As a penetration tester Joshua Crumbaugh, who now heads the Alabama-based security awareness training firm PeopleSec, says employees are the real block to improving digital security.
“I would argue 100 per cent of breaches are the result of people,” he told the International Cyber Security and Intelligence Conference Wednesday.
In fact in an interview he argued the overwhelming amount of an organization’s cyber spending should go to training. “It’s 90 per cent of the problem, so it should get 90 per cent of the budget.”
Most organizations devote five per cent of their budget to awareness training, he said.
“You can buy a $10 million security box, but it’s not going to solve your cyber security problems because at the end of the day it’s always people.