Human Factor in Cybersecurity

Posted by lpayt006 on

When faced with a limited budget for cybersecurity needs, the allocation of funds should be split between areas that need the most focus. 

Cybersecurity Training and Technology 

If I had a limited amount of funds to use towards cybersecurity training and technology, the first step would be to determine what the needs of the company are. If the company is at high risk for phishing attacks, then more funds should be used towards training. Training employees for phishing attacks can help them be aware of the attacks before they occur. Avoiding phishing attacks will help employees and the company itself continue to work smoothly. If the company holds more sensitive information, then funds should be used towards cybersecurity technology. Businesses such as banks, hospitals, and government offices hold records with credit card information and addresses. Having this information in your systems can put your company at risk for cyber attacks so there should be more funds put into protecting the company’s systems. 

Costs

Training can be relatively inexpensive, especially when leveraging existing resources (e.g., online courses, internal workshops, or using platforms like KnowBe4 or CyberAwareness). It can also be scalable and easily integrated into ongoing work.

Cybersecurity technology (firewalls, intrusion detection, endpoint security, etc.) can be costly, particularly if you’re looking at enterprise-grade solutions. However, many vendors offer cloud-based or subscription models that can be more affordable than a large upfront investment in hardware.

Conclusion

In a limited-budget scenario, the allocation between training and technology depends largely on the specific risks your organization faces. Typically, training should be the first priority because human error is a significant attack vector, and improving employee awareness is often more cost-effective in the short term. However, key technologies (such as endpoint protection, firewalls, and MFA) should also be prioritized to protect against external and automated threats

References

Best practices on cybersecurity budget allocation: a research-based guide. (2024, August 29). Nordlayer.com. https://nordlayer.com/blog/best-practices-cybersecurity-budget-research-guide/

State and Local Cybersecurity Grant Program Fact Sheet | CISA. (2024, September 23). Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/resources-tools/resources/state-and-local-cybersecurity-grant-program-fact-sheet

Leave a Reply

Your email address will not be published. Required fields are marked *