That’s why cyber security defenses must work on the assumption that the breach has already happened, rather than trying to stop the threat from getting in. In today’s threat landscape, human security teams cannot be expected to anticipate every single way their technology could be exploited. What about the unknown weaknesses which have not yet been spotted? Patching by itself is also an inadequate defense because it only deals with known vulnerabilities, and is always effectively one step behind. It cannot interrupt an attack which has successfully begun moving within the system and exfiltrating sensitive data. What’s more, whilst patching addresses the vulnerability, it cannot mitigate a vulnerability that has already been exploited or a breach that has already happened. As soon as defenders patch a vulnerability, a new one is identified. Attackers are innovative and increasingly professional in their approach, coming at organizations from all angles and investing both time and money into finding new entry points. The complexity of the digital world is such that complete visibility is incredibly difficult to achieve – perhaps impossible for humans to do alone. But today, patching is a never-ending game of whack-a-mole.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |