Great article on Forbes. Understand your Risks and ROI first before selecting tools to improve cybersecurity:
- Evaluate Risk Mitigation vs Investment: For example, an Intrusion Detection System (IDS) might cost $50k and help mitigate 2% of your risk. A Cybersecurity Training program might cost $5k annually and mitigate 30% of your risk. Each organization will calculate risk and ROI differently, find what fits yours.
- Do the basics right first! Most people miss this step and employ overly complex solutions. Employees, either through undereducation or malice are the biggest threat to an organization's cybersecurity. Focus efforts on improving their awareness and skills
- A Firewall and Antivirus software are not enough in 2017. You need a multi-pronged approach.
- Don't try and buy a tool for every problem. You will end up with 20 tools that no one in the organization can effectively manage.
- Don't buy things that generate a lot of data/false alarms, you will need dedicated personnel to sift through the information which is expensive and time consuming.