Where should SMBs focus their digital defense spend?

Where should SMBs focus their digital defense spend?

Risk show where to focus. Threats and vulnerabilities give clues about tactics.

#3 in a series on how to slow-grow small business digital defense in plain English

In #2 we saw that RISK = IMPACT x LIKELIHOOD  

If you missed it, go back to #2 to understand this formula, and see how it can be used by a small business owner to set a reasonable starting budget.

The most effective way to use this reasonable budget is based on RISK. To see how risk-based planning works, we need a deeper understanding of IMPACT.

IMPACT is the loss suffered when a THREAT happens.

THREATs only happen when a VULNERABILITY is exploited.

VULNERABILITIES are things that reduce protection or defenses.

In the "Threats and vulnerabilities…" image we want to protect the owner (royalty).

• Threat is artillery (cannon) and cannonballs.

• Vulnerability is a castle made of stone which worked well against arrows and spears.

• Impact is a destroyed castle and dead owner

In the "...drive tactics" image, a possible defensive tactic to reduce the owner's vulnerability is to dig a bunker and fortify it.

In applying this approach to business or cybersecurity, you would identify the biggest risk (think highest impact most likely to occur), then come up with good ideas about how to:

• Reduce related vulnerabilities

• Reduce impact of a loss

TACTICS for risk reduction are the "good ideas" about how to reduce one or more of:

• vulnerability to an event

• likelihood of an event

• impact of an event

Next, we'll look at one of the biggest risks and some good ideas for reducing likelihood or impact of an event.

What threat troubles you most?

We can work with you to rapidly achieve this by booking a discovery meeting