image: geralt (CC0)

2018: The year of advanced threat prevention

December 1, 2017

A few years ago, the cybersecurity industry adopted a new mindset that went something like this:

  1. Cybersecurity controls are not very effective.
  2. Therefore, sophisticated cyber adversaries can easily circumvent them, compromise networks, and execute data breaches.
  3. Hence, trying to prevent attacks is essentially a fool’s errand, so organizations should concentrate on incident detection and response.

This line of reasoning was supported by an overly simplistic axiom that spread like wildfire in the industry: “There are two types of organizations. Those that have been breached and those that have been breached and don’t know it.”

Read More on CSO Online