Sage Advice - Cybersecurity Blog

I cringe each time I hear the oft repeated declarations that “every company will be compromised” and that “it isn’t a matter of if, but when.” These statements are the basis of the FUD-driven (fear, uncertainty and doubt) cyber-sales machine. What is closer to the truth is that Internet connected systems have a high probability of being subject to a targeted or opportunistic attack, inadvertent exposure, or malicious subversion. However, it is (and I stress) not inevitable that the attacker will be successful. Motivation, work factor, evasion capabilities, resiliency, and sometimes, luck all play a part. Threat modeling can be used to understand these factors and influence the outcome.

Cyber-attacks are escalating at an unprecedented pace with frightening veracity. Successful attacks not only result in major service disruptions and theft of data, but also the appropriation of infrastructure to perpetuate attacks on others. According to Forbes, the average loss per incident is up 23% year-over-year, and that the number of organizations reporting losses of more than $10 million per incident is up 75% from just two years ago.