Humans are the root cause of a majority of cybersecurity risks and threats. Computers are controlled by an authorized user or an individual with access to a system.
❖ Human error plays a role in vulnerability along with social engineering manipulating the human thought process.
❖ Simple and easy to learn training regimen to understand social engineering tactics and steps to secure a workstation.
❖ Optimize expenses for system log data monitoring technology.
Humans can be a major liability in cyber security for companies. Simple training and device monitoring technology could better manage users on an interface.

Human Error and Social Engineering

People are susceptible to making mistakes. In a corporal institute people are root users in direct control of computers. Many times people lack the sufficient means to harden or secure their devices. Here are the many ways a user would fail to reach proper security measures in a work setting, failure to close their devices when unattended, inability to create a complex passphrase, improper data storage, and improper configuration of computers. These are the many ways people fail to properly manage their work station.
The main insecurity for humans are social engineered attacks which target the human ability to distinguish from fraudulent or real entities. There are many various ways social engineering can manipulate people into disclosing sensitive information. “Such as, Phishing, vishing, smishing, whaling and many others.”(Cyberbitsetc) Phishing utilities emails to trick users into believing information that is false. Smishing uses text messaging to trick users, and vishing uses telecommunication to trick people. Phishing is extremely severe as stated in the quote,” over 90% of successful breaches worldwide starting with a phishing email.”(Cyberbitsetc) All of these forms of social engineering seek to fear monger or other manipulations to make users send attackers sensitive data.

Annual Training Regimen

Many people aren’t formally trained in a work setting to properly work securely online. A simple annual training regimen can be used to train employees the proper ways to manage online use and safely traverse the malicious activity that happens online and in a workplace. Simple training programs can be developed on slide shows to easily demonstrate the ways to identify malicious activity and demonstrate an understanding of company policies when faced with suspicious activity. A simple understanding of the framework can be met to optimize company security. There are other online training websites that aim to train users to identify different phishing scams like https://phishingquiz.withgoogle.com/. This will prove useful for training employees to safely use their devices and be cost effective because of its free access online.

SIEM system

Since” we live in a “zero trust world”(Capone, 1) it is crucial to properly monitor activity in a workplace This is done through technology of the SIEM system this system monitors activity on devices across a network and stores logs on information. The data collected can later be analysed to identify any malicious activity or abnormal activity within a server. This can be crucial because humans can become insider threats and in a world with zero trust it is important to invest in technology that can see any activity done on the network. This will ensure the security of the company remains high.

Sources

• Home | Cyberbitsetc, www.cyberbitsetc.org/. Accessed 3 Apr. 2025.
• Capone, Jeff , et al. “The Impact of Human Behavior on Security.” CSO Online, 3 Apr.
  2025,
  www.csoonline.com/article/565488/the-impact-of-human-behavior-on-security.html.