Identifying Organizational Processes and Goals First, Before Acquiring New Technology
The Lure of the Newest and Brightest
The cybersecurity and technology waterfronts are strewn with beguiling promises. Vendors push their latest razzle dazzle tools, solutions, and systems, which whisper, if not scream, complete protection from an ever-growing list of threats, with little effort on your behalf. It is seductive to get caught up in the allure of these bright and shiny objects—especially when fear and urgency is driving the decision-making.
Hard truth: no single solution will secure your business. The various foundations, and the hard thought processes behind them, matter more than the latest trend.
The Mid-Size Company That Overlooked the Basics
A mid-sized retail company recently invested in innovative machine-learning based security. It was represented to be the ultimate defense—able to detect and neutralize new threats, before causing harm. They paid a premium and were confident they were well-protected.
Six months later, they were hit with a breach. It was not because their sophisticated new security tool had failed. It was because their core software was outdated, leaving their network open to known vulnerabilities. Their multi-million-dollar investment was not able to protect them from something as basic as failing to update their existing systems, on a scheduled basis.
Key lessons: No easy shortcuts. If you are ignoring the basics, do not rely on trendy technology to save you.
Back to Basics: The Fundamentals Always Matter
Before investing in advanced technologies, ensure that you have the fundamentals covered. These foundational steps may seem mundane, but they are critical to securing an organization:
- Strong access controls: Make sure individuals who need access to sensitive information have it, when they need it, but only as long as they need it. This includes enforcing role-based access and implementing multifactor authentication (MFA).
- Regular updates and patching: Keep all systems and software up to date. Most breaches occur through known vulnerabilities, which have not been patched—stay current.
- A culture of security awareness: Your employees are your first line of defense. Without proper training, even the best security measures will fail due to simple human error.
Practical Investment: Where to Focus Your Budget
Instead of chasing every new tool, make sure your budget is allocated to areas that will give you the greatest return. Ask yourself:
- What are my biggest threats and where are they? Map them out.
- Which areas of my infrastructure are most vulnerable? Map them out.
- Are there simple steps we are overlooking that will improve our security? List them out.
For example, if phishing is your most significant risk, investing in an email filtering service and employee training will have a much greater impact than deploying a new AI-driven security system.
Checklist: Do You Really Need That Shiny Object?
Before you buy into the hype of the latest tool, run through this checklist:
- Is this addressing a specific risk that my organization faces? What is it? Document it.
- Will this solution integrate with my current systems? Map it out.
- Have we covered all the fundamentals before adding this new layer? Brainstorm it.
- Is there a lower-cost alternative that will provide similar protection? Ask around.
First Build a Solid Foundation, Then Build on Top of It
Avoid the temptation to chase after every shiny new object in cybersecurity. There are too many—you will never catch them all. Instead, focus on the basics first. By ensuring your foundational defenses are strong, and test them, you will be in a much better position to confidently add advanced tools when (and if) you truly need them. Practical and smart cybersecurity always starts with a solid foundation.
Read here on more tips on protecting your organization’s revenue and reputation