The Elimination of The Human Error

Posted by ljohn100 on
The Elimination of The Human Error
BLUF:
I believe allocating funds towards training is way more important than allocating it towards
additional cybersecurity technology.
Introduction
If I were Chief Information Security Officer, I believe allocating funds would most likely
be the hardest part of the job, in my opinion. Especially in this case, when it comes to allocating
the large part of your funds towards the training of your employees or do you allocate it towards
additional cybersecurity technology? I believe there isn’t really a “wrong” answer here, but there
definitely is an answer that is more right than the other.
The Allocation
If they bestowed the honor of being Chief Information Security Officer upon me and
tasked me with allocating the funds between training and additional cybersecurity technology, I
would most likely allocate 80% of the funds towards training and the other 20% towards
additional technology. One might ask, “why would you put the large part of the funds towards
training instead of additional technology?”, well the answer is quite simple, I would take the
training anyday over the latter. Investing more towards the training will lead towards less
human-error, which is one of the primary goals of any organization. Once you allocate a
significant portion of the funds towards your employees receiving comprehensive training, the
less you would have to worry about not only less human error, but you’re also reducing the
likelihood of successful attacks and minimizing security risks all in one because of your educated
employees being the first line of defense against the cyberthreats. “According to a study by IBM,
human error is the main cause of 95% of cyber security breaches. In other words, if human error
was somehow eliminated entirely, 19 out of 20 cyber breaches may not have taken place at all!”
(Ahola 2022). After seeing this, I think it was a no-brainer for me to move forward with my
decision in sending the large part of the funds towards training.
Conclusion
In conclusion, I believe even there is no wrong answer to this question, there is one
answer that is extremely more right than the other. Allocating the large part of the funds towards
training is a complete no-brainer for me since most of the cyber breaches today happen simply
due to human error. The extra training can help eliminate the human error and also help
strengthen your first line of defense, which is your employees. Once you do that, the probability
of a cyber breach happening dwindles drastically.

Leave a Reply

Your email address will not be published. Required fields are marked *