Go Cheap, Get Burned
Earlier this month, while traveling with my family to Sarasota, Florida to visit my parents for the week, I got burned – both literally and figuratively. The literal part, I’m sure you can guess…
”It’s the middle of winter, for goodness sakes,” said very-pale-from-months-indoors Rob. “How strong can the sun be?” Well, apparently strong enough to get around the shadow of my baseball hat and leave me with oddly shaped patches of peeling skin on either side of my face. Having grown up in Florida, you’d think I would have learned this lesson. Ouch.
The figurative part relates to the way I “cleverly” saved the Black family money by renting a minivan online through a tiny, off-brand car rental company. (Don’t ask, you’ve never heard of them.)
Because when we showed up at the counter, and despite having prepaid for the rental … they had no minivans left. Oops, we apologize for any inconvenience. So off we went to Avis and rented a minivan in minutes – at three times the price.
Clearly, this was a judgement error on my part. Yes, there was money to be saved, but as we discovered, it came with a significant risk.
Compare that to our airline flight. Instead of flying direct to Sarasota, we went to Tampa (which is 90 minutes away) because it’s less expensive. Plus, we booked a cheaper flight that landed at 1 am. (Have you noticed I like saving money?) However, this wasn’t an error – our flight went exactly as planned.?
There’s an important difference between these two strategies:
A bad car rental stays with you every day for your entire vacation. Had we been unable to find another minivan, it would have made for a very uncomfortable week. An inconvenient flight, on the other hand, is a distant memory by the following day.
Likewise, your cybersecurity strategy has tradeoffs. And, as with my recent travel experience, some of these tradeoffs can have serious and long-lasting consequences if you make the wrong choice.?
For example, there are many, many things you can do to quickly improve your company’s cybersecurity posture. They are inexpensive and, like an inconvenient flight time, the “pain” of putting them in place is far outweighed by the overall benefit.
Examples include:
Of course, over time, people or devices can change and some things may slip through the cracks. But these kinds of protections are infrequent activities with minimal time commitment that have a dramatic positive effect and raise your security bar significantly.
领英推荐
On the other side of the equation are things for which taking the cheap approach can have significant, negative impacts.
Examples here include:
And, perhaps the biggest cost-saving blunder of all, choosing a terrible vendor for your cybersecurity. Here, like renting a car from a low-end company, while you will save money in the short term, you may very well discover that you get what you pay for.?
For example, performative actions related to things like vulnerability scanning or monitoring without also looking at the results on a regular basis. This is the cybersecurity equivalent of installing fire alarm pull boxes in your office but not connecting them to anything. While this may help you from a compliance standpoint, it does little to keep you safe.
Choose Carefully
We regularly help clients (and non-clients) figure out the most cost-effective ways to improve their security programs. It’s amazing what a few thousand dollars and some determination can do to improve a program of a medium-sized organization.
But I get it; as I mentioned, I don’t like spending money unnecessarily either. The key is to think carefully about where you need to invest and where you can safely cut corners. Not every dollar spent is of equal value.
Speaking of which, if you know where I can buy some discount – but high quality! – sunscreen, please be in touch.
Want to get great cybersecurity content delivered to your inbox??Click here ?to sign up for our monthly newsletter, Tales from the Click.
This article original appeared on the Fractional CISO blog.
Penetration Testing, Cybersecurity Consulting | Making the Internet safer one website at a time | DM me for security questions or inquiries
3 个月It is the difference between cost and price. The price might be high, but the overall cost is low. This is a famous distinction made by Zig Ziglar
Co-Founder @ Amplify Security | Product Management, Security Research
3 个月i think the main problem should be captured as “Does your company step over (imaginary) dollars to pick up dimes?”. Measuring risk becomes key to that equation in turning imaginary to tangible
Great dad | Inspired Risk Management and Security Profesional | Cybersecurity | Leveraging Data Science & Analytics My posts and comments are my personal views and perspectives but not those of my employer
3 个月Love the cheaper tips to improve security if only you have minimal budget and resources, these points can make a huge positive difference in your security posture. Of course, the caveat is you must do them right and if you hire a consultant or cybersecurity vendor to help you avoid the cheap ones. I believe the big ones will make accommodations to get your business.
Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored
3 个月Great reading !