2 minute read
6.2 Who Is Going to Be Affected?
from The Blue Book
ronment [42], participating in cybersecurity competitions [162], participating in flagship cybersecurity exercises [55], and learning through gameplay (e.g., serious games) [207]. However, integrating cybersecurity awareness and training only reduces, not eliminates, the possibility of human neglect and errors, implying that smart technical interventions to check and regulate employees’ mistakes remain vital for an organisation’s overall cybersecurity posture [143].
6.2 Who Is Going to Be Affected?
Advertisement
As mentioned earlier, cybersecurity is widely acknowledged to rely on three pillars: namely, technologies, processes and people. Humans can be negligent are prone to errors, and can represent, either intentionally or unintentionally, a weak link [164]. Therefore, technologies and processes aim to reduce the overall burden or responsibility by automating and demarcating procedures, as we see through the ongoing digital transformation [161]. However, it is people who develop, operationalise and maintain technologies and processes. Thus, while technologies and processes constitute essential tools for cybersecurity hardening, the human factor plays the most critical role in ensuring cyber hygiene. Regardless of how many expensive and sophisticated technological security solutions have been deployed, they cannot be considered secure as long as human factors do not work and behave in a secure manner. Moreover, technological security solutions require human input for proper and effective functioning: for example, firewalls must be activated, software must be updated, and security warnings must be acknowledged and acted upon.
Lack of emphasis on security awareness and training has personal, organisational, and even national ramifications, while improved vigilance, or lack thereof, permeates and spills over between the personal and professional spheres. We see the rippling effects of low awareness and knowledge across nearly all cybersecurity topics and sectors [179], from privacy implications to critical infrastructure security [43]. Human behaviour, more often than not, is the soft underbelly of security designs and architectures, presenting to potential attackers a path of least resistance, if not a clear entry point, with a limited technical threshold. Therefore, the challenge is not to determine who will be affected by limited cybersecurity awareness and training, but to identify who may not.
It must also be noted that the overall impact of digital transformation highly depends on the acceptance of the newly developed digital technologies, referring to both those that are developed with a cybersecurity focus and those that are not. Cybersecurity awareness and training can facilitate stakeholder acceptance and adoption of innovative digital technologies, as it
