The Human Factor

Posted by esanc011 on

PEOPLE AND TECHNOLOGY
The first stage of response in cybersecurity is always going to be the preparation. Those
who prepare will have the best outcome. That’s where the human factor comes into play.
The cybersecurity technologies are only as good as the humans who need to run, operate,
and program the technologies. Spending all of your budget on high end cybersecurity
technology and neglecting the training of your workforce causes a significant vulnerability.
Which brings up my first point, a good portion of your limited funding should be placed into
proper training.

PREPARATION IS KEY
The company’s funds are very limited and you’re put in charge of a cybersecurity team who
are in need of proper cybersecurity training and protocol. While the hardware may not be
as high end as you would like it to be it’s enough to get by. I think the best trade off is to
ensure the personnel have a great understanding in preparation for cyber attacks and how
to respond to them. As it is stated in the FISSEA NIST power point presentation, “35% of
data breaches were attributed to human error or negligence (“Cyber Security The Human
Factor”).” This proves rather than having ne tuned high end hardware it’s certainly the
human factor that should be the main investment and priority. Maintaining the basics for a
cybersecurity team can go a long way especially for saving the company budget. A well
trained team can handle the majority of cybersecurity threats regardless of technologies.
What matters is their knowledge on preparation and response. Starting a culture of
cybersecurity and an understanding throughout the organization can surely have a greater
impact. Cybersecurity is not just IT’s job, it’s everyone’s responsibility.

BASICS NOW UPGRADE LATER
Saving the company budget for cybersecurity technologies later is the best plan of action
for the cybersecurity team and for the company whose enemies are becoming more
advanced in cyber attacks. Planning for the human in mind instead of the technology is the
most logically safe route to take. The cost of a data breach is extraordinarily high and
devastating to company value. According to the FISSEA NIST power point, “The estimated
costs of cyber attacks on organizations globally is 400 billion dollars (“Cyber Security The
Human Factor”).” Allocating a majority of the budget into cybersecurity technologies
wouldn’t be very smart if it only opens you up for increased volume of cyber threats with
minimal understanding on how to deter said threats. Which would indeed cost the
organization even more money they don’t have forcing a bankruptcy.
The main priority of an organization whether you work in IT or not should certainly be the
education, awareness, and compliance of the people within the organization of cyber
attacks and the proper response. As the CISO I would surely invest in proper training and
education for the team and organization by building up the cybersecurity culture.

REFERENCE
“Cyber Security The Human Factor.” CRSC.NIST.GOV,
csrc.nist.gov/CSRC/media/Events/FISSEA-30th-Annual-Conference/documents/FISSEA2017_
Witkowski_Benczik_Jarrin_Walker_Materials_Final.pdf. Accessed 10 Nov. 2024.

Leave a Reply

Your email address will not be published. Required fields are marked *