Despite multiple security breaches, 97% of systems were compromised. Attackers remain on a hacked system for more than 200 days on average before being detected. Conventional security models create large amounts of data from log files and so on, increasing the workload of the company’s IT staff. Each new breach detected results in new offers and requests for suggestions to reduce perceived gaps, leading to more data, workload, and processing costs. One of our bank clients in Pakistan has more than 100 delegates in both part-time and full-time IT and security audit departments!
But the attacks are coming; they become deadlier, faster, more mutating, multivariable, and multidimensional. It tracks your customer data, your apps, your web resources… The corporate security system has failed. We need to fundamentally change the way we think about launching attacks so that a 14-year-old with an easily accessible base set can make a payload delivery that could bring down your online bank.
Corporate security is not working. Cannot run. It’s basically broken. How is this possible? Because it’s based on the assumption that security must keep attackers at bay. And the consistent update of this layered architecture is based on the premise that corporate security is an arms race to win. But that’s not a true reflection of the corporate landscape. With a sophisticated, dispersed enemy using zero-day exploration as the weapon of choice, this conventional thinking forms a reactive stance. An attitude that has signature-based security at its core, prepared for antiquated attacks. It’s not the technology or the vendor we question. That’s the whole “You won’t succeed” mentality.
Organizations need to shift to a more realistic approach. It is a conscious approach and makes every effort to maintain attacks in a tactically smart way, but understand that some attacks will succeed. In these specific cases, he has a proactive security posture where architecture, policy, and technology work together to quickly verify that the attack is in progress. Finally, respond to these attacks as quickly as possible so crime doesn’t become disastrous for the business and damage is limited.