Write Up – The Human Factor in Cybersecurity

Posted by nmcfe001 on

Name: Noel Mcfee
Title: Balancing Human Training and Cybersecurity Technology
BLUF (Bottom Line Up Front):
With a limited cybersecurity budget, I would invest in employee training and awareness
with the additional budget going toward basic security technology as this is the best
approach to combat the human factor of cyber vulnerabilities.
Understanding the Human Factor
Human error is a major factor in cybersecurity vulnerabilities. Breaches happen due to
phishing scams and failed password selections, meaning people are always rendered
the weakest link. As CISO for the organization, I have the option to invest in one area
versus another to lessen risks to my organization.
Allocating the Budget
When budgets are constrained, I would allocate approximately 60% to human training
efforts and 40% to improved technological assets. This is because in the Verizon Data
Breach Investigations Report (2024), 84% of breaches are connected to human error.
Why Training Matters
Thus, by training employees, they can prevent problems from occurring rather than
waiting for a technological fix that is more reactive. For example, phishing simulations,
awareness of password protections, and required annual cybersecurity courses and
courses tailored to diverse departments are low cost solutions to creating a culture of
awareness before relying on overwhelming technological solutions.
Technology Investment
The balance of the budget would go toward basic security technologies such as
multifactor authentication (MFA), endpoint detection and response (EDR), and intrusion
detection systems (IDS). These are appropriate backups for any organization when it’s
impossible to assess or dictate how humans will behave.
Conclusion
By investing in both arenas equally, the overall goal of heightened security will be
achieved. Technology can be designed and patched every day, but humans are
susceptible to risks any time of day. To fund one over the other is counterintuitive and
the least effective financial expenditure that makes sense

References
Verizon. (2024). Data Breach Investigations Report.
https://www.verizon.com/business/resources/reports/dbir/

Leave a Reply

Your email address will not be published. Required fields are marked *