NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Videos
    • Glossary
    • Infographics
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Don’t blame cyber attackers for data breaches, blame a lack of preparation

October 20, 2017

  • Blog
  • Archive
  1. Home
  2. Blog
  3. Don’t blame cyber attackers for data breaches, blame a lack of preparation

Cyber attackers are savvy, their methods are sophisticated, and we in the InfoSec community need to get over it.

At the Check Point Cyber Security Symposium in Sydney last week, Telstra CIO, Mike Burgess criticized those organizations that overly focus on attributing cyber attacks, or blaming 'sophisticated' attackers for their networks being compromised.

In his address to the audience, Burgess said: "What I observe, what I fear, what I see too much of, is many commentators, many in the industry, and many in media, focus on attribution, with very little focus on the root cause. No-one should lose valuable information where at the root cause there is a known remedy. For me, that is unforgivable in this day and age. And I've got to tell you -- my view at least -- too much of this distraction around attribution takes away from focusing on what's really important here."

Burgess went on to illustrate his point by highlighting some of the language used by companies in response to a breach. After the Home Depot breach for instance, the company said: "The malware used in the attacks had not been seen in any prior attack, and was designed to evade detection by antivirus software".

"Really?" said Burgess. "I mean really?"

Burgess makes very valid point. It's all too easy for organizations to lay the blame at the feet of the attackers, to point to their antivirus software and say "it never stood a chance". Cyber attackers are savvy, their methods are sophisticated, and we in the InfoSec community need to get over it.

Most businesses will, at some point, be targeted by cyber criminals or fall victim to a breach. Once you've got your head around that, it's how you deal with it and how you prepare for it that really matters. Relying on reactive measures like antivirus simply doesn't cut it, in fact, antivirus only stops around 45% of all virus attacks leading Symantec to declare antivirus "dead".

So what's the solution?

Proactivity is essential against a backdrop of advanced threats. Technologies such as privilege management, application control and sandboxing are proven, effective strategies to counter today's threats. Since we launched our unique Defendpoint software the response from the business community, from CISOs and security managers alike has been incredibly positive, so much so that orders are flying in from all corners of the world. Part of this demand is the growing realization from organizations that they need to switch to a more proactive security posture.

In a recent global survey we conducted at influential security events, this switch to the proactive became apparent. Our research found that 44% of those surveyed now identify their security approach to be proactive. A further 27% however are still clinging on to more reactive measures.

Though undoubtedly technology plays a critical role in enterprise security, it is also supported by other practises such as user education. Educating employees that they will be targeted, encouraging them to be vigilant at all times, teaching employees what qualifies as sensitive data, how to identify and avoid threats, acceptable use policies and security policies for instance. Combined with the right proactive technologies, these steps can drastically improve enterprise security.

To round off his speech in Sydney, Mike Burgess presented the Five Knows to Cyber Security - a framework that Telstra has presented at a number of events designed to guide people through the challenges and pitfalls of security.

  • Know the value of your data. Know its value to customers, yourselves, maybe your competitors, and most definitely those who wish to do harm.
  • Know who has access to your data.
  • Know where your data is, both domestically and globally.
  • Know who's protecting your data.
  • Know how well your data is protected. - Here Burgess points to the usefulness of advice like the Australian Signals Directorate's Top Four, a list of steps that we at Avecto actively encourage organizations to follow.

It's clear then that organizations can no longer point the finger at sophisticated cyber attacks and expect their customers and clients to show sympathy. Simple proactive steps can transform enterprise security from a blame culture to a prepared one - it's up to you to do something about it.

For further information on proactive security, how Defendpoint can help and more, visit our website at www.avecto.com/defendpoint

Paul Kenyon,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

IDSA Report: 2022 Trends in Securing Digital Identities

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Mapping BeyondTrust Capabilities to NIST Zero Trust (SP 800-207)

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Infographics
  • Podcast
  • Videos
  • Webinars
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.