“We’re not a target.”
“We don’t have valuable data.”
“Our industry isn’t appealing.”

Common phrases. Understandable. Even human.
Unfortunately, they’re dangerously far from reality.

Today, cyberattacks aren’t always targeted. They are often automated and opportunistic.
And when they strike, they don’t distinguish between those who are prepared and those who felt safe.

The Numbers Don’t Lie

  • 1 ransomware attack every 11 seconds (source: Cybersecurity Ventures)

  • 61% of SMEs hit by a cyberattack never fully recover (source: Hiscox)

  • 90% of breaches originate from human error (source: IBM)

Cybersecurity isn’t just an IT issue. It’s a business issue.

A Telling Case

In a mid-sized manufacturing company, everything seemed fine. No obvious red flags.
Then an anomaly: a slow server, a backup that wouldn’t complete.

Internal IT acted quickly, involving external specialists.
Within hours, it was discovered that the network had already been compromised.
Not by obvious malware, but by a “Living off the Land” attack.

This technique involves attackers using existing administrative tools within the system (like PowerShell or Windows tasks) to move stealthily, without triggering alarms.

A silent, persistent attack gathering information and preparing for something worse.
The prompt intervention prevented production downtime. But not all companies are so lucky or alert.

Three Lessons to Remember

  • Cyber threats don’t announce themselves: they creep into everyday behaviors.

  • They often use our own “keys” to enter.

  • The companies that suffer the least damage are those that practice.
    Simulations, training, regular checks — that’s what changes the outcome of an attack.
    Having a network of contacts ready for emergencies is like having a fire extinguisher.
    Not something you want to show off, but it can save you.

Conclusion

You don’t need to spend millions to be safer.
You need method. Awareness. Practice.

Cybersecurity isn’t (just) technology.
It’s a discipline made of details, relationships, habits.

And when it becomes part of your company culture, it can make the difference between avoiding a crisis and suffering one.

Michele FORLEO
 Competence Center General Manager Cybersec – Axians Italia

“Every day, I work to translate the complexity of cybersecurity into concrete and sustainable choices for businesses. Because security is not a product: it’s a journey.”