What are the biggest mistakes a company can make regarding cybersecurity?

There’s some relatively simple steps to reduce the cyber risks you face – and yet, companies are still being hacked. We take a look at. some of the biggest mistakes a company can make when it comes to cybersecurity.

Wasting Money and Resources

Cyber-attacks can often lead to businesses rushing to take action to improve their security often leading to costly and rash decisions.

This can lead to the hasty purchasing of ineffective and expensive products or services that claim to be the solution to all of their problems.

Cybersecurity is a complex issue that affects processes, technology and most importantly of all people.

This complexity often leads to businesses chucking money at the problem, building teams and buying technology without necessarily understanding what it is they actually hope to achieve.

With so many pieces of technology available on the market it can be overwhelming, especially for those with little understanding of the issues they face.

Companies can spend vast sums of money on a product that fails to deliver or meet the needs of the business. Many products may look flashy and promise the earth, but in reality, they are often overly complicated and don’t actually do what they claim.


When faced with a choice between spending money now in order to avoid the possibility of future jeopardy, or taking a chance and hoping to get away with it, human beings are notorious gamblers.

Many people feel that the problem is transient or that, because they are small or obscure, they are unlikely to be affected.

Unfortunately, the cybersecurity industry often has a habit of making this sense of apathy and helplessness worse, either by peddling myths about the sophistication of the threat or by failing to simplify the solution.

This perhaps, explains why getting buy-in from board members and directors is often cited as a significant challenge for cybersecurity professionals.

Not doing the basics

Another common mistake is for businesses to rush into purchasing new technology or sinking cash into services before they’ve got the basics in place. By implementing some simple measures, a business can greatly reduce the initial risks posed by cybercrime.

Implementing cyber awareness training for employees, introducing cybersecurity policies and encouraging good cyber hygiene throughout the business are just some of the steps that can be put into place.

Develop policies and procedures that -

  • Help employees understand how they can prevent incidents and identify security threats.
  • Identify the financial and information assets that are important to your business and the technology that you rely on.
  • Identify risks to those systems and the steps needed to lessen them.
  • Ensure that everyone knows their roles before, during and after an incident. From the CEO to the marketing team, most people have a role to play in mitigating the damage.
  • Ensure that only those people that need it, have access to sensitive data and systems.

Commodity Cybercrime

For most businesses, even large ones, the greatest threat posed is that of commodity cybercrime, rather than nation-state actors. Even when nation states are found to have been the perpetrators of attacks, they often have employed commodity methods.

Commodity cyber-attacks are not particularly sophisticated and rely upon our inability to do some fairly basic things. These tend to be the dull, unglamorous and difficult things like knowing what the network looks like and understanding its overall security posture.

Many large organisations give up, thwarted by scale, and move on to more sophisticated solutions (designed to detect persistent intruders) before addressing these fundamentals. By doing so they effectively concede the network to the commodity threats most likely to materialise.

Know the risks

The biggest security mistakes often come from a lack of critical thinking when it comes to threats and risks. Mistakes can be avoided by starting with a clean sheet of paper and listing all of the adverse business outcomes of a potential cyber-attack.

Many of these should already be known if risks are being managed. If a business has no clue on the dangers, they face then it’s time they did so before the inevitable happens.

A good way of getting an overview of your organisation's cyber posture is to use a Cyber Posture Assessment. Ensuring you have oversight is key to being able to plan. CPAs complement regulatory and compliance led assessments by simulating how you are likely to be targeted or attacked by using a methodology based on current cyber threats.

They test your current defences, allowing an organisation to accurately target its budget towards those areas most at risk.

Who’s it for?

  • Enterprise organisations looking to get a cyber litmus test and gain an overview of their general organisational security posture.
  • Smaller organisations and information security professionals who want a quicker understanding of their security posture and have a limited budget.
  • Any organisation wishing to take cybersecurity more seriously to help drive a security-conscious culture and ongoing improvements.

Take Control with CyberScore™

Take control of your cybersecurity by using the award-winning CyberScore™. CyberScore™ is an automated testing service that allows you to take control of your cybersecurity by detecting vulnerabilities and providing you with empirical evidence and Get-Well plans. The score itself also allows you to clearly demonstrate to the board simply where your organisation currently stands in terms of its cyber risk rating and security posture.

XQ Cyber also offers a range of incident response and consultancy services such as Penetration Testing, Cyber Posture Assessments and Incident Response preparedness and testing.

Follow us on FacebookTwitter and LinkedIn and sign up to our newsletter