Are Employees the Bigger Issue in Cyber Security?

Cisco Systems, Inc. (CSCO): Firms Should Also Focus On Employees For Cyber Security

Billions spent on cyber security and much of it ‘wasted’

I found this article from last month in which Terry Greer-King, Cisco’s director of security, said that the focus on IT security should be people. This contrasts from the common notion that not enough money is spent on effective security. This also contrasts the common belief among businesses that IT functions should be left to just IT. I completely agree with Greer-King. IT security cannot be left to just IT; everyone needs to know how to keep their devices secure. All it takes it one compromised device for an entire system to be compromised. Last year, $49.8 billion was spent on cyber security (referenced from the second article), so the infrastructure is certainly in place. But if there aren’t enough competent people to utilize the technology, then security will continue to be a major issue.

What do you guys think is the most important factor of IT security? Do you agree with Terry Greer-King that employees need to be better trained, or that better security technology needs to be in place? Are there any factors to this that you feel are missing or lacking?