Know thyself. Companies seeking to defend themselves should ask themselves this question: What exactly are they trying to protect? Businesses tend not to maintain an accurate accounting of their precious cargo, a continuously updated index of assets worth protecting. Daniel Miessler, advisory services director at the cybersecurity firm IOActive, has a recommendation that "would cost infinitely less than the dumpster fire of products we constantly purchase and deploy for millions of dollars a year," as he writes on his personal blog: simply hire a couple of people to maintain a catalog.