Company
services
Insights
Join Us
Contact UsLearn how to gain control of your cybersecurity before it drowns your business.
June 4, 2025
Cyber Security is a beast! It has all the scary stuff in it. It starts with the way we see the safety of our homes and families, and it continues today to all aspects of life, at home and at work combined.
Putting money into cyber security inmost cases is an ad-hoc thing. Mostly it starts with an incident, either in your workplace or somewhere else that was on the news, and from that point it is like a snowball. Management is stressed, IT is under pressure, and mid-level management is making swift decisions to buy technologies to prevent this from happening again or to us.
Of all the risks that can be tied to cyber security this is the biggest of them all – making ad-hoc decisions and purchases. Ad-hoc decisions are most likely to not have the proper skillset and expertise to back them up with the technical teams, and the organization is most likely to go back to old routines in a brief period of time. Ad-hoc technology purchases will pose an even bigger risk as they suffer from the same symptoms –lack of skillset and expertise with the technical people, but with a twist, they are here to stay. Which means, technologies that were bought in a swift decision process are likely to become a cyber risk by themselves with no proper ownership and money spending over the roof that can and should go to other more calculated business risks to remediate.
Looking at the overall risk of cybersecurity one can make an argument that not all companies share the same level of risk, and I could not agree more with that. However, being in this industry for almost 30 years now, seeing and experiencing cyber incidents from malicious code all the way to espionage, real life “spy vs. spy games”, I can tell you now – the feeling of experiencing cyber incident is the same for all. All impacted organizations, and their leaderships, are personally offended and feel violated by a cyber incident. The question we always come across is: “How the heck did this happen to us?” or “What could we have done to prevent this?”. The most concerning questions I encounter when called to help with cyber incidents is: “Who’s fault is that? I need names...,” or “Is this my fault?”
The aftershock of a cyber incident can go two ways – blame, or a lesson. You see where I am going with this one. Blame will come from organizations with arrogant and stubborn management, the one that refuses to understand that cyber security is a part of the overall cost of doing business these days. A lesson will come from the more mature and responsible managements, which will see this as an opportunity to gain experience and ‘learn from the mistake’ rather than lose the opportunity to leverage their experience. Cyber experience is a good thing to have, and experience comes from real life events, not necessarily from dry cyber drills, however important they are.
So, what is the message here? To whom does this article speak? Well, for every decision maker in any industry, especially the ‘C’ level layer. You see, hacking is a business, a very well earning business, and I will try to put it in numbers that will be easier to understand and communicate further with fellow senior management. The commercial cyber defense industry, the companies that are working to defend organizations like yours, whether with people, processes, or technologies, are sharing a market value of a little over 6 billion USD a year. This number is growing at a very steady and certain pace that we can adhere to with predictions that reside with the overall global commercial market growth. On the other hand, the “commercial” hacking industry, organized crimes and hacking groups, their market value is a little over 6 trillion USD a year. 1,000 times more than the defense budgets of their targets. It is a no-match game. Hacking simply pays more.
Now, I am not writing this here to tell you to multiply your budget 1,000 times. Absolutely not, this is not the way. Coming from where I come from, I know and learned firsthand that winning a battle is never about quantity, it is all about quality, creativity, and an oz of Chutzpa. You need to first drive a proactive approach. Do not wait for it, just do it. Today.
Second, when you do it, do not do it alone. As talented as you believe you are and your technical teams are, you cannot win this war alone, you need help! That is where your alliances come in. Alliances? Meaning Vendors? – you might call us your vendors, but if we are there just to send you that monthly invoice, trust me, you do not want us next to you when that thing hits the fan. Allies are the ‘vendors’ that share your mission statement – the “Why?” of your organization, the vision and values of it, the ones that learn day and night the DNA of your organization and become part of it by will and not by bill.
Third, you must have a plan. A solid plan based on the overall understanding of your business, the ‘Why?’ of it, the money-making processes, the critical functions that make your business successful, the ‘secret sauce’ you have, and the appetite you have towards losing some of your business. This plan is a business plan primarily for your cyber security. Why business plan? Because from that point on, your cybersecurity becomes an investment, and just like all investments you make in life, it needs to have a plan of growth and ROI.
Fourth, you probably already have most if not all technical solutions at hand. A survey ran through organizations worldwide indicated that over 92% of the organizations participating in that survey already had the technologies to remediate their cyber risks detected in a cyber security risk assessment process. These companies were asked about the latest cyber risk assessment they had and the results by categories of risks, and they were asked about IT and cyber procurements from the last 5 years. Putting the two one next to the other, the results were clear – buying technologies is the easy part. Utilizing them and making them work for you is not the strongside of most organizations out there.
Fifth, it is all about the people. Reaching my 3 year in the cyber industry, military, commercial, national securities, and any aspect you can think of, I can tell you one thing for sure – cyber security is never about technologies. As long as we have people involved in businesses, and that’s not going to disappear any time soon, cyber security will be, as it always was, influenced directly by the people running the business. Not just the ‘C’ levels, everyone involved. People are the ones to set processes of success in the life of a business, and those processes then come to life by using the right technologies. Businesses do not work from technology up to the decision makers, and the same for cyber security– it works from the top down, from the people through processes, and down to technologies. So, what is the message here? – Invest in your people. If you appoint them to be responsible for your cyber security, make sure to constantly train them. They are in the position of a combat soldier – they are either at war, or they prepare for war. The more training, they get, the less likely they are to make mistakes when they are called to battle.
Now, I have said quite a lot of things here, and if you got this far in reading this you are probably a bit confused with how to start, should you follow all these 5 points or focus on one or two of them? How much is it going to cost you? Do you even have the level of attention needed to run such operations these days? Not quite sure... Let me try and help you with that one. We in CyTech invested in building the ultimate cyber security company that is tasked with one main mission statement: “To Excel Cyber Security Incident Detection, Response, and Recovery.” We are, if you may, a cyber security elite team to hire armed with innovative technologies that we develop in house to make us achieve this mission statement on a daily basis. We train every day and night, 365 days a year, preparing our workforce to be able to detect, response, and help you recover from all the latest that is out there. But and this is important, our team does not focus only on these three phases, we add the initial phase, the one that I started this article with – preventive cyber security. This means that while collaborating with us, we will do everything we can to prevent your next cyber incident. We will map your risks and exiting technologies, just like they did in that survey. We will put together a plan, a business plan for your cyber security investments, growth, and ROI. We will challenge your systems, processes, and people using innovative technologies and processes to better your cyber controls every day, all days. We will monitor hacking groups and hacker’s behaviors to look for any indication that your organization is next in line for them. We hold teams that mimic your hacker’s activities with one purpose in mind – to better prepare you for that day when a cyber incident will take place. We do not wait for your call to let us know that something went wrong, we actively monitor your systems and work environment, looking for that pinch of anomaly that has the potential of becoming a cyber incident.
Our business is to understand the ins and outs of cyber security. We are trained for emergencies at your door, and we know how to enter an emergency when it takes place, and how to come out of it quickly and efficiently, stronger than before. We are your ultimate cybersecurity business partner, and we will share your mission, vision, values, and DNA, to support you when you grow your business.
We take control of your cyber security for you, so you can focus on what you do best.
Take Back Control of Your Cybersecurity. Secure Your Business.
