The ugly truth is that your organization has either been the victim of a recent cyber security breach, or it will be. Despite spending billions on cyber security\u2014$75 billion last year, growing to $170 billion by 2020\u2014the bad guys appear to be winning. \u201cBreach is the new normal,\u201d said Christina Richmond, program director for security services at IDC.\nWhether from hackers, organized crime, rogue states, disgruntled and\/or careless employees, by way of accident, malware and zero-day attacks, drive-by downloads, watering hole attacks, or denial and distributed denial of service (DoS\/DDoS) attacks, the evidence of the escalating threat environment is everywhere:\n\n89% of breaches had a financial or espionage motive\nIn 93% of cases, it took attackers minutes or less to compromise systems and data exfiltration occurred within minutes in 28% of the cases\n70% of breaches involving insider misuse took months or years to discover\n95% of all security breaches were caused by human error\n55% increase in the number of spear-phishing campaigns attacks in 2015\n125% increase in the number of zero-day vulnerabilities discovered\n100 million technical support scams were blocked\n35% increase in crypto-ransomware as it spread beyond end users to holding businesses hostage\n430 million new pieces of unique malware were discovered\n75% of legitimate websites have unpatched vulnerabilities\n9 mega breaches occurred in 2015\nA large business attacked once in 2015 was likely to be attacked 3 more times\n50% of all targeted attacks were against small businesses\n60% of all targeted attacks strike SMBs\nThe indirect costs associated with security breaches outweigh direct costs by nearly 2:1\n\nThe first step in bringing this escalating threat environment under control is to do a cyber security assessment. An assessment can provide a comprehensive overview of your environment, help you better understand how today's real-world threats could affect your organization, and prioritize where you should focus resources to protect, detect, and react.\nA basic cyber security assessment should mitigate risk, address compliance, evaluate your security team\u2019s response capabilities and improve your overall security. Elements to be covered can include:\n\nPhysical security\nPersonal security\nTraining and education\nAccount and password management\nCritical or noncritical data control and protection\nData loss prevention, detection, and mitigation\nCompliance and audit\nDisaster recovery\nManagement oversight\nWritten security policy and procedures\n\nWhile eliminating all breaches is cyber security\u2019s ultimate objective, followed closely by detecting and remediating all breaches that do crack an organization\u2019s defenses, breaches will continue to occur. However, you can significantly reduce your level of risk by preparing your organization and your users\u2014starting with a security risk assessment. That\u2019s where a trusted partner like PC Connection and our industry-leading security solutions and services can help.\nOur Security Practice can help create comprehensive security programs that leverage the latest technologies from our partners, including Cisco, Check Point, Core Security, Dell, Intel Security, Security Innovation, Sophos, Symantec, Trend Micro, and VMware. We can help you discover deficiencies in your security environment and provide the insights and guidance you need to reduce your overall risk and mitigate problems.