The 2015 Annual Report from the Pentagon acknowledges that most military cyber systems are vulnerable to “low to middling level” cyber attacks, and most DoD operations can be compromised when and if the attackers choose to do so. 

If the most sophisticated, and best-funded, military operation in the world can be compromised by "mid to low level" cyber attacks, how secure can we reasonably expect discount retailers, movie studios or any other organization to be?

The bad news 

The core system of the Internet is actually getting weaker as we connect ever more of our lives—phones, tablets, cars, refrigerators—to it.

Meanwhile, the attackers are getting stronger. The sophisticated attacks we saw only between nation states a few years ago are now being used by common criminals against all sectors of the economy. And they are not just after credit cards. Intellectual property, health records, business plans, and trading algorithms—anything of value is at risk. Modern attackers typically compromise your system and then hide, periodically turning themselves on to phone home with your stolen data.

"The sophisticated attacks we saw only between nation states a few years ago are now being used by common criminals against all sectors of the economy."

Finally, the economics of cyber security favor the attackers. Cyber attack methods are relatively cheap, easy to acquire and profit margins are enormous. Defense is hard after the fact, and there is almost no law enforcement. We successfully prosecute maybe 2 percent of cyber criminals.

Better defenses

In this environment, the notion of perimeter defense is antiquated. Businesses need to rethink their approach to cyber security focusing less on breaches and more toward developing a comprehensive cyber-sensitive business strategy.

A useful analogy is personal health. No one expects to live germ-free. However, by practicing good basic health rules, we can fight off most of the germs that attack us. Still, at some point we all get sick and we need to know how to recover when we do and get ourselves back to full health as soon as possible.

Key to this approach is integrating cyber security into the everyday business decisions. Much like legal and financial issues in the modern world, virtually every business decision—including product development, vendor and customer management, M & A, human resources—all have cyber security dimensions. 

Wise enterprises follow good cyber hygiene and integrate these principles throughout their business while devoting special attention to their most critical data. They also have practiced plans for when they are successfully attacked so they can retain their resiliency and continue to grow and prosper.