System Admin Maxim #1: Closing the door after the horse has escaped

I grew up on a small farm and we had a saying of 'closing the barn door after the horse has escaped'.  In my 40 years as a system admin, I can only think of a few times where this has NOT been true.  Most organizations I have worked for are resource constrained and cannot or will not do what is needed to protect their networks.  This is especially true today with the rise in number and costs of attacks on technology infrastructure.  I am reminded of this because I help out at a non-profit who just had their network hacked because, even though they were warned, continued using simple passwords and were sharing the password for their primary wifi.  After the attack, I segmented their network into staff, IoT, and public vlans along with using secure passwords for the network.  

I can only think of one organization during the dot com boom of the late 1990's that dedicated enough resources to protect their technology infrastructure. In this case it was when the owner decided to move to an on-prem Exchange mail server. I told him that Exchange servers were known to have many issues with cyber attacks and to defend against them we needed a multi-layered software approach of anti-virus software on the server and on all the clients connecting to the server from 2 different vendors.  This software cost was 50% of the Exchange server cost so was not cheap, but he decided to do it.  A few months after the migration, all is going well and he is off at a conference of peers; when a big cyber attack against Exchange servers happened.  His company was the only one at the conference who had no email issues because he chose to spend the money to protect the systems.  One vendor's antivirus software stopped some of the attacks and the other vendor's software stopped the rest of the attacks.  I remember him coming back and giving me a bonus because he sure did look smart at the conference.