Adelina Bowden - The Human Factor

The Human Factor in Cybersecurity

Limited budgets make balancing money and cybersecurity a challenge and many considerations must be taken to allocate funds appropriately.

Understanding Threats

Before making any plans regarding the money, the first thing I would do is assess the potential threats for the company, take a risk assessment, and survey how much the employees already know about cybersecurity concepts. I would also take into consideration what kind of company I am working with. If it is, for example, Amazon, I would note that the most important things to protect are customer payment information and the website and app being in operation at all times. I would also review records of what breaches have occurred in the past and the plans if it were to happen again (Perform a Cybersecurity Risk Assessment, n.d.). Finally, I would review what cybersecurity measures are already in place to be able to build on top of them.

Training

Human error is one of the main issues when it comes to cybersecurity in the workplace. Phishing scams target 3.4 billion emails a day, with many being whaling attacks where executives are targeted to gain access to critical information more quickly (Imber, 2025). As the saying goes, a system is only as strong as its weakest link, and being able to educate everyone will make the weakest link strong enough not to fall for scams.

Defense Mechanisms

Depending on the amount of security measures already in place, I would make changes to the lines of defense in place. I would use low-cost solutions when I can, but some things, like firewalls and two factor authentication, are non negotiable. I would also make sure that there is extra security for servers that store customer information and keep the website functional, because it would cost the most money in sales lost and reputational damage if it occurs.

Budget Allocation

I would organize the budget so that 60% would go to training and the other 40% would go to defense mechanisms. This is because of how I mentioned that a system is only as strong as its weakest link. All the mechanisms put into place are bypassed by certain credentials, and if the people who own those credentials give them to an attacker, it’s game over.

Conclusion

In conclusion, I believe that it is important to take a risk assessment of the company you work for, tailor all of the steps you take to how the company is set up and what its priorities are, and make sure that employees are not forgotten about in the process of keeping everything secure. The system cannot properly protect itself from attackers if they are let in the front door by someone who doesn’t know what a bad guy looks like.

References

Imber, D. (2025, March 28). The Latest Phishing Statistics (updated January 2025) | AAG IT Support. AAG IT Services. https://aag-it.com/the-latest-phishing-statistics/

Perform a cybersecurity risk assessment. (n.d.). CrowdStrike. https://www.crowdstrike.com/en-us/cybersecurity-101/advisory-services/cybersecurity-risk-assessment/