Organisations aren’t short of technologies they can deploy to protect their digital assets. From old-school firewalls to SIEM (security information and event management), endpoint detection and response (EDR), network analysis, and continuous vulnerability scanning, tools exist to cover virtually the whole potential attack surface of a company’s IT infrastructure. Yet attacks continue to happen and cyber crime is at an all-time high. In 2020, ransomware attacks increased by 62 per cent compared with the previous year, to a total of 304 million. This means either that cyber criminals are doing something right, or that organisations are doing something wrong.
Yes, attackers have upgraded their playbooks and technology arsenals, but we shouldn’t give cyber criminals more credit than they deserve. Their tools may be sophisticated, but so are the defensive technologies deployed by today’s enterprises. Attacks are often opportunistic and leverage known vulnerabilities...