The Human Factor in Cybersecurity

Allocating a limited budget into training employees can serve to prevent unnecessary expenses in the future. While other parts of a business are important, all of it is only possible if the workers know exactly what to do and how to prevent any accidents. While separate expenses such as marketing may suffer because of applying resources to training, this can be mitigated through smart internal communications.

Incident Prevention

Limited budgets require careful attention, but that budget can also be dwindled forcefully if an internal incident happens that harms customers or the business directly. Proper training is essential, as untrained staff could unintentionally sabotage business because they would not know the proper steps to take regarding problems. By refusing to adequately train employees to save costs, it would be inadvertently putting a bigger dent in the budget when consumers must be
reimbursed for data leaks, or company equipment is damaged and necessitates repairs. White- collar crime is an example of these issues. As Payne states in his report, “Failing to consider the overlap between cybercrime and white-collar crime potentially limits our current understanding about both types of crimes, (Payne, 2018). When knowledge of this is already strained, budget should not be an excuse to refrain from making that overlap clearer.

Department Coordination

As Chief Information Security Officer, it is still necessary to be mindful of the rest of the company. The entire budget cannot be controlled by one person, and it would also be rather difficult to decide how to allocate that money alone. By teaming up with the finance department, it’d be easier to make a cohesive plan that addresses the rest of the company instead of solely the information security department. Because the plan involves mitigating potential ways to incur losses, finance would be on board as it involves risk management. The legal department would be on board as well, because white-collar crime often incites lawsuits against the company itself. Proposing training as being beneficial for the company will make going through budget allocation significantly easier and offsets any future complaints by making sure revenue stays consistent.

Conclusion

Failing to act on improving the skills of the company’s workforce would become a consequence far worse than trading off some of the budget to give training to employees. The limited funds would have to go into training, which would have to be rigorous enough to justify spending the money that way. However, staving off ways to damage the company will be a general net positive that highlights the benefits of a trained and intelligent team in any department.

Group Discussion Excerpts

In response to the question: "How should we approach the development of cyber-policy and infrastructure given the “short arm” of predictive knowledge?"

Because anticipating the exact future isn't possible, businesses familiarizing themselves with new techniques will be a great aid in the long run. Following trends to see if minor threats may become major in the future can often leave companies blind to surprising new threats that severely damage their systems. It'd be best to approach the development of new infrastructure defensively. By making sure new attacks can't deal as much damage as it could've without protection, only then can offensive strategies be put in place to counteract new methods of intrusion.

In response to the question: "How has cyber technology created opportunities for workplace deviance?"

Workplace deviance could occur if an employee in a company somehow gains access of private information. It's already a breach in company policy, but that employee could choose to make things worse by stealing customer information from the database. From there, they'd be committing identity fraud by using that information to possibly purchase something without the actual owner's authorization. It's a very serious form of consumer fraud that is made possible because that sensitive information is often required for many online services.