headlines, smaller does not mean safer. ;e average
impact of a targeted attack on a small or medium-sized business in 2013 was US$92,000, according to
security ;rm Kaspersky Lab.
“;e bad guys are businesspeople, too; they go
after the lowest-hanging fruit,” Mr. Sjouwerman says.
Some executives have come to understand that
fact—especially in the ;nancial sector. Banks “have
seen the light,” Mr. Sjouwerman says.
Small and medium-sized U.S. banks have been
forced to the forefront of the cyberwars. “Five
years ago, the concern was an individual sitting in
“A project manager responsible
for rolling out a software
system has to think about
more than just how to use the
system or what it can do. You
have to think about cybersecurity.”
—Kelly Bissell, Deloitte, Atlanta, Georgia, USA
Phishing attacks have grown more dangerous—
more targeted, patient and well-constructed.
“;ere’s been a distinct shift in the behavior of
cybercriminals” in the last year, says Peter Sparkes,
director of managed security services for Asia
Paci;c and Japan at security ;rm Symantec. Hack-
ers are “more patient and have tightened their
targeting and sharpened their social engineering.
;ey’ve moved from a ‘spray and pray’ model to a
‘low and slow’ approach.”
“;is is going to get worse before it gets bet-
ter, because cybercrime has gone pro,” says Stu
Sjouwerman, CEO of cybersecurity ;rm KnowBe4,
based in Clearwater, Florida, USA.
Learning from the hackers will help project
practitioners ensure that their defenses get better
sooner: “We’re beginning to share threat intelligence and to pool resources—just like the cybercriminals do,” Mr. Schaufenbuel says.
While recent breaches at large corporations such
as Target and Neiman Marcus have grabbed the
Increase of cyberattacks globally last year
of the 10 largest data breaches in the history
of the Internet, exposing 823 million records,
occurred just last year
to US$400 billion
Annual cost of cyberattacks globally
In 2012, breaches cost each affected company an average of:
US$5.4 million in the United States
US$4.8 million in Germany
US$4.1 million in Australia
US$3.1 million in England
Sources: PwC, Open Security Foundation and Risk Based Security, Center for Strategic and International Studies, Ponemon Institute