Budgets are tight everywhere, including cybersecurity. With that in mind, it’s important to allocate funds to where they can be most effective. Training addresses the biggest vulnerability in most systems, the human element, and can also make technological security factors more effective. Because of this, training should be the biggest item in a security budget, followed by defensive technology and then technology directed toward responding to and recovering from breaches.
Training
Humans are generally the weakest link in security. “Nine out of 10 (88 percent) data breach incidents are caused by employee mistakes.” (Sebastian) It’s easier to take advantage of politeness and follow someone into a secure building than to forge a fake security badge; it’s easier to ask someone to reset a password than to discover the password through brute force. Because of this, funding put towards training can be the most beneficial in preventing breaches. Training should be regular- it’s easy to forget about what you learned in all the orientation classes you took when you were hired. Instead, security information should be refreshed on a regular basis, for example a short monthly or quarterly class. Present it to employees as an excuse to take off work for a couple of hours! Training should also be specialized. Security information for a factory supervisor looks quite different from information for a software developer.
Defensive Technologies
The next most important area of cybersecurity is in defensive technologies. While there are many different technologies, they’re all oriented toward the same goal- limiting access to only the people who need it. Some defensive technologies can be very expensive- an enterprise-class firewall may cost tens of thousands of dollars. (Newegg) Others are free, like simply ensuring the use of strong passwords. An important thing to keep in mind while selecting technologies is defense-in-depth. Network firewalls are backed up by host-based firewalls, which are in turn backed up by endpoint detection and response software. Also, a strong cybersecurity program is based not on the hope that no one will perform unwanted actions but on the assumption that someone already has. Logging and log analysis are a specific class of technology with a wide range of possible costs. Logging is built into most products for free, or an organization can spend thousands of dollars per month on automated log analysis systems.
Response and Recovery
In a perfect world, we would be able to keep out all external attackers and have only benign internal users. That’s not the real world, but an effective cybersecurity program will greatly reduce the need for spending on response and recovery. Having fewer successful bad actors means there will be less to do in response, like removing malicious software, and less to do in recovery, like restoring backups. Recovery costs also tend to be lower because recovery technologies can put up with lower performance- a backup is seldom used, so it can be on slower spinning disks rather than fast SSDs. (Cloudian)
Conclusion
Of the factors that affect cybersecurity, the human element is the most important. Training should be periodic, and everyone should know their role in keeping data safe. After that comes investment in defensive technology, which should consider defense-in-depth and the cost effectiveness of using free technologies and techniques whenever possible. Last in order of spending is response and recovery. Correcting damage done should be in the normal day-to-day flow of activities and backup should be ready to go when needed.
References
Cloudian. “Storage Tiering.” Cloudian, https://cloudian.com/guides/data-backup/storage-tiering/#:~:text=To%20reduce%20your%20costs%2C%20try%20to%20restrict%20disk,buffering%20can%20also%20help%20optimize%20your%20read%2Fwrite%20operations. Accessed 5 Nov. 2024
Newegg. “Palo Alto Firewall.” Newegg, https://www.newegg.com/p/pl?d=palo+alto+firewall&N=4092. Accessed 5 Nov. 2024
Sebastian, Glorin, and Phanindra Kolluru. “Rethinking the Weakest Link in the Cybersecurity Chain.” ISACA Journal, vol. 5, 2021, https://www.isaca.org/resources/isaca-journal/issues/2021/volume-5/rethinking-the-weakest-link-in-the-cybersecurity-chain