A security incident is inevitable for two reasons:

• Everything is hackable
• We are human

Those two realities make it inevitable that a security incident of some sort will happen. Think about this:

• You would have to spend 9.5 times your current IT Security budget to be able to protect against 95% of the security issues.
• 78% of all issues are related to tricking an end user into doing something, such as clicking on a link in an email.
• 90% of employees admit to knowingly "occasionally" violating security policies.

Read this article on how a CEO and his organization had $400K stolen from their account using a combination of hacking and spearfishing. This hack was smart and creative. The hackers were patient and used sophisticated social engineering while the organization had weak controls.

We all have to take Cyber Security seriously, together.