He who defends everything defends nothing.

Frederick the Great¹

4.1 HOW MUCH “CYBERSECURITY” DO I NEED?

Can you defend against every cybersecurity threat that exists? We bet that you’ve met at least one smooth talking salesperson who claims to have a product suite designed to protect you from every cyber threat in existence. Don’t believe it and keep your hand on your wallet! If you try to defend against everything, you will drain your precious resources and still face gaps in your coverage. The key to a great cybersecurity program is having the right strategy to manage your risk.

Earlier chapters of this book may have concerned or perhaps even frightened you regarding the prospect of a cyber attack or incident; as well, they should. After all, there are a seemingly endless number of cybersecurity threats, threat sources, and vulnerabilities that can cause devastating impacts upon your business. Bad actors seeking to exploit you and your business potentially include nation-states, hacktivists, hackers, and even your own employees. Attack venues include emails, web pages, thumb drives, laptop Wi-Fi connections, and even your own cell phone. You and your company are at risk. How do you make you and your information bulletproof against all the potential threats?

You can’t.

Why? Because you likely don’t need to nor have the resources to do so. Instead, you have to identify your risks and manage them consistent with your corporate strategy and the associated ...