“Awareness Over Tools”- Write-up

Posted by jmint006 on

Based on the weekly readings and courses I have taken in cybersecurity, I am learning that cybersecurity is not only a technical issue; human error also plays a huge role.  If I were a Chief Information Security Officer with a tight budget, my primary focus would be on providing proper training for my employees. Of course, technology tools and equipment, but humans are the first response when it comes to an incident.  I would ensure that all employees (not just information security employees) in the organization have the proper training. The training would include the most common issues, such as phishing emails, vishing calls, and stronger password practices.

 I would also invest in technology tools to support the organization’s protection. Even though training awareness would be my priority, having the right tools to defend is essential as well. Tools such as multifactor authentication, system monitoring tools, and antivirus software would be included in my budget. I believe that having a strong defense response is crucial in today’s world, especially given how technology has evolved over the years. According to the article “Cybersecurity Risk Assessment and Mitigation Strategies for SME’S” a lack of awareness, limited resources, and inadequate cybersecurity expertise often leave SMEs vulnerable to cyberattacks (2024). The article discussed how limited resources and awareness can hinder an organization and increase its risk of hacking. This article aligns perfectly with the discussion on budgeting and on prioritizing what is most important: technology issues or awareness training when in the role of a CISO.

Conclusion

Cybersecurity is not just about technology; it also involves human participation. It is crucial to choose the right products when budgeting for your organization’s Cybersecurity, of course. When an organization decides to prioritize awareness training over technology tools, it can not only strengthen the organization but also enhance its awareness and defense, and initially reduce risk.

Reference

SK Research Group of Companies. (2024). Cybersecurity risk assessment and mitigation strategies for SMEs. International Journal of Computer Science, 12(2), Article No. 07. IJCS Journal | International journal of Computer Science

Leave a Reply

Your email address will not be published. Required fields are marked *