As a Chief Information Security Officer (CISO) with a limited budget, I would do my best to balance spending between employee training programs and new technology. Since human error and workplace deviance are of the biggest causes of cybersecurity threats, I would allocate a good portion of the budget to annual or semi-annual cyber threat awareness training. While I was in the Navy, we were required to have training like this twice a year. A big part of this training was being able to identify phishing scams, using strong passwords, and following security policies. I would do the same for my company if I were the CISO.
As for technology, I would invest in essential security tools like firewall software and multi-factor authentication. These technologies can help prevent threats from slipping through the first layer of security. To keep costs down, I would purchase automated threat detection software and cloud-based solutions that offer strong security, such as CrowdStrike Falcon (which I just learned of today), and Microsoft Sentinel. Both use AI-driven technology to detect cyber threats.
We have read about examples where even the biggest companies can fall victim to cyber-attacks, so we know that no system is 100% foolproof. However, even on a budget, I can create a layered security system through basic awareness training and security technology.