Preparing for an executive round table discussion I'm leading at IUSB in a couple weeks, I've been updating our cyber security risk mitigation deck. What we're compiling is pretty sobering. Consider:
- 20% of small to mid sized businesses have been cyber crime targets (source: Microsoft)
- Average cost per security breach is $4 million or $158 per lost/stolen record (source: IBM)
- 58 million phishing incidents in 2016; 5,000 new phishing scams/sites per day (source: Ponemon)
- Cyber crime costs are projected to reach $2 trillion by 2019 (Forbes)
Our short list of recent breaches totaled over a billion customers/records compromised by five kinds of malware, DOS and DDOS attacks, spoofing and sniffing attacks, plus multiple server/website intrusions resulting in a significant losses for companies of all sizes.
After identifying the areas of greatest vulnerability we highlight four critical threat mitigation steps every company should take now. It starts with reviewing internal cyber security policies and training procedures so your people can recognize and avoid falling victim to the most common attack vectors.
Three additional threat mitigation steps round out a relatively straightforward approach to protecting most companies from the most common forms of cyber attack and loss. The main point we're making with the executive group is to avoid complacency; ignoring today's risks will put your company in peril.
While attendance at the round table discussion is closed, I'll be glad to share a copy of our slide deck (over 50 slides!) upon request. Just let me know.