We’ve spent decades chasing the illusion of “perfecting prevention.” The industry has poured billions into digital walls, endpoint solutions, SIEM, SOAR and user awareness training—all to build a world in which breaches don’t happen.
However, that world doesn’t exist. The cloud-first shift, SaaS sprawl and identity-driven access have fragmented the enterprise environment and expanded the attack surface in all cardinal directions. In this landscape, prevention has fallen short and been outpaced. Successful attacks keep rising. Credential theft. Exploits. Lateral movement. Data exfiltration. The breach isn’t the exception—it’s the pattern. Stop trying to stop every attack. Start building resilience.
Read more…
Source: Forbes News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Microsoft: How ‘zero trust’ can protect against sophisticated hacking attacks
January 20, 2021
The variety of techniques used by the SolarWinds hackers was sophisticated yet in many ways also ordinary and preventable, according to Microsoft. To prevent future attacks of similar levels of sophistication, Microsoft is recommending organizations adopt a “zero trust mentality”, which disavows the assumption that everything inside an IT network is safe. That is, organizations should ...
- Improving Your Security Posture with the Pipeline Cybersecurity Initiative
January 19, 2021
A few years ago, I worked alongside some oil commodity traders. Environmental concerns aside, I never realized how many parts were required to get the oil out of the ground, not to mention everything else that finally resulted in the production of refined products that surround our lives. As a cybersecurity professional, I was more ...
- Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
January 19, 2021
In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. In some, but not all, of the intrusions associated with this campaign where Mandiant has visibility, the attacker used their access to on-premises networks to gain unauthorized access to the victim’s Microsoft 365 environment. Goals and Objectives Methodologies that ...
- U.S. National Cybersecurity Plan Promises to Safeguard Maritime Sector
January 18, 2021
The U.S Government released on January 5, 2021, a cybersecurity plan to secure the nation’s maritime sector against cybersecurity threats that could endanger national security. The Maritime Cyber Environment With International Maritime Organization’s (IMO) mandate “to ensure that cyber risks are appropriately addressed in existing safety management systems” and the increasing number of cyber-attacks against maritime and ...
- Microsoft addresses a Critical RCE vulnerability affecting the Netlogon protocol CVE-2020-1472
January 14, 2021
Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller enforcement mode by default. This will block vulnerable connections from non-compliant devices. DC enforcement mode requires that all Windows ...
- CISA’s Hometown Security program
January 14, 2021
The U.S. Department of Homeland Security’s (DHS) most important mission it to protect the American people. As part of this mission, DHS fosters collaboration between the private sector and the public sector to mitigate risk and enhance the security and resilience of public gathering sites and special events. DHS provides expert counsel and recommendations on protective ...