Thinking like a Chief Information Security Officer, the most benefit to be gained in allocating funds would come from ensuring that the employees who operate the cyber realm of the company are trained, and the digital space is protected. 70% of the cyber defense budget would go to training employees whilst the remaining 30% would be allocated towards cyber security technologies.<\/p>\n\n\n\n
Top Security Threat \u2013 Improperly Trained Employees<\/strong><\/p>\n\n\n\n A report showed that 82% of data breaches involved a human element (Alder, 2022). A majority of those data breaches were likely caused by something as simple as a phishing attempt. Phishing is the act of stealing sensitive data and credentials by pretending to be a trustworthy source, such as a false webpage or other things of that nature (Cloudflare). Phishing scams were one of the topmost reported cybercrimes in 2020 causing loses exceeding 4.2 billion dollars (FBI). Those numbers can be decreased, and security flaws be mitigated by ensuring employees are properly trained, and from that training, employees can recognize when they are being duped. A study showed that the phish-prone percentage (PPP), after one year of ongoing training, dropped from 32.4% to just 5% (Alder, 2022<\/a>). This indicates that training is necessary and very effective.<\/p>\n\n\n\n Further Mitigation – Cybertechnology<\/strong><\/p>\n\n\n\n Technology also plays a critical role in cyber threat prevention. Because of this, a strong security policy and clear operating procedures would be crucial in protecting information. Things like a firewall, endpoint protection, and ensuring regular scheduled updates happen to plug vulnerabilities in a timely manner, would all be implemented (Fortinet). Endpoint protection being most important as it protects the entire network rather than just a single device like antivirus does (Fortinet). Anything left over from the budget would include things like MFA technology and continuous monitoring to allow organizations to respond to threats in real time (https:\/\/secureframe.com\/blog\/continuous-monitoring-cybersecurity).<\/p>\n\n\n\n Conclusion<\/strong><\/p>\n\n\n\n <\/strong>A CISO should address the technological as well as the human aspect when dealing with defending an organization. Hands on training and ensuring compliance with training requirements would benefit an organization significantly. They would be able to recognize attacks and alert the security team of the attempt who would then be able to disseminate that information to everyone in the organization. Utilizing whatever is leftover for technology would cover all bases and ensure proper protection and operation of the system.<\/p>\n\n\n\n References<\/p>\n\n\n\n Thinking like a Chief Information Security Officer, the most benefit to be gained in allocating funds would come from ensuring that the employees who operate the cyber realm of the company are trained, and the digital space is protected. 70% of the cyber defense budget would go to training employees whilst the remaining 30% would… <\/p>\n\n