{"id":13713,"date":"2025-05-28T10:56:18","date_gmt":"2025-05-27T22:56:18","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=13713"},"modified":"2025-05-28T10:56:18","modified_gmt":"2025-05-27T22:56:18","slug":"a-practical-guide-how-much-cyber-security-investment-do-i-really-need","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=13713","title":{"rendered":"A practical guide: How much cyber security investment do I really need?"},"content":{"rendered":"\n[et_pb_section fb_built=”1″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row column_structure=”3_5,2_5″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”3_5″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]

Cyber costs seem to keep increasing every year.\u00a0<\/h2>\n

There is always something more that is needed.\u00a0 Organisations can\u2019t afford to over-invest but they can\u2019t afford to under-invest either.\u00a0 It\u2019s a tightrope so we thought it would be useful to prepare a simple guide.<\/p>[\/et_pb_text][\/et_pb_column][et_pb_column type="2_5" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_button button_url="https:\/\/new.kinetics.co.nz\/june-report-cyber-threat-trends-in-2025\/" button_text="Click to uncover the extent of cyber crime in 2025" _builder_version="4.27.4" _module_preset="default" custom_button="on" button_text_color="#4CB84A" button_border_width="2px" button_border_radius="4px" button_icon="=||divi||400" box_shadow_style="preset1" global_colors_info="{}" theme_builder_area="post_content"][\/et_pb_button][\/et_pb_column][\/et_pb_row][et_pb_row disabled_on="off|off|on" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_text _builder_version="4.27.4" _module_preset="default" custom_padding="2px|2px|2px|2px|false|false" border_width_all="1px" global_colors_info="{}" theme_builder_area="post_content"]

A simpler time<\/h3>\n

Just a few years ago, the core fundamentals of security were simple. There were three things you really needed to do to protect yourself.<\/p>\n

    \n
  1. Antivirus,<\/li>\n
  2. Backups (daily) and<\/li>\n
  3. Patching.<\/li>\n<\/ol>\n

    Optionally we\u2019d add a tool to scan incoming emails for viruses
    That was enough, and that was the underlying basis of our support plans.<\/p>\n

    But those days are long gone. Now you need a little more.<\/strong><\/p>\n

     <\/p>[\/et_pb_text][et_pb_text _builder_version=”4.27.4″ _module_preset=”default” custom_padding=”2px|2px|2px|2px|false|false” border_width_all=”1px” global_colors_info=”{}” theme_builder_area=”post_content”]

    A minimum today<\/h3>\n

    Today, anti-virus isn\u2019t enough. It\u2019s now been replaced with EDR, which is more sophisticated and more expensive.
    Backups and Patching are as vital as ever.<\/p>\n

    Then we need to add MFA (which might be annoying but it is also the one of the most effective tools, especially the more advanced versions.
    We now have to scan emails for more than viruses. We\u2019re also checking any included weblinks.<\/p>\n

    We\u2019re testing URLs before people browse to them, and with KARE, we also use AI heuristics to test the webpage as it\u2019s opened.<\/p>\n

    We\u2019re limiting security access to corporate IT resources and even to administer the local PC (zero trust), scanning for \u2018shadow IT\u2019, and increasing cyber awareness with training, briefings and phishing test.<\/p>\n

    (We have bundled this into a security plan called KARE Foundation<\/a>)<\/p>[\/et_pb_text][et_pb_text _builder_version=”4.27.4″ _module_preset=”default” custom_padding=”2px|2px|2px|2px|false|false” border_width_all=”1px” global_colors_info=”{}” theme_builder_area=”post_content”]

    Stepping it up<\/h3>\n

    The minimum isn\u2019t enough for many.<\/p>\n

    DATA RULES<\/strong>
    Optionally we\u2019re also setting up data rules in 365 (DLP) to limit what can be shared and we\u2019re using something called DMARC to promote safe email.<\/p>\n

    MOBILES<\/strong>
    When you consider how much email and browsing is done on mobiles, it makes sense that we are now starting to protect mobile devices, both Android and Apple with ‘MDM’ tools.<\/p>\n

    PROTECTED DEVICES ONLY<\/strong>
    We\u2019re now developing plans to differentiate between corporate PCs and phones versus bring-your-own-device (BYOD), and we\u2019re using this to start to limit so that unprotected home or shared PCs and mobile devices can no longer access some, or even all, of the IT assets such as 365.<\/p>\n

    24\/7 ACTIVE MONITORING<\/strong><\/p>\n

    We\u2019re moving EDR to MDR which means 24\/7 (because you and your people might work at any time, and the cloud is always on) SOC and SIEM solutions to monitor for unusual behaviours on devices.<\/p>\n

     <\/p>[\/et_pb_text][et_pb_text _builder_version=”4.27.4″ _module_preset=”default” background_color=”rgba(34,34,34,0.12)” custom_margin=”||||false|false” custom_padding=”2px|2px|2px|2px|false|false” border_width_all=”1px” box_shadow_style=”preset1″ global_colors_info=”{}” theme_builder_area=”post_content”]

    Reports matter!<\/h3>\n

    No matter whart level of security is in place, you NEED reporting.\u00a0 Things change as PCs are added and removed, users come and go, and tools are refreshed.<\/p>\n

    We reckon detailed monthly reports (with plain english summaries) help you check your IT team is looking after and keeping your security in place, no matter what!<\/strong><\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" disabled_on="on|on|off" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_column type="1_3" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_blurb title="A Simpler Time" image="https:\/\/new.kinetics.co.nz\/wp-content\/uploads\/2024\/06\/1-circle-c.png" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"]

    Just a few years ago, the core fundamentals of security were simple. There were three things you really needed to do to protect yourself.<\/p>\n

      \n
    1. Antivirus,<\/li>\n
    2. Backups (daily) and<\/li>\n
    3. Patching.<\/li>\n<\/ol>\n

      Optionally we\u2019d add a tool to scan incoming emails for viruses
      That was enough, and that was the underlying basis of our support plans.<\/p>\n

      But those days are long gone. Now you need a little more.<\/strong><\/p>[\/et_pb_blurb][et_pb_text _builder_version=”4.27.4″ _module_preset=”default” background_color=”rgba(34,34,34,0.12)” custom_margin=”150px||||false|false” custom_padding=”5px|5px|5px|5px|false|false” border_width_all=”1px” box_shadow_style=”preset1″ global_colors_info=”{}” theme_builder_area=”post_content”]

      Reports matter!<\/h3>\n

      No matter what level of security is in place, you NEED reporting.\u00a0 Things change as PCs are added and removed, users come and go, and tools are refreshed.<\/p>\n

      We reckon detailed monthly reports (with plain english summaries) help you check your IT team is looking after and keeping your security in place, no matter what!<\/strong><\/p>[\/et_pb_text][\/et_pb_column][et_pb_column type="1_3" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_blurb title="Stepping up for 2025" image="https:\/\/new.kinetics.co.nz\/wp-content\/uploads\/2024\/06\/2-circle-c.png" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"]

      Today, anti-virus isn\u2019t enough. It\u2019s now been replaced with “Endpoint Detection and Response” (EDR), which is more sophisticated and more expensive.
      Backups and Patching are as vital as ever.<\/p>\n

      Then we need to add MFA (which might be annoying, but it is also the one of the most effective protections, especially the more advanced versions)<\/p>\n

      We now have to scan emails for more than viruses. It’s important to be checking any included weblinks.<\/p>\n

      We\u2019re testing URLs before people browse to them, and with KARE Foundation<\/a>, we also use AI heuristics to test the webpage as it\u2019s opened.<\/p>\n

      We\u2019re now further limiting security access to corporate IT resources and even to administer the local PC (zero trust), scanning for \u2018shadow IT\u2019, and increasing cyber awareness with training, briefings and phishing test.<\/p>\n

      (Kinetics have bundled these into our KARE Foundation<\/a> security plans)<\/p>[\/et_pb_blurb][\/et_pb_column][et_pb_column type="1_3" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"][et_pb_blurb title="What else should be on our radar?" image="https:\/\/new.kinetics.co.nz\/wp-content\/uploads\/2024\/06\/3-circle-c.png" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}" theme_builder_area="post_content"]

      The minimum isn\u2019t enough for many.<\/p>\n

      DATA RULES<\/strong>
      Optionally we\u2019re also setting up data rules in 365 (DLP) to limit what can be shared and we\u2019re using something called DMARC to promote safe email.<\/p>\n

      MOBILES<\/strong>
      When you consider how much email and browsing is done on mobiles, it makes sense that we are now starting to protect mobile devices, both Android and Apple with ‘MDM’ tools.\u00a0 (You can include these in your       KARE security<\/a> plans)<\/p>\n

      PROTECTED DEVICES ONLY<\/strong>
      We\u2019re now developing plans to differentiate between corporate PCs and phones versus bring-your-own-device (BYOD), and we\u2019re using this to start to limit so that unprotected home or shared PCs and mobile devices can no longer access some, or even all, of the IT assets such as 365.<\/p>\n

      24\/7 ACTIVE MONITORING<\/strong><\/p>\n

      We\u2019re moving EDR to MDR (“Managed Detection and Response”) .\u00a0 MDR is 24\/7, because you and your people might work at any time, and the cloud is always on.\u00a0 It adds security experts actively monitoring and threat hunting, giving you “SOC” (Security Operations Centre) rand “SIEM” (“Security Information and Event Management”) solutions to monitor for unusual behaviours on devices.<\/p>[\/et_pb_blurb][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text disabled_on=”off|off|on” _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]

      Clearly “stepping it up” is much more intensive and that comes at a cost. There are more layers of security, and readers might recognise the alignment with the Cert NZ 10 Critical Controls.<\/a><\/p>\n

      Obviously, as you step up your cyber, your access becomes more restrictive and the cost of tools and support increases.\u00a0\u00a0 We wish we could say that was the end of it, but it won\u2019t be.\u00a0 We are absolutely certain that the minimum tools will only increase, and there will be new technologies next year that we haven\u2019t even heard of yet, despite our best efforts.\u00a0 That\u2019s because the hackers aren\u2019t standing still either.\u00a0 Cyber-crime is a big business for them, as we\u2019ve noted before in this blog.\u00a0 They continue to invest in new tech, and they aren\u2019t waiting for you to step your protection up.<\/p>\n

      They know they only need to through your defences once, whereas you have to repel them every hour of every day.<\/strong><\/p>\n

      In fact, as we look overseas to observe what businesses like Kinetics are doing, we are seeing a move for them to only accept clients that invest in cyber-security, and that also have cyber-insurance.\u00a0 That make sense because if you can\u2019t get insurance to carry your cyber-risk, then why would you carry that risk yourself?<\/p>\n

       <\/p>\n

      One thing is for certain \u2013 your business is already under attack.\u00a0 The question is, how long will your defences hold out for?<\/h4>[\/et_pb_text][et_pb_text disabled_on=”on|on|off” _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]

      Clearly the last column is much more intensive and that comes at a cost. There are more layers of security, and readers might recognise the alignment with the Cert NZ 10 Critical Controls.<\/a><\/p>\n

      Obviously, as you step up your cyber, your access becomes more restrictive and the cost of tools and support increases.\u00a0\u00a0<\/h3>\n

      We wish we could say that was the end of it, but it won\u2019t be.\u00a0 We are absolutely certain that the minimum tools will only increase, and there will be new technologies next year that we haven\u2019t even heard of yet, despite our best efforts.\u00a0 That\u2019s because the hackers aren\u2019t standing still either.\u00a0 Cyber-crime is a big business for them, as we\u2019ve noted before in this blog.\u00a0 They continue to invest in new tech, and they aren\u2019t waiting for you to step your protection up.<\/p>\n

      They know they only need to through your defences once, whereas you have to repel them every hour of every day.<\/strong><\/p>\n

      In fact, as we look overseas to observe what businesses like Kinetics are doing, we are seeing a move for them to only accept clients that invest in cyber-security, and that also have cyber-insurance.\u00a0 That make sense because if you can\u2019t get insurance to carry your cyber-risk, then why would you carry that risk yourself?<\/p>\n

       <\/p>\n

      One thing is for certain \u2013 your business is already under attack.\u00a0 The question is, how long will your defences hold out for?<\/h4>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]\n","protected":false},"excerpt":{"rendered":"

      Cyber costs seem to keep increasing every year.\u00a0 There is always something more that is needed.\u00a0 Organisations can\u2019t afford to over-invest but they can\u2019t afford to under-invest either.\u00a0 It\u2019s a tightrope so we thought it would be useful to prepare a simple guide.A simpler time Just a few years ago, the core fundamentals of security […]<\/p>\n","protected":false},"author":5,"featured_media":15185,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[],"class_list":["post-13713","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/13713","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13713"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/13713\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13713"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}