This study, conducted by MSI International, a global market research organization, affirmed some of what we knew, revealed a lot we didn’t know, and showed us how wrong we were on a lot of fronts.

First, where we were wrong – I was surprised at how much companies spend around the world in remediation after a cyber attack or security incident. Given the protections available today and the focus on “best practices” in security, I would have thought only a minority of organizations actually suffered costly attacks – I was so wrong. The worldwide average was over $40k, with China and the United States responding with almost $200K and $75K annually, respectively – and these are averages, so the costs for some ran into the hundreds of thousands.

I was also surprised with how evenly distributed the costs were associated with the various “threat vectors” the study considered (the study focused on email, web, endpoint, network and data loss attacks).  This study found that, while the number of incidents a company experienced might differ, as do the costs of remediating those respective attacks, the total cost of remediation in each of these five “threat vectors” was amazingly similar – varying by less than 20% from one threat type to another.

The study also showed us that the “easy stuff,” the threat types we thought we’d controlled long ago, were still alive, well, and painful. In fact, the most common “threat vectors,” both in terms of the number of incidents and in the related cost of remediation, were basic endpoint and email incidents – malware, spyware, and email-spawned attacks. Check out the new McAfee Threat Report to get the latest stats straight from the researchers at McAfee Labs.

So, what do we conclude about the things we didn’t know? First, we’ve got to do a better job of getting mid-sized organizations secured. These companies are crying out for help, and we’ve got to respond with products that are easy to use and offer deep protection. We’ve got to make widely available security management “best practices” and provide the means by which mid-sized companies can take advantage of them.

Next, we’ve got to do a better job of educating this customer segment on managing to a broader portfolio of threats.

The reality is that protection is only effective if it is balanced across the broad array of the security threats these companies face, and they are not truly safe and secure until they secured across all “threat vectors.”

More on the Paradox Report soon… but if you have three minutes, take a look at the Secure in 15 video and tell me what you think.

However, all three face a serious challenge. They are dragged down by issues that has nothing to do with the jobs they aspire to do – in Sarah’s case, it is the media’s unfair fixation on her children; in Hillary’s case, it is her ties to her past, both good and bad.

And In the case of mid-market companies, the constant security threats – from malicious spam to sensitive data leaks are a drag on the amount of time, resources, and money that these companies can otherwise dedicate to achieving business leadership.

While I may not have the answers to Sarah or Hillary’s issues, mid-market companies could alleviate their challenges with 7 easy to follow steps:

Stay abreast with the latest on security by reading “Security Insights” or attending Industry Security events such as “Focus.”

Prioritize and focus on protection for these critical areas: a) ubiquitous desktops and laptops, b) expensive servers, c) email – your company’s lifeline, d) the Web – your business’s front door, and e) sensitive data flowing in and out of your network.  You may not be able to shut every window airtight, but you can ensure you have the most critical areas addressed.

Look for solutions that offer complete, integrated protection. In the past, you needed a different security vendor and product to do different security functions. Not any more. Many of these security functions and features have consolidated and consequently, so have the number of consoles you need to configure and manage.

Look for a solution provider who has broad coverage. You no longer need to call 5 different support lines if you do encounter a security problem.

Be proactive and do a bi-annual security audit and assessment. Some of our resellers near your location can help you.

Finally, optimize the time that you do end up spending on security wisely (Stay tuned for how to do this in an upcoming blog). For mid-market companies, these 7 simple yet important steps could be the difference between aspiring to be a business leader and actually becoming one.

Myth: Chicken soup and hot toddies are effective treatments for the flu or colds.

Fact: A bowl of chicken soup is a popular home remedy. While hot liquids can soothe a scratchy throat or cough, chicken soup has no special power to cure the flu or a cold. As for hot toddies, another folk remedy, any beverage containing alcohol should be avoided when you are sick.

Myth: Web filter is an effective treatment for the Web threats.

Fact: A Web filter is a popular remedy. While you can limit employee access to certain categories of Web sites, a Web filter has no special power to stop employees from downloading malicious content from sites they are allowed to access. What is needed is the ability to actively scan content from all sites and block access to sites that are not just productivity drain but downright malicious.

In new research, we found that that 45 percent of small and medium-size enterprises (SMEs) said they didn’t believe they were valuable targets to cybercriminals. Unfortunately, this just isn’t the case. Cybercriminals are counting on companies to underestimate their exposure, making them easy pickings .

The downtime from cyber attacks can be devastating. A quarter of those businesses we talked to who had suffered from an cyber attack took a week to get their businesses on track after the latest attack.  According to a recent report from Infonetic, small businesses lose an average of $30,000 in downtime following a cyber attack, while medium-size businesses lose an average of $225,000.

SMEs need to take a closer look at their security measures, keeping in mind that a proactive approach is always better than a reactive one. Here are a few recommendations for tightening up the security at your business to make it as difficult as possible for the bad guys:
*         Establish a clear security policy, and make sure that your employees know how to follow the proper protocol when downloading files and applications
*         Follow industry password and account protocols
*         Disable any unused ports and uninstall any unnecessary applications
*         Keep your security patches up to date. You may want to subscribe to a managed security service to help you keep on top of the latest patches.
*         Look for intelligent security solutions that can alert users to potential security issues
*         Deploy an anti-virus solution that detects unknown as well as known threats
*         Use McAfee SiteAdvisor® Enterprise to proactively block employees from accessing dangerous web sites
*         Encrypt laptops and mobile devices, such as USB sticks, to prevent information leaks

While it can be overwhelming to run a small or medium-size business, taking just a few proactive security measures can make a big difference in terms of your exposure to cyber attacks.