The cost of defending cyber-attacks continues to escalate due to companies maintaining a Defense-in-Depth strategy – the Perimeter – which is a static and controlled corporate environment. The complexities arise in tracking users and protecting data that is in devices, sensors, and the cloud. Traditional controls such as firewalls, proxy servers, and anti-malware detect threats only after they hit the network or end-points. E-mails, IP addresses, Hash Values, and weak passwords are all prone to attacks because they retain their meaning in the context of an intrusion delivered through data files – such as a PDF or DOCX.
Gartner has projected that over 25 percent of data traffic will bypass the Perimeter, this coming year, because of roaming workers’ need to access to their data on an anytime / anywhere, just-for-me, mode. The corollary is a very porous environment for cybercriminals to harvest identities, financial information, as well as, engage in ransomware and sabotage.
According to Gil Shwed, CEO of Checkpoint, enterprises are implementing on average second-to-third generation protection schemes, yet “attacks” are well beyond generation four. The Days-to-Mitigate\Dwell a breach continues to hover around 265 days, according to the Annual and previous Verizon Data Breach Investigations Reports (DBIR) and the Ponemon Institute.
Any board seeking to protect its reputation and brand(s) should go beyond a regulatory and compliance checklist and assess the efficacy of what’s deemed innovative or constitutes a breakthrough. Sertainty answers, both!