top of page

Does Effective Cyber Security Have To Be Expensive?

If you look at the dizzying array of security technologies that are available today for businesses to protect themselves from cyber threats, one would think we would need a master’s degree in cybersecurity to master it all. Worse still, we would need to employ specialised security consultants that can effectively implement, manage and support these solutions indefinitely. Not surprisingly, it is expensive and a massive burden to our budget.

On the one side, these security solutions may be viable and necessary for large enterprises or for those businesses that have very sensitive data, but for many small to medium size business, it’s most likely wasteful and inefficient.

It is very evident that no matter how much capital resources and investment you ply into security technologies and solutions, you are one step away from being compromised.

Think about this…A good cyber hacker only needs to find one way to compromise your business, and they have hit the jackpot…and it’s not that difficult.

Most of the successful hacks were not because the cyber hacker managed to brute force their way into an organisation, but they did it in a clever way…And that is… by social engineering the victim into performing an action that they shouldn’t do. We often refer to this as a “phishing”.

So, where does that leave you, and what can you do about to protect your business from being cyber compromised without shelving your hard-earned money on wasteful security products?

You see, being cyber secure is not the domain of whether you can prevent 100% of cyber-attacks. Unfortunately, there is no such things as 100% cyber protection.

There are daily stories of substantial businesses that are being compromised and it isn’t a lack of technology by their part.

According to Symantec, in 2019 alone, there were:

  1. 3,800: The number of publicly disclosed breaches.

  2. 4.1 billion: The number of records exposed.

Your mindset needs to focus on being cyber resilient. Cyber resilient is about your business returning to its original state after being troubled as quickly as possible. And that my friend changes how you approach cybersecurity.

And you may still say…”How do I protect my business from cyber hackers? Surely, there must be a way where I can prevent anything happening to my business?” Well, in theory, you can. And that is by disconnecting your business altogether.

If you are a viable business now and wish to remain for the foreseeable future, you must adopt the following “Expect the best and prepare for the worst”.

Now, cybersecurity need not be expensive at all if you approach it from a resilience point of view.

Resilience is more about having a recovery plan in place when threats turn into attacks and inevitably result in breaches. Is it possible to be resilient against threats? Definitely!

But here is the challenge. The industry wants you to think that more security investment will yield more protection. But I disagree! Because it is being driven by scare tactics. More technologies such as firewalls, endpoint protection, intrusion protection, identity and access management, vulnerability and penetration scanning tools, two-factor authentication tools, email and web security gateways, web firewall, cloud security, sandbox technology and I could keep on going….will not provide you with the necessary 100% protection. It will make the vendors happy and your business poorer.

Amusingly, I came across an article written by phoenixNAP – “35 Network Security Tools You Should Be Using, According To The Experts”. That says it all. And how many of you could manage so many tools?

So, let’s look at the problem from a different direction.

You probably have heard the saying “less is more”? It comes from a well-known source called “Pareto’s Principle”. Richard Koch in his book “The 80/20 Principle” asserts that a minority of causes, inputs or efforts usually lead to a majority of results, outputs or rewards. In other words, a small amount of causes creates most of the results. Just the right of inputs creates most of the output.


Think about how you can adopt this type of mindset to your business… to your cyber resiliency approach. But don’t get hung up on the numbers. Depending on the circumstances, it can easily play out as 90/10, where 90% of security comes from 10% of your effort.

And you may still be frustrated with me because that still leaves you 10% vulnerable. Well, that is why you take the approach of cyber resiliency. If in the event that your business has been disturbed, you have a process from bouncing back up to the normal state as quickly as possible.

How do you achieve cyber resiliency?

Cyber resiliency is about identifying the daily security habits that develop cyber hygiene for your business which leads to cyber resiliency.


Can you prevent yourself from catching colds and cases of flu? Of course not. However, you can be resilient and bounce back.

Cyber resiliency is also an achievable goal. You will not be able to prevent every cyber-attack, but you can recover from it with minimal damage.

Here are a few questions that I would like to ask you:

  1. How well do you maintain your systems? Are they up to date?

  2. How well do you maintain your applications? Are they up to date?

  3. Is your antivirus or endpoint protection up to date?

  4. Do you scan your email from possible malware?

  5. Are you backing your data daily? Do you trust your backup? Have you tested to see whether it can restore information? Do you keep a copy of your backup offsite?

Cyber hygiene is about performing the above steps daily. In fact, that is why I wrote my book “How To Protect Your Business From Cyber Threats In Only 2 Minutes A Day”. It’s about doing the simple things in a consistent manner that is inexpensive but provides you with the business resiliency that you desire.

If you are wondering how to get your own copy, well it will be available in the first quarter of 2020. Register your Interest HERE

As always, we would love your feedback and comments.

6 views0 comments


Post: Blog2_Post
bottom of page