As I mentioned yesterday, Risk = Likelihood x Impact.

Some security measures will reduce the LIKELIHOOD of an attack. Others will reduce the IMPACT of an attack.

Both types are important.

So What?

BUT.. If you’re only starting out and can only do one of them today, which should you focus on?

As the saying goes: Prevention is better than Cure.

So, I suggest you focus on a security measure that reduces the LIKELIHOOD of an attack. It may buy you some valuable time to get your other defences in place.

Some examples of security measures that reduce the LIKELIHOOD of an attack include:

  1. Multi-Factor Authentication
  2. Staff Awareness Training