I often tell people that #security is not a thing you can buy. It’s a feeling. You do something and it makes you feel secure.

Businesses spend a lot of money on products in the top-right of a #Gartner magic quadrant to feel better. They see “improve security” as a goal, and equate spending on the tool with accomplishment of that goal.

No tool is a silver bullet; it won’t prevent every imaginable risk. You find a gap, and it makes you feel insecure. Next year you budget for a tool that fills that gap. And that tool has a gap, and you repeat the process every year. The spending spins out of control… and you’re no closer to that feeling of security.

An alternative is to get back to basics. As we look to the new year I have three suggestions for how you should invest your time, money, and energy.

1) Invest in a third-party risk #assessment, to learn where you should focus your efforts.

2) Invest in #education for your team — they are your first line of defense against threats like #ransomware and #phishingattacks.

3) Invest in your #incidentresponse process. Make sure you know what to do when the unexpected happens.

Let me know how I can help you feel secure in 2020!