This article was originally published on Forbes.com.

The best security professionals are those that can think like a hacker. Their perspective on defense is based on a fundamental understanding of how to scour a system for weaknesses that can be easily exploited. Are there obscure entry points that aren’t secured? All it takes is one overlooked device with default passwords connected to the outside world and attackers are in, despite all the resources dedicated to protecting the main entry.

Somedays it feels like the whole world is getting hacked. China has stolen U.S. military data through cyberspace, first for the Joint Strike Fighter and now for sensitive submarine technologies. Millions of Americans have had their credit card information pilfered as hackers breached retail companies. Even ships at sea are vulnerable, as hackers have learned to manipulate the Automated Information System (AIS) and the Global Positioning System (GPS) to alter a ship’s navigational course without their captains necessarily knowing.

These hacks are alarming in their scope and risk and immediately make headlines. But what about the quiet, subtle hack of a white glove law firm? Law firms base their reputation (and therefore their business) on confidentiality and discretion – for good reason. The legal business is obviously a sensitive one; lawyers often interact with their clients in vulnerable or transitional states where much is at risk. Client records thus present a treasure trove of juicy data for any hacker: personally identifiable information, banking data, and correspondence. All data that could make or break a case for a client and her firm.

The very public SWIFT breaches and the SWIFT consortium’s reaction have been a canary in a coal mine, setting many regional governments in motion to look at the ramifications of ‘wide open’ payment systems and driving the development of the new SWIFT Customer Security Controls Framework in the past year. 

What drives companies to transform their technical documentation? It’s a big effort that can take two to three years and cost millions of dollars. To put it into context, after a multi-year project, Microsoft introduced the new docs.microsoft.com portal in 2016. Phase one of their portal provides content for the Enterprise Mobility products, which are just a fraction of the Microsoft software. Porting all Microsoft content into the site will take years to achieve and potentially cost millions. 

Cyberattacks can be difficult to detect, assess, and mitigate – and the consequences of a breach can be significant for a company’s bottom line or for the overall economic and political health of a country. Consider just three recent historical and well-known cyberattacks and their consequences.