When a new attack comes out, you need to come out with a new defence. Attackers, on the other hand, can attack proactively at will. The cost of cybercrime is huge, but what does is cost the criminals, and how therefore do we come up with adequate defense against it?
Five dollars for control over 1,000 compromised email accounts. Eight dollars for a distributed denial-of-service attack that takes down a website for an hour. And just one dollar to solve 1,000 captchas.
Those are the going rates of cybercrime, the amounts criminals pay other criminals for the technical services necessary to launch attacks. It’s the kind of IT outsourcing no legitimate company would ever conduct, but it’s a profitable business if done effectively.
Data shows that 35% of IT pros think their organisations are not investing in the right security technologies. 65% believe their networks are at risk of being breached within 3 years.
How do we solve this? If it’s impossible to keep intruders out of your network (which is appears to be), the logical approach is to build security around the assumption that they are already on the inside.
This means making it as hard as possible for them to achieve an acceptable ROI after they have breached the perimeter. When you do this, you focus on what matters – securing your data. It becomes clear that you need to move your security controls as close as possible to the data so attackers can’t use it, even if they have breached the perimeter. In effect, you need to create a “Secure Breach” environment.
Understand your adversaries, make it hard for them to profit from you and make sure your data is secure by putting an added layer of protection in your hands.