, which would make the importance of training highly important to condition employees for error. The multitude of human cognitive flaws and overall imperfections of one in general, morally and so on- is a huge part for the importance of training. There are a lot of ways to train employees about phishing, malware attacks, and other type of breaches by:
Making training more interactive and fun
Have as much hand on learning as possible
Encourage employees to have more creative freedom with training instead of adhering to a system
“Creating a culture of society”(CybSafe 2023).

Why Technology Still Counts
Even with well-trained staff, technology is indispensable for addressing advanced threats. I would invest in these tools:
EDR Techology: real time monitoring for threats (Microsoft 2023).
Cloud Security Technology: more personalized safe ways of keeping information.
Integrating Training and Technology
Combine efforts where possible. For example, phishing simulations can educate employees while identifying organizational vulnerabilities. This approach strengthens defenses without significantly increasing costs.

Budget Allocation Summary

50% Training: Equip employees to be the first line of defense.
35% Technology: Prioritize critical, scalable security tools.
15% Evaluation: Monitor and refine strategies for continued effectiveness.

Conclusion
In conclusion, the importance of balancing training and technology is essential for maximized security on a budget that is limited. By investing more in training in technology- along with any evaluation, any organization- big and small can make use of mitigating threats with these resources.






References
CybSafe. (2023, October 24). 7 reasons why security awareness training is important in 2023. https://www.cybsafe.com/blog/7-reasons-why-security-awareness-training-is-important/#:~:text=Security%20awareness%20training%20helps%20protect,potential%20threats%20and%20respond%20appropriately.
What is EDR? endpoint detection and response: Microsoft security. What Is EDR? Endpoint Detection and Response | Microsoft Security. (n.d.). https://www.microsoft.com/en-us/security/business/security-101/what-is-edr-endpoint-detection-response



Leave a Reply

Your email address will not be published. Required fields are marked *