Skip to content
cyber crime set characters loss of personal information
Genesis10 LeadershipJun 28, 2018

Cybersecurity: From Complicated to Simple

Technology is inherently complex—but in cybersecurity, complexity can be a liability. As threats from cybercriminals and nation-states grow, organizations often turn to sophisticated tools. Yet, simplicity and clarity in design are more effective for building resilient systems and help simplify cybersecurity choices without sacrificing rigor.

Edsger W. Dijkstra once said,

"Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it. And to make matters worse, complexity sells better."

This rings especially true in cybersecurity, where quick-fix solutions often overshadow disciplined, strategic approaches and a strong cybersecurity culture.

Taking a Step Back

If we back away from looking at individual cybersecurity incidents, we notice some global characteristics. One is that there are three components of any cybersecurity equation: people, process, and technology. These components reflect the human factor in cybersecurity as much as they do technical controls.

All three must work together well to avoid cybersecurity failures. More important, all three need to be considered in designing an effective cybersecurity system. Despite this, all too often we focus exclusively on technology.

  • What tool can we implement that will insulate us from this risk?
  • How much does it cost, and can we afford it?

This is a shortsighted and costly approach, and it does not work. Let's look a bit more at each of these three areas. Perhaps doing so will bring some helpful perspective.

People and Process, then Technology

To reduce operational risk, organizations must consider the three pillars of cybersecurity: people, process, and technology. While technology gets the spotlight, human error is often the root cause of breaches. According to IBM, 60% of attacks are insider-driven—three-quarters of which are intentional, aligning with insider threats cybersecurity research.

A successful cybersecurity strategy prioritizes people and process before technology. Security awareness training and clear protocols are essential. Only then should tools be layered in to support—not replace—these foundations.

Q&A

Question: Why is simplicity emphasized in cybersecurity?

Answer: Complexity can become a liability. The article argues that simple, clear designs create more resilient systems and make choices easier without sacrificing rigor. Echoing Dijkstra’s point that “complexity sells better,” it cautions against quick fixes and highlights the value of disciplined, strategic approaches grounded in a strong security culture.

Question: What are the three pillars of cybersecurity, and how should they work together?

Answer: The three pillars are people, process, and technology. All three must be considered in design and operate in concert to avoid failures. Over-focusing on tools alone is shortsighted and costly; effective security starts by aligning people and processes, then adding technology to support them.

Question: Why prioritize people and process before technology?

Answer: Because human factors often drive breaches. The article cites IBM data indicating 60% of attacks are insider-driven, with three-quarters intentional, underscoring the impact of insiders. Security awareness training and clear protocols form the foundation; only then should tools be layered in to support—not replace—these basics.

Question: What practical first steps can an organization take?

Answer: Start with security awareness training and define clear, enforceable protocols. With those foundations in place, add technology thoughtfully to reinforce them, keeping designs simple and disciplined rather than chasing complex, quick-fix tools.

avatar
Genesis10 Leadership
The Genesis10 Leadership Team is passionate about helping people and organizations succeed. As recognized thought leaders in staffing and consulting, they share insights on leadership, workforce trends and the evolving world of work. Through their writing, they offer perspective on how businesses can attract, develop and retain talent while creating meaningful career opportunities for professionals.