Being the Chief Information Security Officer (CISO), I would make human contributions to
cyber threats very seriously. With my limited balance, I would take the time to split my budget in
the best way for my company. The budget would be split between security tools and correctly
training the staff. It is important that staff are trained correctly because most incidents happen
within the staff. Like the incident in Nevada, an employee accidentally clicked on what they
thought was an actual website but ended up being malware. Training the staff can help avoid issues like this by being more careful when clicking on links. By putting the other half of my budget into security tools, it can help strengthen malware protection. Some malware protection tools I can invest in are Next-
Generation Antivirus (NGAV) and sandboxing security. NGAV is made to detect how attackers
operate. With this tool, it helps avoid threats that have been made before. Sandboxing security
gives extra protection to avoid potential threats. With balancing targeted employees with
strategic training and investment in better security tools, I can establish a stronger cybersecurity
approach.

Citations

• Jones, David. “Nevada Ransomware Attack Traced Back to Malware Download by Employee.” Cybersecurity Dive, 7 Nov. 2025, www.cybersecuritydive.com/news/nevada-ransomware-attack-traced-back-to-malware-download-by-employee/805011/.
• Hasnis, Aviad. “Malware Protection: 6 Technologies to Protect Your Organization.” Cynet, 9 Oct. 2025, www.cynet.com/malware/malware-protection-6-technologies-to-protect-your-organization/.